1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
|
This is pinentry.info, produced by makeinfo version 6.3 from
pinentry.texi.
INFO-DIR-SECTION GNU Utilities
START-INFO-DIR-ENTRY
* pinentry: (pinentry). Securely ask for a passphrase or PIN.
END-INFO-DIR-ENTRY
This file documents the use and the internals of the PINENTRY.
This is edition 1.1.0, last updated 3 December 2017, of 'The
'PINEntry' Manual', for version 1.1.0.
Published by g10 Code GmbH
Hüttenstr. 61
40699 Erkrath, Germany
Copyright (C) 2002, 2005, 2015 g10 Code GmbH
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version. The text of the license can be found in the
section entitled "Copying".
File: pinentry.info, Node: Top, Next: Using pinentry, Up: (dir)
Introduction
************
This manual documents how to use the PINENTRY and its protocol.
The PINENTRY is a small GUI application used to enter PINs or
passphrases. It is usually invoked by GPG-AGENT (*note Invoking the
gpg-agent: (gnupg)Invoking GPG-AGENT, for details).
PINENTRY comes in several flavors to fit the look and feel of the
used GUI toolkit: A GTK+ based one named 'pinentry-gtk'; a QT based one
named 'pinentry-qt'; and, two non-graphical ones 'pinentry-curses',
which uses curses, and 'pinentry-tty', which doesn't require anything
more than a simple terminal. Not all of them are necessarily available
on your installation. If curses is supported on your system, the
GUI-based flavors fall back to curses when the 'DISPLAY' variable is not
set.
* Menu:
* Using pinentry:: How to use the beast.
* Front ends:: Description and comparison of the front ends
Developer information
* Protocol:: The Assuan protocol description.
* Implementation Details:: For those extending or writing a new pinentry.
Miscellaneous
* Copying:: GNU General Public License says
how you can copy and share PIN-Entry
as well as this manual.
Indices
* Option Index:: Index to command line options.
* Index:: Index of concepts and symbol names.
File: pinentry.info, Node: Using pinentry, Next: Front ends, Prev: Top, Up: Top
1 How to use the PINENTRY
*************************
You may run PINENTRY directly from the command line and pass the
commands according to the Assuan protocol via stdin/stdout.
Here is a list of options supported by all flavors of pinentry:
'--version'
Print the program version and licensing information.
'--help'
Print a usage message summarizing the most useful command line
options.
'--debug'
'-d'
Turn on some debugging. Mostly useful for the maintainers. Note
that this may reveal sensitive information like the entered
passphrase.
'--no-global-grab'
'-g'
Grab the keyboard only when the window is focused. Use this option
if you are debugging software using the PINENTRY; otherwise you may
not be able to to access your X session anymore (unless you have
other means to connect to the machine to kill the PINENTRY).
'--parent-wid N'
Use window ID N as the parent window for positioning the window.
Note, that this is not fully supported by all flavors of PINENTRY.
'--timeout SECONDS'
Give up waiting for input from the user after the specified number
of seconds and return an error. The error returned is the same as
if the Cancel button was selected. To disable the timeout and wait
indefinitely, set this to 0, which is the default.
'--display STRING'
'--ttyname STRING'
'--ttytype STRING'
'--lc-ctype STRING'
'--lc-messages STRING'
These options are used to pass localization information to
PINENTRY. They are required because PINENTRY is usually called by
some background process which does not have any information about
the locale and terminal to use. It is also possible to pass these
options using Assuan protocol options.
File: pinentry.info, Node: Front ends, Next: Protocol, Prev: Using pinentry, Up: Top
2 Front Ends
************
There are several different flavors of PINENTRY. Concretely, there are
Gtk+2, Qt 4, Gnome 3, Emacs, curses and tty variants. These different
implementations provide higher levels of integration with a specific
environment. For instance, the Gnome 3 PINENTRY uses Gnome 3 widgets to
display the prompts. For Gnome 3 users, this higher level of
integration provides a more consistent aesthetic. However, this comes
at a cost. Because this PINENTRY uses so many components, there is a
larger chance of a failure. In particular, there is a larger chance
that the passphrase is saved in memory and that memory is exposed to an
attacker (consider the OpenSSL Heartbeat vulnerability).
