pinentry - phpMan

File: pinentry.info,  Node: Top,  Next: Using pinentry,  Up: (dir)
Introduction
************
This manual documents how to use the PINENTRY and its protocol.
   The PINENTRY is a small GUI application used to enter PINs or
passphrases.  It is usually invoked by GPG-AGENT (*note Invoking the
gpg-agent: (gnupg)Invoking GPG-AGENT, for details).
   PINENTRY comes in several flavors to fit the look and feel of the
used GUI toolkit: A GTK+ based one named 'pinentry-gtk'; a QT based one
named 'pinentry-qt'; and, two non-graphical ones 'pinentry-curses',
which uses curses, and 'pinentry-tty', which doesn't require anything
more than a simple terminal.  Not all of them are necessarily available
on your installation.  If curses is supported on your system, the
GUI-based flavors fall back to curses when the 'DISPLAY' variable is not
set.
* Menu:
* Using pinentry::      How to use the beast.
* Front ends::          Description and comparison of the front ends
Developer information
* Protocol::            The Assuan protocol description.
* Implementation Details:: For those extending or writing a new pinentry.
Miscellaneous
* Copying::             GNU General Public License says
                        how you can copy and share PIN-Entry
                        as well as this manual.
Indices
* Option Index::        Index to command line options.
* Index::	        Index of concepts and symbol names.
File: pinentry.info,  Node: Using pinentry,  Next: Front ends,  Prev: Top,  Up: Top
1 How to use the PINENTRY
*************************
You may run PINENTRY directly from the command line and pass the
commands according to the Assuan protocol via stdin/stdout.
   Here is a list of options supported by all flavors of pinentry:
'--version'
     Print the program version and licensing information.
'--help'
     Print a usage message summarizing the most useful command line
     options.
'--debug'
'-d'
     Turn on some debugging.  Mostly useful for the maintainers.  Note
     that this may reveal sensitive information like the entered
     passphrase.
'--no-global-grab'
'-g'
     Grab the keyboard only when the window is focused.  Use this option
     if you are debugging software using the PINENTRY; otherwise you may
     not be able to to access your X session anymore (unless you have
     other means to connect to the machine to kill the PINENTRY).
'--parent-wid N'
     Use window ID N as the parent window for positioning the window.
     Note, that this is not fully supported by all flavors of PINENTRY.
'--timeout SECONDS'
     Give up waiting for input from the user after the specified number
     of seconds and return an error.  The error returned is the same as
     if the Cancel button was selected.  To disable the timeout and wait
     indefinitely, set this to 0, which is the default.
'--display STRING'
'--ttyname STRING'
'--ttytype STRING'
'--lc-ctype STRING'
'--lc-messages STRING'
     These options are used to pass localization information to
     PINENTRY.  They are required because PINENTRY is usually called by
     some background process which does not have any information about
     the locale and terminal to use.  It is also possible to pass these
     options using Assuan protocol options.
File: pinentry.info,  Node: Front ends,  Next: Protocol,  Prev: Using pinentry,  Up: Top
2 Front Ends
************
There are several different flavors of PINENTRY.  Concretely, there are
Gtk+2, Qt 4, Gnome 3, Emacs, curses and tty variants.  These different
implementations provide higher levels of integration with a specific
environment.  For instance, the Gnome 3 PINENTRY uses Gnome 3 widgets to
display the prompts.  For Gnome 3 users, this higher level of
integration provides a more consistent aesthetic.  However, this comes
at a cost.  Because this PINENTRY uses so many components, there is a
larger chance of a failure.  In particular, there is a larger chance
that the passphrase is saved in memory and that memory is exposed to an
attacker (consider the OpenSSL Heartbeat vulnerability).
