This is pinentry.info, produced by makeinfo version 6.5 from pinentry.texi. INFO-DIR-SECTION GNU Utilities START-INFO-DIR-ENTRY * pinentry: (pinentry). Securely ask for a passphrase or PIN. END-INFO-DIR-ENTRY This file documents the use and the internals of the PINENTRY. This is edition 1.2.1, last updated 25 August 2021, of 'The 'PINEntry' Manual', for version 1.2.1. Published by g10 Code GmbH Hüttenstr. 61 40699 Erkrath, Germany Copyright (C) 2002, 2005, 2015 g10 Code GmbH Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The text of the license can be found in the section entitled "Copying".  File: pinentry.info, Node: Top, Next: Using pinentry, Up: (dir) Introduction ************ This manual documents how to use the PINENTRY and its protocol. The PINENTRY is a small GUI application used to enter PINs or passphrases. It is usually invoked by GPG-AGENT (*note Invoking the gpg-agent: (gnupg)Invoking GPG-AGENT, for details). PINENTRY comes in several flavors to fit the look and feel of the used GUI toolkit: A GTK+ based one named 'pinentry-gtk'; a QT based one named 'pinentry-qt'; and, two non-graphical ones 'pinentry-curses', which uses curses, and 'pinentry-tty', which doesn't require anything more than a simple terminal. Not all of them are necessarily available on your installation. If curses is supported on your system, the GUI-based flavors fall back to curses when the 'DISPLAY' variable is not set. * Menu: * Using pinentry:: How to use the beast. * Front ends:: Description and comparison of the front ends Developer information * Protocol:: The Assuan protocol description. * Implementation Details:: For those extending or writing a new pinentry. Miscellaneous * Copying:: GNU General Public License says how you can copy and share PIN-Entry as well as this manual. Indices * Option Index:: Index to command line options. * Index:: Index of concepts and symbol names.  File: pinentry.info, Node: Using pinentry, Next: Front ends, Prev: Top, Up: Top 1 How to use the PINENTRY ************************* You may run PINENTRY directly from the command line and pass the commands according to the Assuan protocol via stdin/stdout. Here is a list of options supported by all flavors of pinentry: '--version' Print the program version and licensing information. '--help' Print a usage message summarizing the most useful command line options. '--debug' '-d' Turn on some debugging. Mostly useful for the maintainers. Note that this may reveal sensitive information like the entered passphrase. '--no-global-grab' '-g' Grab the keyboard only when the window is focused. Use this option if you are debugging software using the PINENTRY; otherwise you may not be able to to access your X session anymore (unless you have other means to connect to the machine to kill the PINENTRY). '--parent-wid N' Use window ID N as the parent window for positioning the window. Note, that this is not fully supported by all flavors of PINENTRY. '--timeout SECONDS' Give up waiting for input from the user after the specified number of seconds and return an error. The error returned is the same as if the Cancel button was selected. To disable the timeout and wait indefinitely, set this to 0, which is the default. '--display STRING' '--ttyname STRING' '--ttytype STRING' '--lc-ctype STRING' '--lc-messages STRING' These options are used to pass localization information to PINENTRY. They are required because PINENTRY is usually called by some background process which does not have any information about the locale and terminal to use. It is also possible to pass these options using Assuan protocol options.  File: pinentry.info, Node: Front ends, Next: Protocol, Prev: Using pinentry, Up: Top 2 Front Ends ************ There are several different flavors of PINENTRY. Concretely, there are Gtk+2, Qt 4/5, TQt, EFL, FLTK, Gnome 3, Emacs, curses and tty variants. These different implementations provide higher levels of integration with a specific environment. For instance, the Gnome 3 PINENTRY uses Gnome 3 widgets to display the prompts. For Gnome 3 users, this higher level of integration provides a more consistent aesthetic. However, this comes at a cost. Because this PINENTRY uses so many components, there is a larger chance of a failure. In particular, there is a larger chance that the passphrase is saved in memory and that memory is exposed to an attacker (consider the OpenSSL Heartbeat vulnerability). To understand how many components touch the passphrase, consider again the Gnome 3 implementation. When a user presses