To understand how many components touch the passphrase, consider
again the Gnome 3 implementation. When a user presses a button on the
keyboard, the key is passed from the kernel to the X server to the
toolkit (Gtk+) and to the actual text entry widget. Along the way, the
key is saved in memory and processed. In fact, the key presses are
probably read using standard C library functions, which buffer the
input. None of this code is careful to make sure the contents of the
memory are not leaked by keeping the data in unpagable memory and wiping
it when the buffer is freed. However, even if they did, there is still
the problem that when a computer hibernates, the system writes unpagable
memory to disk anyway. Further, many installations are virtualized
(e.g., running on Xen) and have little control over their actual
environment.
The curses variant uses a significant smaller software stack and the
tty variant uses an even smaller one. However, if they are run in an
X terminal, then a similar number of components are handling the
passphrase as in the Gnome 3 case! Thus, to be most secure, you need to
direct GPG Agent to use a fixed virtual console. Since you need to
remain logged in for GPG Agent to use that console, you should run there
and have 'screen' or 'tmux' lock the tty.
The Emacs pinentry implementation interacts with a running Emacs
session and directs the Emacs instance to display the passphrase prompt.
Since this doesn't work very well if there is no Emacs running, the
generic PINENTRY backend checks if a PINENTRY-enabled Emacs should be
used. Specifically, it looks to see if the 'INSIDE_EMACS' variable is
set and then attempts to establish a connection to the specified
address. If this is the case, then instead of, e.g., 'pinentry-gtk2'
displaying a Gtk+2 pinentry, it interacts with the Emacs session. This
functionality can be explicitly disabled by passing
'--disable-inside-emacs' to 'configure' when building PINENTRY.
Having Emacs get the passphrase is convenient, however, it is a
significant security risk. Emacs is a huge program, which doesn't
provide any process isolation to speak of. As such, having it handle
the passphrase adds a huge chunk of code to the user's trusted computing
base. Because of this concern, Emacs doesn't enable this by default,
unless the 'allow-emacs-pinentry' option is explicitly set in his or her
'.gnupg/gpg-agent.conf' file.
Similar to the inside-emacs check, the PINENTRY frontends check
whether the 'DISPLAY' variable is set and a working X server is
available. If this is not the case, then they fallback to the curses
front end. This can also be disabled by passing
'--disable-fallback-curses' to 'configure' at build time.
File: pinentry.info, Node: Protocol, Next: Implementation Details, Prev: Front ends, Up: Top
3 PINENTRY's Assuan Protocol
****************************
The PINENTRY should never service more than one connection at once. It
is reasonable to exec the PINENTRY prior to a request.
The PINENTRY does not need to stay in memory because the GPG-AGENT
has the ability to cache passphrases. The usual way to run the PINENTRY
is by setting up a pipe (not a socket) and then fork/exec the PINENTRY.
The communication is then done by means of the protocol described here
until the client is satisfied with the result.
Although it is called a PINENTRY, it allows entering reasonably long
strings (strings that are up to 2048 characters long are supported by
every pinentry). The client using the PINENTRY has to check for
correctness.
Note that all strings are expected to be encoded as UTF-8; PINENTRY
takes care of converting it to the locally used codeset. To include
linefeeds or other special characters, you may percent-escape them
(e.g., a line feed is encoded as '%0A', the percent sign itself is
encoded as '%25', etc.).
The following is a list of supported commands:
'Set the timeout before returning an error'
C: SETTIMEOUT 30
S: OK
'Set the descriptive text to display'
C: SETDESC Enter PIN for Richard Nixon <nobody@trickydicky.gov>
S: OK
'Set the prompt to show'
When asking for a PIN, set the text just before the widget for
passphrase entry.
C: SETPROMPT PIN:
S: OK
You should use an underscore in the text only if you know that a
modern version of pinentry is used. Modern versions underline the
next character after the underscore and use the first such
underlined character as a keyboard accelerator. Use a double
underscore to escape an underscore.
'Set the window title'
This command may be used to change the default window title. When
using this feature you should take care that the window is still
identifiable as the pinentry.
C: SETTITLE Tape Recorder Room
S: OK
'Set the button texts'
There are three texts which should be used to override the English
defaults:
To set the text for the button signaling confirmation (in UTF-8).
See SETPROMPT on how to use an keyboard accelerator.
C: SETOK Yes
S: OK
To set the text for the button signaling cancellation or
disagreement (in UTF-8). See SETPROMPT on how to use an keyboard
accelerator.