   To understand how many components touch the passphrase, consider
again the Gnome 3 implementation.  When a user presses a button on the
keyboard, the key is passed from the kernel to the X server to the
toolkit (Gtk+) and to the actual text entry widget.  Along the way, the
key is saved in memory and processed.  In fact, the key presses are
probably read using standard C library functions, which buffer the
input.  None of this code is careful to make sure the contents of the
memory are not leaked by keeping the data in unpagable memory and wiping
it when the buffer is freed.  However, even if they did, there is still
the problem that when a computer hibernates, the system writes unpagable
memory to disk anyway.  Further, many installations are virtualized
(e.g., running on Xen) and have little control over their actual
environment.
   The curses variant uses a significant smaller software stack and the
tty variant uses an even smaller one.  However, if they are run in an
X terminal, then a similar number of components are handling the
passphrase as in the Gnome 3 case!  Thus, to be most secure, you need to
direct GPG Agent to use a fixed virtual console.  Since you need to
remain logged in for GPG Agent to use that console, you should run there
and have 'screen' or 'tmux' lock the tty.
   The Emacs pinentry implementation interacts with a running Emacs
session and directs the Emacs instance to display the passphrase prompt.
Since this doesn't work very well if there is no Emacs running, the
generic PINENTRY backend checks if a PINENTRY-enabled Emacs should be
used.  Specifically, it looks to see if the 'INSIDE_EMACS' variable is
set and then attempts to establish a connection to the specified
address.  If this is the case, then instead of, e.g., 'pinentry-gtk2'
displaying a Gtk+2 pinentry, it interacts with the Emacs session.  This
functionality can be explicitly disabled by passing
'--disable-inside-emacs' to 'configure' when building PINENTRY.
   Having Emacs get the passphrase is convenient, however, it is a
significant security risk.  Emacs is a huge program, which doesn't
provide any process isolation to speak of.  As such, having it handle
the passphrase adds a huge chunk of code to the user's trusted computing
base.  Because of this concern, Emacs doesn't enable this by default,
unless the 'allow-emacs-pinentry' option is explicitly set in his or her
'.gnupg/gpg-agent.conf' file.
   Similar to the inside-emacs check, the PINENTRY frontends check
whether the 'DISPLAY' variable is set and a working X server is
available.  If this is not the case, then they fallback to the curses
front end.  This can also be disabled by passing
'--disable-fallback-curses' to 'configure' at build time.
File: pinentry.info,  Node: Protocol,  Next: Implementation Details,  Prev: Front ends,  Up: Top
3 PINENTRY's Assuan Protocol
****************************
The PINENTRY should never service more than one connection at once.  It
is reasonable to exec the PINENTRY prior to a request.
   The PINENTRY does not need to stay in memory because the GPG-AGENT
has the ability to cache passphrases.  The usual way to run the PINENTRY
is by setting up a pipe (not a socket) and then fork/exec the PINENTRY.
The communication is then done by means of the protocol described here
until the client is satisfied with the result.
   Although it is called a PINENTRY, it allows entering reasonably long
strings (strings that are up to 2048 characters long are supported by
every pinentry).  The client using the PINENTRY has to check for
correctness.
   Note that all strings are expected to be encoded as UTF-8; PINENTRY
takes care of converting it to the locally used codeset.  To include
linefeeds or other special characters, you may percent-escape them
(e.g., a line feed is encoded as '%0A', the percent sign itself is
encoded as '%25', etc.).
   The following is a list of supported commands:
'Set the timeout before returning an error'
            C: SETTIMEOUT 30
            S: OK
'Set the descriptive text to display'
            C: SETDESC Enter PIN for Richard Nixon <nobody AT trickydicky.gov>
            S: OK
'Set the prompt to show'
     When asking for a PIN, set the text just before the widget for
     passphrase entry.
            C: SETPROMPT PIN:
            S: OK
     You should use an underscore in the text only if you know that a
     modern version of pinentry is used.  Modern versions underline the
     next character after the underscore and use the first such
     underlined character as a keyboard accelerator.  Use a double
     underscore to escape an underscore.
'Set the window title'
     This command may be used to change the default window title.  When
     using this feature you should take care that the window is still
     identifiable as the pinentry.