a button on the keyboard, the key is passed from the kernel to the X server to the toolkit (Gtk+) and to the actual text entry widget. Along the way, the key is saved in memory and processed. In fact, the key presses are probably read using standard C library functions, which buffer the input. None of this code is careful to make sure the contents of the memory are not leaked by keeping the data in unpagable memory and wiping it when the buffer is freed. However, even if they did, there is still the problem that when a computer hibernates, the system writes unpagable memory to disk anyway. Further, many installations are virtualized (e.g., running on Xen) and have little control over their actual environment. The curses variant uses a significant smaller software stack and the tty variant uses an even smaller one. However, if they are run in an X terminal, then a similar number of components are handling the passphrase as in the Gnome 3 case! Thus, to be most secure, you need to direct GPG Agent to use a fixed virtual console. Since you need to remain logged in for GPG Agent to use that console, you should run there and have 'screen' or 'tmux' lock the tty. The Emacs pinentry implementation interacts with a running Emacs session and directs the Emacs instance to display the passphrase prompt. Since this doesn't work very well if there is no Emacs running, the generic PINENTRY backend checks if a PINENTRY-enabled Emacs should be used. Specifically, it looks to see if the 'INSIDE_EMACS' variable is set and then attempts to establish a connection to the specified address. If this is the case, then instead of, e.g., 'pinentry-gtk2' displaying a Gtk+2 pinentry, it interacts with the Emacs session. This functionality can be explicitly disabled by passing '--disable-inside-emacs' to 'configure' when building PINENTRY. Having Emacs get the passphrase is convenient, however, it is a significant security risk. Emacs is a huge program, which doesn't provide any process isolation to speak of. As such, having it handle the passphrase adds a huge chunk of code to the user's trusted computing base. Because of this concern, Emacs doesn't enable this by default, unless the 'allow-emacs-pinentry' option is explicitly set in his or her '.gnupg/gpg-agent.conf' file. Similar to the inside-emacs check, the PINENTRY frontends check whether the 'DISPLAY' variable is set and a working X server is available. If this is not the case, then they fallback to the curses front end. This can also be disabled by passing '--disable-fallback-curses' to 'configure' at build time.  File: pinentry.info, Node: Protocol, Next: Implementation Details, Prev: Front ends, Up: Top 3 PINENTRY's Assuan Protocol **************************** The PINENTRY should never service more than one connection at once. It is reasonable to exec the PINENTRY prior to a request. The PINENTRY does not need to stay in memory because the GPG-AGENT has the ability to cache passphrases. The usual way to run the PINENTRY is by setting up a pipe (not a socket) and then fork/exec the PINENTRY. The communication is then done by means of the protocol described here until the client is satisfied with the result. Although it is called a PINENTRY, it allows entering reasonably long strings (strings that are up to 2048 characters long are supported by every pinentry). The client using the PINENTRY has to check for correctness. Note that all strings are expected to be encoded as UTF-8; PINENTRY takes care of converting it to the locally used codeset. To include linefeeds or other special characters, you may percent-escape them (e.g., a line feed is encoded as '%0A', the percent sign itself is encoded as '%25', etc.). The following is a list of supported commands: 'Set the timeout before returning an error' C: SETTIMEOUT 30 S: OK 'Set the descriptive text to display' C: SETDESC Enter PIN for Richard Nixon S: OK 'Set the prompt to show' When asking for a PIN, set the text just before the widget for passphrase entry. C: SETPROMPT PIN: S: OK You should use an underscore in the text only if you know that a modern version of pinentry is used. Modern versions underline the next character after the underscore and use the first such underlined character as a keyboard accelerator. Use a double underscore to escape an underscore. 