C: SETCANCEL No
S: OK
In case three buttons are required, use the following command to
set the text (UTF-8) for the non-affirmative response button. The
affirmative button text is still set using SETOK and the CANCEL
button text with SETCANCEL. See SETPROMPT on how to use an keyboard
accelerator.
C: SETNOTOK Do not do this
S: OK
'Set the Error text'
This is used by the client to display an error message. In
contrast to the other commands, the error message is automatically
reset with a GETPIN or CONFIRM, and is only displayed when asking
for a PIN.
C: SETERROR Invalid PIN entered - please try again
S: OK
'Enable a passphrase quality indicator'
Adds a quality indicator to the GETPIN window. This indicator is
updated as the passphrase is typed. The clients needs to implement
an inquiry named "QUALITY" which gets passed the current passphrase
(percent-plus escaped) and should send back a string with a single
numerical value between -100 and 100. Negative values will be
displayed in red.
C: SETQUALITYBAR
S: OK
If a custom label for the quality bar is required, just add that
label as an argument as a percent-escaped string. You will need
this feature to translate the label because PINENTRY has no
internal gettext except for stock strings from the toolkit library.
If you want to show a tooltip for the quality bar, you may use
C: SETQUALITYBAR_TT string
S: OK
With STRING being a percent escaped string shown as the tooltip.
'Ask for a PIN'
The meat of this tool is to ask for a passphrase of PIN, it is done
with this command:
C: GETPIN
S: D no more tapes
S: OK
Note that the passphrase is transmitted in clear using standard
data responses. Expect it to be in UTF-8.
'Ask for confirmation'
To ask for a confirmation (yes or no), you can use this command:
C: CONFIRM
S: OK
The client should use SETDESC to set an appropriate text before
issuing this command, and may use SETPROMPT to set the button
texts. The value returned is either OK for YES or the error code
'ASSUAN_Not_Confirmed'.
'Show a message'
To show a message, you can use this command:
C: MESSAGE
S: OK
alternatively you may add an option to confirm:
C: CONFIRM --one-button
S: OK
The client should use SETDESC to set an appropriate text before
issuing this command, and may use SETOK to set the text for the
dismiss button. The value returned is OK or an error message.
'Set the output device'
When using X, the PINENTRY program must be invoked with an
appropriate 'DISPLAY' environment variable or the '--display'
option.
When using a text terminal:
C: OPTION ttyname=/dev/tty3
S: OK
C: OPTION ttytype=vt100
S: OK
C: OPTION lc-ctype=de_DE.UTF-8
S: OK
The client should use the 'ttyname' option to set the output TTY
file name, the 'ttytype' option to the 'TERM' variable appropriate
for this tty and 'lc-ctype' to the locale which defines the
character set to use for this terminal.
'Set the default strings'
To avoid having translations in Pinentry proper, the caller may set
certain translated strings which are used by PINENTRY as default
strings.
C: OPTION default-ok=_Korrekt
S: OK
C: OPTION default-cancel=Abbruch
S: OK
C: OPTION default-prompt=PIN eingeben:
S: OK
The strings are subject to accelerator marking, see SETPROMPT for
details.
'Passphrase caching'
Some environments, such as GNOME, cache passwords and passphrases.
The PINENTRY should only use an external cache if the
'allow-external-password-cache' option was set and a stable key
identifier (using SETKEYINFO) was provided. In this case, if the
passphrase was read from the cache, the PINENTRY should send the
'PASSWORD_FROM_CACHE' status message before returning the
passphrase. This indicates to GPG Agent that it should not
increment the passphrase retry counter.
C: OPTION allow-external-password-cache
S: OK
C: SETKEYINFO key-grip
S: OK
C: getpin
S: S PASSWORD_FROM_CACHE
S: D 1234
C: OK
Note: if 'allow-external-password-cache' is not specified, an
external password cache must not be used: this can lead to subtle
bugs. In particular, if this option is not specified, then GPG
Agent does not recognize the 'PASSWORD_FROM_CACHE' status message
and will count trying a cached password against the password retry
count. If the password retry count is 1, then the user will never
have the opportunity to correct the cached password.
Note: it is strongly recommended that a pinentry supporting this
feature provide the user an option to enable it manually. That is,
saving a passphrase in an external password manager should be
opt-in.