            C: SETTITLE Tape Recorder Room
            S: OK
'Set the button texts'
     There are three texts which should be used to override the English
     defaults:
     To set the text for the button signaling confirmation (in UTF-8).
     See SETPROMPT on how to use an keyboard accelerator.
            C: SETOK Yes
            S: OK
     To set the text for the button signaling cancellation or
     disagreement (in UTF-8).  See SETPROMPT on how to use an keyboard
     accelerator.
            C: SETCANCEL No
            S: OK
     In case three buttons are required, use the following command to
     set the text (UTF-8) for the non-affirmative response button.  The
     affirmative button text is still set using SETOK and the CANCEL
     button text with SETCANCEL. See SETPROMPT on how to use an keyboard
     accelerator.
            C: SETNOTOK Do not do this
            S: OK
'Set the Error text'
     This is used by the client to display an error message.  In
     contrast to the other commands, the error message is automatically
     reset with a GETPIN or CONFIRM, and is only displayed when asking
     for a PIN.
            C: SETERROR Invalid PIN entered - please try again
            S: OK
'Enable a passphrase quality indicator'
     Adds a quality indicator to the GETPIN window.  This indicator is
     updated as the passphrase is typed.  The clients needs to implement
     an inquiry named "QUALITY" which gets passed the current passphrase
     (percent-plus escaped) and should send back a string with a single
     numerical value between -100 and 100.  Negative values will be
     displayed in red.
            C: SETQUALITYBAR
            S: OK
     If a custom label for the quality bar is required, just add that
     label as an argument as a percent-escaped string.  You will need
     this feature to translate the label because PINENTRY has no
     internal gettext except for stock strings from the toolkit library.
     If you want to show a tooltip for the quality bar, you may use
            C: SETQUALITYBAR_TT string
            S: OK
     With STRING being a percent escaped string shown as the tooltip.
'Ask for a PIN'
     The meat of this tool is to ask for a passphrase of PIN, it is done
     with this command:
            C: GETPIN
            S: D no more tapes
            S: OK
     Note that the passphrase is transmitted in clear using standard
     data responses.  Expect it to be in UTF-8.
'Ask for confirmation'
     To ask for a confirmation (yes or no), you can use this command:
            C: CONFIRM
            S: OK
     The client should use SETDESC to set an appropriate text before
     issuing this command, and may use SETPROMPT to set the button
     texts.  The value returned is either OK for YES or the error code
     'ASSUAN_Not_Confirmed'.
'Show a message'
     To show a message, you can use this command:
            C: MESSAGE
            S: OK
     alternatively you may add an option to confirm:
            C: CONFIRM --one-button
            S: OK
     The client should use SETDESC to set an appropriate text before
     issuing this command, and may use SETOK to set the text for the
     dismiss button.  The value returned is OK or an error message.
'Set the output device'
     When using X, the PINENTRY program must be invoked with an
     appropriate 'DISPLAY' environment variable or the '--display'
     option.
     When using a text terminal:
            C: OPTION ttyname=/dev/tty3
            S: OK
            C: OPTION ttytype=vt100
            S: OK
            C: OPTION lc-ctype=de_DE.UTF-8
            S: OK
     The client should use the 'ttyname' option to set the output TTY
     file name, the 'ttytype' option to the 'TERM' variable appropriate
     for this tty and 'lc-ctype' to the locale which defines the
     character set to use for this terminal.
'Set the default strings'
     To avoid having translations in Pinentry proper, the caller may set
     certain translated strings which are used by PINENTRY as default
     strings.
            C: OPTION default-ok=_Korrekt
            S: OK
            C: OPTION default-cancel=Abbruch
            S: OK
            C: OPTION default-prompt=PIN eingeben:
            S: OK
     The strings are subject to accelerator marking, see SETPROMPT for
     details.
'Passphrase caching'
     Some environments, such as GNOME, cache passwords and passphrases.