'Set the window title' This command may be used to change the default window title. When using this feature you should take care that the window is still identifiable as the pinentry. C: SETTITLE Tape Recorder Room S: OK 'Set the button texts' There are three texts which should be used to override the English defaults: To set the text for the button signaling confirmation (in UTF-8). See SETPROMPT on how to use an keyboard accelerator. C: SETOK Yes S: OK To set the text for the button signaling cancellation or disagreement (in UTF-8). See SETPROMPT on how to use an keyboard accelerator. C: SETCANCEL No S: OK In case three buttons are required, use the following command to set the text (UTF-8) for the non-affirmative response button. The affirmative button text is still set using SETOK and the CANCEL button text with SETCANCEL. See SETPROMPT on how to use an keyboard accelerator. C: SETNOTOK Do not do this S: OK 'Set the Error text' This is used by the client to display an error message. In contrast to the other commands, the error message is automatically reset with a GETPIN or CONFIRM, and is only displayed when asking for a PIN. C: SETERROR Invalid PIN entered - please try again S: OK 'Enable a passphrase quality indicator' Adds a quality indicator to the GETPIN window. This indicator is updated as the passphrase is typed. The clients needs to implement an inquiry named "QUALITY" which gets passed the current passphrase (percent-plus escaped) and should send back a string with a single numerical value between -100 and 100. Negative values will be displayed in red. C: SETQUALITYBAR S: OK If a custom label for the quality bar is required, just add that label as an argument as a percent-escaped string. You will need this feature to translate the label because PINENTRY has no internal gettext except for stock strings from the toolkit library. If you want to show a tooltip for the quality bar, you may use C: SETQUALITYBAR_TT string S: OK With STRING being a percent escaped string shown as the tooltip. 'Enable enforcement of passphrase constraints' This will make the pinentry check whether the new passphrase entered by the user satisfies the passphrase constraints before passing the passphrase to gpg-agent and closing the pinentry. This gives the user the chance to modify the passphrase until the constraints are satisfied without retyping the passphrase. C: OPTION constraints-enforce S: OK To inform the user about the constraints a short hint and a longer hint can be set using C: OPTION constraints-hint-short=At least 8 characters S: OK C: OPTION constraints-hint-long=The passphrase must ... S: OK Additionally, a title for the dialog showing details in case of unsatisfied constraints can be set using C: OPTION constraints-error-title=Passphrase Not Allowed S: OK All strings have to be percent escaped. 'Enable an action for generating a passphrase' Adds an action for generating a random passphrase to the GETPIN window. The action is only available when asking for a new passphrase, i.e. if SETREPEAT has been called. C: SETGENPIN Suggest S: OK If you want to provide a tooltip for the action, you may use C: SETGENPIN_TT Suggest a random passphrase S: OK 'Enable passphrase formatting' Passphrase formatting will group the characters of the passphrase into groups of five characters separated by non-breaking spaces or a similar separator. This is useful in combination with passphrase generation to make the generated passphrase easier readable. C: OPTION formatted-passphrase S: OK Note: If passphrase formatting is enabled, then, depending on the concrete pinentry, all occurrences of the character used as separator may be stripped from the entered passphrase. To provide a hint for the user that is shown if passphrase formatting is enabled use C: OPTION formatted-passphrase-hint=Blanks are not part of the passphrase. S: OK 'Ask for a PIN' The meat of this tool is to ask for a passphrase of PIN, it is done with this command: C: GETPIN S: D no more tapes S: OK Note that the passphrase is transmitted in clear using standard data responses. Expect it to be in UTF-8. 'Ask for confirmation' To ask for a confirmation (yes or no), you can use this command: C: CONFIRM S: OK The client should use SETDESC to set an appropriate text before issuing this command, and may use SETPROMPT to set the button texts. The value returned is either OK for YES or the error code 'ASSUAN_Not_Confirmed'. 'Show a message' To show a message, you can use this command: C: MESSAGE S: OK alternatively you may add an option to confirm: C: CONFIRM --one-button S: OK The client should use SETDESC to set an appropriate text before issuing this command, and may use SETOK to set the text for the dismiss button. The value returned is OK or an error message. 