GNOME Bugzilla – Bug 701965
Seahorse changes PGP private key passphrase without asking for confirmation
Last modified: 2018-08-03 19:26:40 UTC
Using the function to change one's private PGP key's passphrase, Seahorse will first prompt for the current passphrase to be entered, to verify the person's identity, but will then only ask the new passphrase once, not twice as would be expected and reasonable. Thus, if the user makes but a single typo, they will lose control of their private key. Furthermore, the new passphrase entered is masked when typed, so the user is likeley to not even see they have mistyped. Before changing the passphrase, Seahorse should warn users to keep backups of their keys in a safe place. While changing it it should clearly ask the user to retype their passphrase, to guard against any typos or mistakes.
Also, after checking, gpg itself requires the user to first type their current passphrase, then their new passphrase twice and *then* asks for confirmation to save changes.
Created attachment 354245 [details] gfg
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/seahorse/issues/79.