     The PINENTRY should only use an external cache if the
     'allow-external-password-cache' option was set and a stable key
     identifier (using SETKEYINFO) was provided.  In this case, if the
     passphrase was read from the cache, the PINENTRY should send the
     'PASSWORD_FROM_CACHE' status message before returning the
     passphrase.  This indicates to GPG Agent that it should not
     increment the passphrase retry counter.
            C: OPTION allow-external-password-cache
            S: OK
            C: SETKEYINFO key-grip
            S: OK
            C: getpin
            S: S PASSWORD_FROM_CACHE
            S: D 1234
            C: OK
     Note: if 'allow-external-password-cache' is not specified, an
     external password cache must not be used: this can lead to subtle
     bugs.  In particular, if this option is not specified, then GPG
     Agent does not recognize the 'PASSWORD_FROM_CACHE' status message
     and will count trying a cached password against the password retry
     count.  If the password retry count is 1, then the user will never
     have the opportunity to correct the cached password.
     Note: it is strongly recommended that a pinentry supporting this
     feature provide the user an option to enable it manually.  That is,
     saving a passphrase in an external password manager should be
     opt-in.
     The key identifier provided SETKEYINFO must be considered opaque
     and may change in the future.  It currently has the form
     'X/HEXSTRING' where 'X' is either 'n', 's', or 'u'.  In the former
     two cases, the HEXSTRING corresponds to the key grip.  The key grip
     is not the OpenPGP Key ID, but it can be mapped to the key using
     the following:
            # gpg2 --with-keygrip --list-secret-keys
     and searching the output for the key grip.  The same command-line
     options can also be used with gpgsm.
File: pinentry.info,  Node: Implementation Details,  Next: Copying,  Prev: Protocol,  Up: Top
4 Implementation Details
************************
The pinentry source code can be divided into three categories.  There is
a backend module, which lives in 'pinentry/', there are utility
functions, e.g., in 'secmem/', and there are various frontends.
   All of the low-level logic lives in the backend.  This frees the
frontends from having to implement, e.g., the Assuan protocol.  When the
backend receives an option, it updates the state in a 'pinentry_t'
struct.  The frontend is called when the client either calls 'GETPIN',
'CONFIRM' or 'MESSAGE'.  In these cases, the backend invokes the
'pinentry_cmd_handler', which is passed the 'pinentry_t' struct.
   When the callback is invoked, the frontend should create a window
based on the state in the 'pinentry_t' struct.  For instance, the title
to use for the dialog's window (if any) is stored in the 'title' field.
If the is 'NULL', the frontend should choose a reasonable default value.
(Default is not always provided, because different tool kits and
environments have different reasonable defaults.)
   The widget needs to support a number of different interactions with
the user.  Each of them is described below.
'Passphrase Confirmation'
     When creating a new key, the passphrase should be entered twice.
     The client (typically GPG Agent) indicates this to the PINENTRY by
     invoking 'SETREPEAT'.  In this case, the backend sets the
     'repeat_passphrase' field to a copy of the passed string.  The
     value of this field should be used to label a second text input.
     It is the frontend's responsibility to check that the passwords
     match.  If they don't match, the frontend should display an error
     message and continue to prompt the user.
     If the passwords do match, then, when the user presses the okay
     button, the 'repeat_okay' field should be set to '1' (this causes
     the backend to emit the 'S PIN_REPEATED' status message).
'Message Box'
     Sometimes GPG Agent needs to display a message.  In this case, the
     'pin' variable is 'NULL'.
     At the Assuan level, this mode is selected by using either the
     'MESSAGE' or the 'CONFIRM' command instead of the 'GETPIN' command.
     The 'MESSAGE' command never shows the cancel or an other button.
     The same holds for 'CONFIRM' if it was passed the "-one-button"
     argument.  If 'CONFIRM' was not passed this argument, the dialog
     for 'CONFIRM' should show both the 'ok' and the 'cancel' buttons
     and optionally the 'notok' button.  The frontend can determine
     whether the dialog is a one-button dialog by inspecting the
     'one_button' variable.