The key identifier provided SETKEYINFO must be considered opaque
and may change in the future. It currently has the form
'X/HEXSTRING' where 'X' is either 'n', 's', or 'u'. In the former
two cases, the HEXSTRING corresponds to the key grip. The key grip
is not the OpenPGP Key ID, but it can be mapped to the key using
the following:
# gpg2 --with-keygrip --list-secret-keys
and searching the output for the key grip. The same command-line
options can also be used with gpgsm.
File: pinentry.info, Node: Implementation Details, Next: Copying, Prev: Protocol, Up: Top
4 Implementation Details
************************
The pinentry source code can be divided into three categories. There is
a backend module, which lives in 'pinentry/', there are utility
functions, e.g., in 'secmem/', and there are various frontends.
All of the low-level logic lives in the backend. This frees the
frontends from having to implement, e.g., the Assuan protocol. When the
backend receives an option, it updates the state in a 'pinentry_t'
struct. The frontend is called when the client either calls 'GETPIN',
'CONFIRM' or 'MESSAGE'. In these cases, the backend invokes the
'pinentry_cmd_handler', which is passed the 'pinentry_t' struct.
When the callback is invoked, the frontend should create a window
based on the state in the 'pinentry_t' struct. For instance, the title
to use for the dialog's window (if any) is stored in the 'title' field.
If the is 'NULL', the frontend should choose a reasonable default value.
(Default is not always provided, because different tool kits and
environments have different reasonable defaults.)
The widget needs to support a number of different interactions with
the user. Each of them is described below.
'Passphrase Confirmation'
When creating a new key, the passphrase should be entered twice.
The client (typically GPG Agent) indicates this to the PINENTRY by
invoking 'SETREPEAT'. In this case, the backend sets the
'repeat_passphrase' field to a copy of the passed string. The
value of this field should be used to label a second text input.
It is the frontend's responsibility to check that the passwords
match. If they don't match, the frontend should display an error
message and continue to prompt the user.
If the passwords do match, then, when the user presses the okay
button, the 'repeat_okay' field should be set to '1' (this causes
the backend to emit the 'S PIN_REPEATED' status message).
'Message Box'
Sometimes GPG Agent needs to display a message. In this case, the
'pin' variable is 'NULL'.
At the Assuan level, this mode is selected by using either the
'MESSAGE' or the 'CONFIRM' command instead of the 'GETPIN' command.
The 'MESSAGE' command never shows the cancel or an other button.
The same holds for 'CONFIRM' if it was passed the "-one-button"
argument. If 'CONFIRM' was not passed this argument, the dialog
for 'CONFIRM' should show both the 'ok' and the 'cancel' buttons
and optionally the 'notok' button. The frontend can determine
whether the dialog is a one-button dialog by inspecting the
'one_button' variable.
'Passphrase Entry'
If neither of the above cases holds, then GPG Agent is simply
requesting the passphrase. In this case, the 'ok' and 'cancel'
buttons should be displayed.
The layout of the three variants is quite similar. Here are the
relevant elements that describe the layout:
'title'
The window's title.
'description'
The reason for the dialog. When requesting a passphrase, this
describes the key. When showing a message box, this is the message
to show.
'error'
If GPG Agent determines that the passphrase was incorrect, it will
call 'GETPIN' again (up to a configurable number of times) to again
prompt the user. In this case, this variable contains a
description of the error message. This text should typically be
highlighted in someway.
'prompt, default-prompt'
The string to associate with the passphrase entry box.
There is a subtle difference between 'prompt' and 'default-prompt'.
'default-prompt' means that a stylized prompt (e.g., an icon
suggesting a prompt) may be used. 'prompt' means that the entry's
meaning is not consistent with such a style and, as such, no icon
should be used.
If both variables are set, the 'prompt' variant takes precedence.
'repeat_passphrase'
The string to associate with the second passphrase entry box. The
second passphrase entry box should only be shown if this is not
'NULL'.
'ok, default-ok'
The string to show in the 'ok' button.
If there are any '_' characters, the following character should be
used as an accelerator. (A double underscore means a plain
underscore should be shown.) If the frontend does not support
accelerators, then the underscores should be removed manually.
There is a subtle difference between 'ok' and 'default-ok'.