'Set the output device' When using X, the PINENTRY program must be invoked with an appropriate 'DISPLAY' environment variable or the '--display' option. When using a text terminal: C: OPTION ttyname=/dev/tty3 S: OK C: OPTION ttytype=vt100 S: OK C: OPTION lc-ctype=de_DE.UTF-8 S: OK The client should use the 'ttyname' option to set the output TTY file name, the 'ttytype' option to the 'TERM' variable appropriate for this tty and 'lc-ctype' to the locale which defines the character set to use for this terminal. 'Set the default strings' To avoid having translations in Pinentry proper, the caller may set certain translated strings which are used by PINENTRY as default strings. C: OPTION default-ok=_Korrekt S: OK C: OPTION default-cancel=Abbruch S: OK C: OPTION default-prompt=PIN eingeben: S: OK The strings are subject to accelerator marking, see SETPROMPT for details. 'Passphrase caching' Some environments, such as GNOME, cache passwords and passphrases. The PINENTRY should only use an external cache if the 'allow-external-password-cache' option was set and a stable key identifier (using SETKEYINFO) was provided. In this case, if the passphrase was read from the cache, the PINENTRY should send the 'PASSWORD_FROM_CACHE' status message before returning the passphrase. This indicates to GPG Agent that it should not increment the passphrase retry counter. C: OPTION allow-external-password-cache S: OK C: SETKEYINFO key-grip S: OK C: getpin S: S PASSWORD_FROM_CACHE S: D 1234 S: OK Note: if 'allow-external-password-cache' is not specified, an external password cache must not be used: this can lead to subtle bugs. In particular, if this option is not specified, then GPG Agent does not recognize the 'PASSWORD_FROM_CACHE' status message and will count trying a cached password against the password retry count. If the password retry count is 1, then the user will never have the opportunity to correct the cached password. Note: it is strongly recommended that a pinentry supporting this feature provide the user an option to enable it manually. That is, saving a passphrase in an external password manager should be opt-in. The key identifier provided SETKEYINFO must be considered opaque and may change in the future. It currently has the form 'X/HEXSTRING' where 'X' is either 'n', 's', or 'u'. In the former two cases, the HEXSTRING corresponds to the key grip. The key grip is not the OpenPGP Key ID, but it can be mapped to the key using the following: # gpg2 --with-keygrip --list-secret-keys and searching the output for the key grip. The same command-line options can also be used with gpgsm.  File: pinentry.info, Node: Implementation Details, Next: Copying, Prev: Protocol, Up: Top 4 Implementation Details ************************ The pinentry source code can be divided into three categories. There is a backend module, which lives in 'pinentry/', there are utility functions, e.g., in 'secmem/', and there are various frontends. All of the low-level logic lives in the backend. This frees the frontends from having to implement, e.g., the Assuan protocol. When the backend receives an option, it updates the state in a 'pinentry_t' struct. The frontend is called when the client either calls 'GETPIN', 'CONFIRM' or 'MESSAGE'. In these cases, the backend invokes the 'pinentry_cmd_handler', which is passed the 'pinentry_t' struct. When the callback is invoked, the frontend should create a window based on the state in the 'pinentry_t' struct. For instance, the title to use for the dialog's window (if any) is stored in the 'title' field. If the is 'NULL', the frontend should choose a reasonable default value. (Default is not always provided, because different tool kits and environments have different reasonable defaults.) The widget needs to support a number of different interactions with the user. Each of them is described below. 'Passphrase Confirmation' When creating a new key, the passphrase should be entered twice. The client (typically GPG Agent) indicates this to the PINENTRY by invoking 'SETREPEAT'. In this case, the backend sets the 'repeat_passphrase' field to a copy of the passed string. The value of this field should be used to label a second text input. It is the frontend's responsibility to check that the passwords match. If they don't match, the frontend should display an error message and continue to prompt the user. If the passwords do match, then, when the user presses the okay button, the 'repeat_okay' field should be set to '1' (this causes the backend to emit the 'S PIN_REPEATED' status message). 