'Passphrase Entry'
     If neither of the above cases holds, then GPG Agent is simply
     requesting the passphrase.  In this case, the 'ok' and 'cancel'
     buttons should be displayed.
   The layout of the three variants is quite similar.  Here are the
relevant elements that describe the layout:
'title'
     The window's title.
'description'
     The reason for the dialog.  When requesting a passphrase, this
     describes the key.  When showing a message box, this is the message
     to show.
'error'
     If GPG Agent determines that the passphrase was incorrect, it will
     call 'GETPIN' again (up to a configurable number of times) to again
     prompt the user.  In this case, this variable contains a
     description of the error message.  This text should typically be
     highlighted in someway.
'prompt, default-prompt'
     The string to associate with the passphrase entry box.
     There is a subtle difference between 'prompt' and 'default-prompt'.
     'default-prompt' means that a stylized prompt (e.g., an icon
     suggesting a prompt) may be used.  'prompt' means that the entry's
     meaning is not consistent with such a style and, as such, no icon
     should be used.
     If both variables are set, the 'prompt' variant takes precedence.
'repeat_passphrase'
     The string to associate with the second passphrase entry box.  The
     second passphrase entry box should only be shown if this is not
     'NULL'.
'ok, default-ok'
     The string to show in the 'ok' button.
     If there are any '_' characters, the following character should be
     used as an accelerator.  (A double underscore means a plain
     underscore should be shown.)  If the frontend does not support
     accelerators, then the underscores should be removed manually.
     There is a subtle difference between 'ok' and 'default-ok'.
     'default-ok' means that a stylized OK button should be used.  For
     instance, it could include a check mark.  'ok' means that the
     button's meaning is not consistent with such an icon and, as such,
     no icon should be used.  Thus, if the 'ok' button should have the
     text "No password required" then 'ok' should be used because a
     check mark icon doesn't make sense.
     If this variable is 'NULL', the frontend should choose a reasonable
     default.
     If both variables are set, the 'ok' variant takes precedence.
'cancel, default-cancel'
     Like the 'ok' and 'default-ok' buttons except these strings are
     used for the cancel button.
     This button should not be shown if 'one_button' is set.
     'default-notok' Like the 'default-ok' button except this string is
     used for the other button.
     This button should only be displayed when showing a message box.
     If these variables are 'NULL' or 'one_button' is set, this button
     should not be displayed.
'quality_bar'
     If this is set, a widget should be used to show the password's
     quality.  The value of this field is a label for the widget.
     Note: to update the password quality, whenever the password
     changes, call the 'pinentry_inq_quality' function and then update
     the password quality widget correspondingly.
'quality_bar_tt'
     A tooltip for the quality bar.
'default_pwmngr'
     If 'may_cache_password' and 'keyinfo' are set and the user
     consents, then the PINENTRY may cache the password with an external
     manager.  Note: getting the user's consent is essential, because
     password managers often provide a different level of security.  If
     the above condition is true and 'tried_password_cache' is false,
     then a check box with the specified string should be displayed.
     The check box must default to off.
'default-cf-visi'
     The string to show with a question if you want to confirm that the
     user wants to change the visibility of the password.
'default-tt-visi'
     Tooltip for an action that would reveal the entered password.
'default-tt-hide'
     Tooltip for an action that would hide the password revealed by the
     action labeld with 'default-tt-visi'
   When the handler is done, it should store the passphrase in 'pin', if
appropriate.  This variable is allocated in secure memory.  Use
'pinentry_setbufferlen' to size the buffer.
   The actual return code is dependent on whether the dialog is in
message mode or in passphrase mode.
   If the dialog is in message mode and the user pressed ok, return 1.
Otherwise, return 0.  If an error occurred, indicate this by setting it
in 'specific_err' or setting 'locale_err' to '1' (for locale specific
errors).  If the dialog was canceled, then the handler should set the
'canceled' variable to '1'.  If the not ok button was pressed, don't do
anything else.