'default-ok' means that a stylized OK button should be used. For
instance, it could include a check mark. 'ok' means that the
button's meaning is not consistent with such an icon and, as such,
no icon should be used. Thus, if the 'ok' button should have the
text "No password required" then 'ok' should be used because a
check mark icon doesn't make sense.
If this variable is 'NULL', the frontend should choose a reasonable
default.
If both variables are set, the 'ok' variant takes precedence.
'cancel, default-cancel'
Like the 'ok' and 'default-ok' buttons except these strings are
used for the cancel button.
This button should not be shown if 'one_button' is set.
'default-notok' Like the 'default-ok' button except this string is
used for the other button.
This button should only be displayed when showing a message box.
If these variables are 'NULL' or 'one_button' is set, this button
should not be displayed.
'quality_bar'
If this is set, a widget should be used to show the password's
quality. The value of this field is a label for the widget.
Note: to update the password quality, whenever the password
changes, call the 'pinentry_inq_quality' function and then update
the password quality widget correspondingly.
'quality_bar_tt'
A tooltip for the quality bar.
'default_pwmngr'
If 'may_cache_password' and 'keyinfo' are set and the user
consents, then the PINENTRY may cache the password with an external
manager. Note: getting the user's consent is essential, because
password managers often provide a different level of security. If
the above condition is true and 'tried_password_cache' is false,
then a check box with the specified string should be displayed.
The check box must default to off.
'default-cf-visi'
The string to show with a question if you want to confirm that the
user wants to change the visibility of the password.
'default-tt-visi'
Tooltip for an action that would reveal the entered password.
'default-tt-hide'
Tooltip for an action that would hide the password revealed by the
action labeld with 'default-tt-visi'
When the handler is done, it should store the passphrase in 'pin', if
appropriate. This variable is allocated in secure memory. Use
'pinentry_setbufferlen' to size the buffer.
The actual return code is dependent on whether the dialog is in
message mode or in passphrase mode.
If the dialog is in message mode and the user pressed ok, return 1.
Otherwise, return 0. If an error occurred, indicate this by setting it
in 'specific_err' or setting 'locale_err' to '1' (for locale specific
errors). If the dialog was canceled, then the handler should set the
'canceled' variable to '1'. If the not ok button was pressed, don't do
anything else.
If the dialog is in passphrase mode return '1' if the user entered a
password and pressed ok. If an error occurred, return '-1' and set
'specific_err' or 'locale_err', as above. If the user canceled the
dialog box, return '-1'.
If the window was closed, then the handler should set the
'close_button' variable and otherwise act as if the cancel button was
pressed.
File: pinentry.info, Node: Copying, Next: Option Index, Prev: Implementation Details, Up: Top
GNU General Public License
**************************
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
========
The licenses for most software are designed to take away your freedom to
share and change it. By contrast, the GNU General Public License is
intended to guarantee your freedom to share and change free software--to
make sure the software is free for all its users. This General Public
License applies to most of the Free Software Foundation's software and
to any other program whose authors commit to using it. (Some other Free
Software Foundation software is covered by the GNU Library General
Public License instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software,
and (2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
1. This License applies to any program or other work which contains a
notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program",
below, refers to any such program or work, and a "work based on the
Program" means either the Program or any derivative work under
copyright law: that is to say, a work containing the Program or a
portion of it, either verbatim or with modifications and/or
translated into another language. (Hereinafter, translation is
included without limitation in the term "modification".) Each
licensee is addressed as "you".
Activities other than copying, distribution and modification are
not covered by this License; they are outside its scope. The act
of running the Program is not restricted, and the output from the
Program is covered only if its contents constitute a work based on
the Program (independent of having been made by running the
Program). Whether that is true depends on what the Program does.
2. You may copy and distribute verbatim copies of the Program's source
code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any
warranty; and give any other recipients of the Program a copy of
this License along with the Program.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange
for a fee.