'Message Box' Sometimes GPG Agent needs to display a message. In this case, the 'pin' variable is 'NULL'. At the Assuan level, this mode is selected by using either the 'MESSAGE' or the 'CONFIRM' command instead of the 'GETPIN' command. The 'MESSAGE' command never shows the cancel or an other button. The same holds for 'CONFIRM' if it was passed the "-one-button" argument. If 'CONFIRM' was not passed this argument, the dialog for 'CONFIRM' should show both the 'ok' and the 'cancel' buttons and optionally the 'notok' button. The frontend can determine whether the dialog is a one-button dialog by inspecting the 'one_button' variable. 'Passphrase Entry' If neither of the above cases holds, then GPG Agent is simply requesting the passphrase. In this case, the 'ok' and 'cancel' buttons should be displayed. The layout of the three variants is quite similar. Here are the relevant elements that describe the layout: 'title' The window's title. 'description' The reason for the dialog. When requesting a passphrase, this describes the key. When showing a message box, this is the message to show. 'error' If GPG Agent determines that the passphrase was incorrect, it will call 'GETPIN' again (up to a configurable number of times) to again prompt the user. In this case, this variable contains a description of the error message. This text should typically be highlighted in someway. 'prompt, default-prompt' The string to associate with the passphrase entry box. There is a subtle difference between 'prompt' and 'default-prompt'. 'default-prompt' means that a stylized prompt (e.g., an icon suggesting a prompt) may be used. 'prompt' means that the entry's meaning is not consistent with such a style and, as such, no icon should be used. If both variables are set, the 'prompt' variant takes precedence. 'repeat_passphrase' The string to associate with the second passphrase entry box. The second passphrase entry box should only be shown if this is not 'NULL'. 'ok, default-ok' The string to show in the 'ok' button. If there are any '_' characters, the following character should be used as an accelerator. (A double underscore means a plain underscore should be shown.) If the frontend does not support accelerators, then the underscores should be removed manually. There is a subtle difference between 'ok' and 'default-ok'. 'default-ok' means that a stylized OK button should be used. For instance, it could include a check mark. 'ok' means that the button's meaning is not consistent with such an icon and, as such, no icon should be used. Thus, if the 'ok' button should have the text "No password required" then 'ok' should be used because a check mark icon doesn't make sense. If this variable is 'NULL', the frontend should choose a reasonable default. If both variables are set, the 'ok' variant takes precedence. 'cancel, default-cancel' Like the 'ok' and 'default-ok' buttons except these strings are used for the cancel button. This button should not be shown if 'one_button' is set. 'default-notok' Like the 'default-ok' button except this string is used for the other button. This button should only be displayed when showing a message box. If these variables are 'NULL' or 'one_button' is set, this button should not be displayed. 'quality_bar' If this is set, a widget should be used to show the password's quality. The value of this field is a label for the widget. Note: to update the password quality, whenever the password changes, call the 'pinentry_inq_quality' function and then update the password quality widget correspondingly. 'quality_bar_tt' A tooltip for the quality bar. 'constraints_enforce' If this is not 0, then passphrase constraints are enforced by gpg-agent. In this case pinentry can use the 'pinentry_inq_checkpin' function for checking whether the new passphrase satisfies the constraints before passing it to gpg-agent. 'constraints_hint_short' A short translated hint for the user with the constraints for new passphrases to be displayed near the passphrase input field. 'constraints_hint_short' A longer translated hint for the user with the constraints for new passphrases to be displayed for example as tooltip. 'constraints_error_title' A short translated title for an error dialog informing the user about unsatisfied passphrase constraints. 'genpin_label' If this is set, a generate action should be shown. The value of this field is a label for the action. Note: Call the 'pinentry_inq_genpin' function to request a randomly generated passphrase. 