Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved GUI prompt configuration #133

Closed
Tomaszal opened this issue Oct 16, 2022 · 2 comments · Fixed by #135
Closed

Improved GUI prompt configuration #133

Tomaszal opened this issue Oct 16, 2022 · 2 comments · Fixed by #135

Comments

@Tomaszal
Copy link

First of all, in my opinion, this is currently by far the best solution for security keys in terms of the balance of simplicity, functionality and security. However, I would love it if the GUI prompts weren't hardcoded. In particular I mean the pinentry executable (which I think can be changed using WithBinaryName) and touch notification delay. It would be great if those things (and other GUI elements if I'm missing any) could be configured through piv-agent serve arguments.
@smlx
Copy link
Owner

smlx commented Oct 18, 2022

First of all, in my opinion, this is currently by far the best solution for security keys in terms of the balance of simplicity, functionality and security.

Thanks!

However, I would love it if the GUI prompts weren't hardcoded. In particular I mean the pinentry executable (which I think can be changed using WithBinaryName) and touch notification delay. It would be great if those things (and other GUI elements if I'm missing any) could be configured through piv-agent serve arguments.

I agree that some of these could be made more configurable. Could you elaborate a bit on your use case? Is there some way that the current configuration doesn't work for you?

@Tomaszal
Copy link
Author

Sure thing. For the pinentry, there are a lot of available options in the $PATH (I'm using EndeavourOS, but I'm sure it's similar on other distributions):

/usr/bin/pinentry
/usr/bin/pinentry-curses
/usr/bin/pinentry-emacs
/usr/bin/pinentry-gnome3
/usr/bin/pinentry-gtk-2
/usr/bin/pinentry-qt
/usr/bin/pinentry-tty

However, the default pinentry executable seems to point to the pinentry-gtk-2 no matter the environment. In KDE, the GTK 2 pinentry interface is quite broken, so it would be nice to be able to tell piv-agent to use the Qt one. Of course it's possible to create a pinentry symlink to pinentry-qt and add it to $PATH so it overrides the default one, but that's not as clean as simply passing an argument to piv-agent serve.

Regarding the touch notification delay, I would simply personally prefer to be instantly told when I need to touch the key, instead waiting 6 seconds before showing the notification. I think I understand why the delay is there in the first place, as it could be seen as kind of a spam notification if you expect to touch it every time you do a certain action. However, as I'm using different touch policies in different places, I'd like to know right away if I have to touch it or not. So I think it would be good if that delay was configurable, as I could simply set it to 0.

@smlx smlx mentioned this issue Oct 21, 2022
Merged
@smlx smlx closed this as completed in #135 Oct 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add configuration options to the serve command smlx/piv-agent
2 participants
@smlx @Tomaszal