   If the dialog is in passphrase mode return '1' if the user entered a
password and pressed ok.  If an error occurred, return '-1' and set
'specific_err' or 'locale_err', as above.  If the user canceled the
dialog box, return '-1'.
   If the window was closed, then the handler should set the
'close_button' variable and otherwise act as if the cancel button was
pressed.
File: pinentry.info,  Node: Copying,  Next: Option Index,  Prev: Implementation Details,  Up: Top
GNU General Public License
**************************
                         Version 2, June 1991
     Copyright (C) 1989, 1991 Free Software Foundation, Inc.
     59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
     Everyone is permitted to copy and distribute verbatim copies
     of this license document, but changing it is not allowed.
Preamble
========
The licenses for most software are designed to take away your freedom to
share and change it.  By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change free software--to
make sure the software is free for all its users.  This General Public
License applies to most of the Free Software Foundation's software and
to any other program whose authors commit to using it.  (Some other Free
Software Foundation software is covered by the GNU Library General
Public License instead.)  You can apply it to your programs, too.
   When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.
   To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
   For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.
   We protect your rights with two steps: (1) copyright the software,
and (2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
   Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
   Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
   The precise terms and conditions for copying, distribution and
modification follow.
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  1. This License applies to any program or other work which contains a
     notice placed by the copyright holder saying it may be distributed
     under the terms of this General Public License.  The "Program",
     below, refers to any such program or work, and a "work based on the
     Program" means either the Program or any derivative work under
     copyright law: that is to say, a work containing the Program or a
     portion of it, either verbatim or with modifications and/or
     translated into another language.  (Hereinafter, translation is
     included without limitation in the term "modification".)  Each
     licensee is addressed as "you".
     Activities other than copying, distribution and modification are
     not covered by this License; they are outside its scope.  The act
     of running the Program is not restricted, and the output from the
     Program is covered only if its contents constitute a work based on
     the Program (independent of having been made by running the
     Program).  Whether that is true depends on what the Program does.
  2. You may copy and distribute verbatim copies of the Program's source
     code as you receive it, in any medium, provided that you
     conspicuously and appropriately publish on each copy an appropriate
     copyright notice and disclaimer of warranty; keep intact all the
     notices that refer to this License and to the absence of any
     warranty; and give any other recipients of the Program a copy of
     this License along with the Program.
     You may charge a fee for the physical act of transferring a copy,
     and you may at your option offer warranty protection in exchange
     for a fee.
  3. You may modify your copy or copies of the Program or any portion of
     it, thus forming a work based on the Program, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:
       a. You must cause the modified files to carry prominent notices
          stating that you changed the files and the date of any change.
       b. You must cause any work that you distribute or publish, that
          in whole or in part contains or is derived from the Program or
          any part thereof, to be licensed as a whole at no charge to
          all third parties under the terms of this License.
       c. If the modified program normally reads commands interactively
          when run, you must cause it, when started running for such
          interactive use in the most ordinary way, to print or display
          an announcement including an appropriate copyright notice and
          a notice that there is no warranty (or else, saying that you
          provide a warranty) and that users may redistribute the
          program under these conditions, and telling the user how to
          view a copy of this License.  (Exception: if the Program
          itself is interactive but does not normally print such an
          announcement, your work based on the Program is not required
          to print an announcement.)
     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the
     Program, and can be reasonably considered independent and separate
     works in themselves, then this License, and its terms, do not apply
     to those sections when you distribute them as separate works.  But
     when you distribute the same sections as part of a whole which is a
     work based on the Program, the distribution of the whole must be on
     the terms of this License, whose permissions for other licensees
     extend to the entire whole, and thus to each and every part
     regardless of who wrote it.
     Thus, it is not the intent of this section to claim rights or
     contest your rights to work written entirely by you; rather, the
     intent is to exercise the right to control the distribution of
     derivative or collective works based on the Program.
