Merge remote-tracking branch 'origin/pull/11'

* origin/pull/11: agent: Allow password-caching in pinentry
Foxboron · Jul 30, 2023 · c9d2229 · c9d2229
2 parents 1800267 + b30d767
commit c9d2229
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/cmd/ssh-tpm-agent/main.go b/cmd/ssh-tpm-agent/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/sha256"
 	"flag"
 	"fmt"
 	"log"
@@ -84,8 +85,10 @@ func main() {
 		}
 		return tpm
 	}
-	pin := func(_ *key.Key) ([]byte, error) {
-		return pinentry.GetPinentry()
+	pin := func(key *key.Key) ([]byte, error) {
+		keyHash := sha256.Sum256(key.Public.Bytes())
+		keyInfo := fmt.Sprintf("ssh-tpm-agent/%x", keyHash)
+		return pinentry.GetPinentry(keyInfo)
 	}
 	agent.RunAgent(socketPath, tpmFetch, pin)
 }
diff --git a/pinentry/pinentry.go b/pinentry/pinentry.go
@@ -10,9 +10,11 @@ var (
 	ErrPinentryCancelled = errors.New("cancelled pinentry")
 )
 
-func GetPinentry() ([]byte, error) {
+func GetPinentry(keyInfo string) ([]byte, error) {
 	// TODO: Include some additional key metadata
 	client, err := pinentry.NewClient(
+		pinentry.WithCommand("OPTION allow-external-password-cache"),
+		pinentry.WithCommandf("SETKEYINFO %v", keyInfo),
 		pinentry.WithBinaryNameFromGnuPGAgentConf(),
 		pinentry.WithDesc("Enter PIN for TPM key"),
 		pinentry.WithGPGTTY(),