3. You may modify your copy or copies of the Program or any portion of
it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a. You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b. You must cause any work that you distribute or publish, that
in whole or in part contains or is derived from the Program or
any part thereof, to be licensed as a whole at no charge to
all third parties under the terms of this License.
c. If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display
an announcement including an appropriate copyright notice and
a notice that there is no warranty (or else, saying that you
provide a warranty) and that users may redistribute the
program under these conditions, and telling the user how to
view a copy of this License. (Exception: if the Program
itself is interactive but does not normally print such an
announcement, your work based on the Program is not required
to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the
Program, and can be reasonably considered independent and separate
works in themselves, then this License, and its terms, do not apply
to those sections when you distribute them as separate works. But
when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on
the terms of this License, whose permissions for other licensees
extend to the entire whole, and thus to each and every part
regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or
contest your rights to work written entirely by you; rather, the
intent is to exercise the right to control the distribution of
derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the
Program with the Program (or with a work based on the Program) on a
volume of a storage or distribution medium does not bring the other
work under the scope of this License.
4. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms
of Sections 1 and 2 above provided that you also do one of the
following:
a. Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of
Sections 1 and 2 above on a medium customarily used for
software interchange; or,
b. Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange; or,
c. Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with
such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete
source code means all the source code for all modules it contains,
plus any associated interface definition files, plus the scripts
used to control compilation and installation of the executable.
However, as a special exception, the source code distributed need
not include anything that is normally distributed (in either source
or binary form) with the major components (compiler, kernel, and so
on) of the operating system on which the executable runs, unless
that component itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
5. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this
License. However, parties who have received copies, or rights,
from you under this License will not have their licenses terminated
so long as such parties remain in full compliance.
6. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify
or distribute the Program or its derivative works. These actions
are prohibited by law if you do not accept this License.
Therefore, by modifying or distributing the Program (or any work
based on the Program), you indicate your acceptance of this License
to do so, and all its terms and conditions for copying,
distributing or modifying the Program or works based on it.
7. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject
to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted
herein. You are not responsible for enforcing compliance by third
parties to this License.
8. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent
issues), conditions are imposed on you (whether by court order,
agreement or otherwise) that contradict the conditions of this
License, they do not excuse you from the conditions of this
License. If you cannot distribute so as to satisfy simultaneously
your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the
Program at all. For example, if a patent license would not permit
royalty-free redistribution of the Program by all those who receive
copies directly or indirectly through you, then the only way you
could satisfy both it and this License would be to refrain entirely
from distribution of the Program.
If any portion of this section is held invalid or unenforceable
under any particular circumstance, the balance of the section is
intended to apply and the section as a whole is intended to apply
in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of
any such claims; this section has the sole purpose of protecting
the integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is
willing to distribute software through any other system and a
licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed
to be a consequence of the rest of this License.
9. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces,
the original copyright holder who places the Program under this
License may add an explicit geographical distribution limitation
excluding those countries, so that distribution is permitted only
in or among countries not thus excluded. In such case, this
License incorporates the limitation as if written in the body of
this License.
10. The Free Software Foundation may publish revised and/or new
versions of the General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies a version number of this License which applies to
it and "any later version", you have the option of following the
terms and conditions either of that version or of any later version
published by the Free Software Foundation. If the Program does not
specify a version number of this License, you may choose any
version ever published by the Free Software Foundation.
11. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the
author to ask for permission. For software which is copyrighted by
the Free Software Foundation, write to the Free Software
Foundation; we sometimes make exceptions for this. Our decision
will be guided by the two goals of preserving the free status of
all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS
AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR
OR CORRECTION.
13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU
OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY
OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
=============================================
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
ONE LINE TO GIVE THE PROGRAM'S NAME AND AN IDEA OF WHAT IT DOES.
Copyright (C) 19YY NAME OF AUTHOR
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
Also add information on how to contact you by electronic and paper
mail.
If the program is interactive, make it output a short notice like
this when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19YY NAME OF AUTHOR
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details
type `show w'. This is free software, and you are welcome
to redistribute it under certain conditions; type `show c'
for details.
The hypothetical commands 'show w' and 'show c' should show the
appropriate parts of the General Public License. Of course, the
commands you use may be called something other than 'show w' and 'show
c'; they could even be mouse-clicks or menu items--whatever suits your
program.
You should also get your employer (if you work as a programmer) or
your school, if any, to sign a "copyright disclaimer" for the program,
if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright
interest in the program `Gnomovision'
(which makes passes at compilers) written
by James Hacker.
SIGNATURE OF TY COON, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your
program into proprietary programs. If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library. If this is what you want to do, use the
GNU Library General Public License instead of this License.
File: pinentry.info, Node: Option Index, Next: Index, Prev: Copying, Up: Top
Option Index
************
|