     In addition, mere aggregation of another work not based on the
     Program with the Program (or with a work based on the Program) on a
     volume of a storage or distribution medium does not bring the other
     work under the scope of this License.
  4. You may copy and distribute the Program (or a work based on it,
     under Section 2) in object code or executable form under the terms
     of Sections 1 and 2 above provided that you also do one of the
     following:
       a. Accompany it with the complete corresponding machine-readable
          source code, which must be distributed under the terms of
          Sections 1 and 2 above on a medium customarily used for
          software interchange; or,
       b. Accompany it with a written offer, valid for at least three
          years, to give any third party, for a charge no more than your
          cost of physically performing source distribution, a complete
          machine-readable copy of the corresponding source code, to be
          distributed under the terms of Sections 1 and 2 above on a
          medium customarily used for software interchange; or,
       c. Accompany it with the information you received as to the offer
          to distribute corresponding source code.  (This alternative is
          allowed only for noncommercial distribution and only if you
          received the program in object code or executable form with
          such an offer, in accord with Subsection b above.)
     The source code for a work means the preferred form of the work for
     making modifications to it.  For an executable work, complete
     source code means all the source code for all modules it contains,
     plus any associated interface definition files, plus the scripts
     used to control compilation and installation of the executable.
     However, as a special exception, the source code distributed need
     not include anything that is normally distributed (in either source
     or binary form) with the major components (compiler, kernel, and so
     on) of the operating system on which the executable runs, unless
     that component itself accompanies the executable.
     If distribution of executable or object code is made by offering
     access to copy from a designated place, then offering equivalent
     access to copy the source code from the same place counts as
     distribution of the source code, even though third parties are not
     compelled to copy the source along with the object code.
  5. You may not copy, modify, sublicense, or distribute the Program
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense or distribute the Program is
     void, and will automatically terminate your rights under this
     License.  However, parties who have received copies, or rights,
     from you under this License will not have their licenses terminated
     so long as such parties remain in full compliance.
  6. You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify
     or distribute the Program or its derivative works.  These actions
     are prohibited by law if you do not accept this License.
     Therefore, by modifying or distributing the Program (or any work
     based on the Program), you indicate your acceptance of this License
     to do so, and all its terms and conditions for copying,
     distributing or modifying the Program or works based on it.
  7. Each time you redistribute the Program (or any work based on the
     Program), the recipient automatically receives a license from the
     original licensor to copy, distribute or modify the Program subject
     to these terms and conditions.  You may not impose any further
     restrictions on the recipients' exercise of the rights granted
     herein.  You are not responsible for enforcing compliance by third
     parties to this License.
  8. If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent
     issues), conditions are imposed on you (whether by court order,
     agreement or otherwise) that contradict the conditions of this
     License, they do not excuse you from the conditions of this
     License.  If you cannot distribute so as to satisfy simultaneously
     your obligations under this License and any other pertinent
     obligations, then as a consequence you may not distribute the
     Program at all.  For example, if a patent license would not permit
     royalty-free redistribution of the Program by all those who receive
     copies directly or indirectly through you, then the only way you
     could satisfy both it and this License would be to refrain entirely
     from distribution of the Program.
     If any portion of this section is held invalid or unenforceable
     under any particular circumstance, the balance of the section is
     intended to apply and the section as a whole is intended to apply
     in other circumstances.
     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of
     any such claims; this section has the sole purpose of protecting
     the integrity of the free software distribution system, which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is
     willing to distribute software through any other system and a
     licensee cannot impose that choice.
     This section is intended to make thoroughly clear what is believed
     to be a consequence of the rest of this License.
  9. If the distribution and/or use of the Program is restricted in
     certain countries either by patents or by copyrighted interfaces,
     the original copyright holder who places the Program under this
     License may add an explicit geographical distribution limitation
     excluding those countries, so that distribution is permitted only
     in or among countries not thus excluded.  In such case, this
     License incorporates the limitation as if written in the body of
     this License.