'genpin_tt' The tooltip for the generate action. 'formatted_passphrase' If this is not 0, then passphrase formatting should be enabled. If it is enabled, then the unmasked passphrase should be grouped into groups of five characters separated by non-breaking spaces or a similar separator. To simplify the implementation all occurrences of the character used as separator can be stripped from the entered passphrase, if formatting is enabled. 'formatted_passphrase_hint' A hint to be shown if passphrase formatting is enabled. It should be shown near the passphrase input field. 'default_pwmngr' If 'may_cache_password' and 'keyinfo' are set and the user consents, then the PINENTRY may cache the password with an external manager. Note: getting the user's consent is essential, because password managers often provide a different level of security. If the above condition is true and 'tried_password_cache' is false, then a check box with the specified string should be displayed. The check box must default to off. 'default-cf-visi' The string to show with a question if you want to confirm that the user wants to change the visibility of the password. 'default-tt-visi' Tooltip for an action that would reveal the entered password. 'default-tt-hide' Tooltip for an action that would hide the password revealed by the action labeld with 'default-tt-visi' 'default-capshint' A hint to be shown if Caps Lock is on. When the handler is done, it should store the passphrase in 'pin', if appropriate. This variable is allocated in secure memory. Use 'pinentry_setbufferlen' to size the buffer. The actual return code is dependent on whether the dialog is in message mode or in passphrase mode. If the dialog is in message mode and the user pressed ok, return 1. Otherwise, return 0. If an error occurred, indicate this by setting it in 'specific_err' or setting 'locale_err' to '1' (for locale specific errors). If the dialog was canceled, then the handler should set the 'canceled' variable to '1'. If the not ok button was pressed, don't do anything else. If the dialog is in passphrase mode return '1' if the user entered a password and pressed ok. If an error occurred, return '-1' and set 'specific_err' or 'locale_err', as above. If the user canceled the dialog box, return '-1'. If the window was closed, then the handler should set the 'close_button' variable and otherwise act as if the cancel button was pressed.  File: pinentry.info, Node: Copying, Next: Option Index, Prev: Implementation Details, Up: Top GNU General Public License ************************** Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble ======== The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 1. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 2. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 3. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 6. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 7. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 8. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs ============================================= If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. ONE LINE TO GIVE THE PROGRAM'S NAME AND AN IDEA OF WHAT IT DOES. Copyright (C) 19YY NAME OF AUTHOR This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19YY NAME OF AUTHOR Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands 'show w' and 'show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than 'show w' and 'show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. SIGNATURE OF TY COON, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.  File: pinentry.info, Node: Option Index, Next: Index, Prev: Copying, Up: Top Option Index ************ [index] * Menu: * d: Using pinentry. (line 20) * debug: Using pinentry. (line 20) * display: Using pinentry. (line 46) * g: Using pinentry. (line 26) * help: Using pinentry. (line 15) * lc-ctype: Using pinentry. (line 46) * lc-messa: Using pinentry. (line 46) * no-global-grab: Using pinentry. (line 26) * parent-wid: Using pinentry. (line 32) * timeout: Using pinentry. (line 36) * ttyname: Using pinentry. (line 46) * ttytype: Using pinentry. (line 46) * version: Using pinentry. (line 12)  File: pinentry.info, Node: Index, Prev: Option Index, Up: Top Index ***** [index] * Menu: * GPL, GNU General Public License: Copying. (line 6) * introduction: Top. (line 6)  Tag Table: Node: Top815 Node: Using pinentry2240 Node: Front ends4091 Node: Protocol7660 Node: Implementation Details18285 Node: Copying27843 Node: Option Index47022 Node: Index48104  End Tag Table