  10. The Free Software Foundation may publish revised and/or new
     versions of the General Public License from time to time.  Such new
     versions will be similar in spirit to the present version, but may
     differ in detail to address new problems or concerns.
     Each version is given a distinguishing version number.  If the
     Program specifies a version number of this License which applies to
     it and "any later version", you have the option of following the
     terms and conditions either of that version or of any later version
     published by the Free Software Foundation.  If the Program does not
     specify a version number of this License, you may choose any
     version ever published by the Free Software Foundation.
  11. If you wish to incorporate parts of the Program into other free
     programs whose distribution conditions are different, write to the
     author to ask for permission.  For software which is copyrighted by
     the Free Software Foundation, write to the Free Software
     Foundation; we sometimes make exceptions for this.  Our decision
     will be guided by the two goals of preserving the free status of
     all derivatives of our free software and of promoting the sharing
     and reuse of software generally.
                              NO WARRANTY
  12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
     WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
     LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS
     AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
     OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
     LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
     PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
     DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR
     OR CORRECTION.
  13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
     WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
     MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE
     LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
     INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
     INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
     DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU
     OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY
     OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
     ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
                      END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
=============================================
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.
   To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
     ONE LINE TO GIVE THE PROGRAM'S NAME AND AN IDEA OF WHAT IT DOES.
     Copyright (C) 19YY  NAME OF AUTHOR
     This program is free software; you can redistribute it and/or
     modify it under the terms of the GNU General Public License
     as published by the Free Software Foundation; either version 2
     of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
     You should have received a copy of the GNU General Public License along
     with this program; if not, write to the Free Software Foundation, Inc.,
     59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
   Also add information on how to contact you by electronic and paper
mail.
   If the program is interactive, make it output a short notice like
this when it starts in an interactive mode:
     Gnomovision version 69, Copyright (C) 19YY NAME OF AUTHOR
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details
     type `show w'.  This is free software, and you are welcome
     to redistribute it under certain conditions; type `show c'
     for details.
   The hypothetical commands 'show w' and 'show c' should show the
appropriate parts of the General Public License.  Of course, the
commands you use may be called something other than 'show w' and 'show
c'; they could even be mouse-clicks or menu items--whatever suits your
program.
   You should also get your employer (if you work as a programmer) or
your school, if any, to sign a "copyright disclaimer" for the program,
if necessary.  Here is a sample; alter the names:
     Yoyodyne, Inc., hereby disclaims all copyright
     interest in the program `Gnomovision'
     (which makes passes at compilers) written
     by James Hacker.
     SIGNATURE OF TY COON, 1 April 1989
     Ty Coon, President of Vice
   This General Public License does not permit incorporating your
program into proprietary programs.  If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library.  If this is what you want to do, use the
GNU Library General Public License instead of this License.
File: pinentry.info,  Node: Option Index,  Next: Index,  Prev: Copying,  Up: Top
Option Index
************

* Menu:
* d:                                     Using pinentry.       (line 20)
* debug:                                 Using pinentry.       (line 20)
* display:                               Using pinentry.       (line 46)
* g:                                     Using pinentry.       (line 26)
* help:                                  Using pinentry.       (line 15)
* lc-ctype:                              Using pinentry.       (line 46)
* lc-messa:                              Using pinentry.       (line 46)
* no-global-grab:                        Using pinentry.       (line 26)
* parent-wid:                            Using pinentry.       (line 32)
* timeout:                               Using pinentry.       (line 36)
* ttyname:                               Using pinentry.       (line 46)
* ttytype:                               Using pinentry.       (line 46)
* version:                               Using pinentry.       (line 12)
File: pinentry.info,  Node: Index,  Prev: Option Index,  Up: Top
Index
*****

* Menu:
* GPL, GNU General Public License:       Copying.               (line 6)
* introduction:                          Top.                   (line 6)