4 files changed, 39 insertions, 3 deletions

diff --git a/agent/agent.h b/agent/agent.h
index a1b37943c..b3e84708c 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -86,10 +86,14 @@ struct
 
   int no_grab;         /* Don't let the pinentry grab the keyboard */
 
-  /* The name of the file pinentry shall tocuh before exiting.  If
-     this is not set the filoe name of the standard socket is used. */
+  /* The name of the file pinentry shall touch before exiting.  If
+     this is not set the file name of the standard socket is used. */
   const char *pinentry_touch_file;
 
+  /* A string where the first character is used by the pinentry as a
+     custom invisible character.  */
+  char *pinentry_invisible_char;
+
   /* The default and maximum TTL of cache entries. */
   unsigned long def_cache_ttl;     /* Default. */
   unsigned long def_cache_ttl_ssh; /* for SSH. */
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index f584ee0ae..9845a0358 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -475,6 +475,21 @@ start_pinentry (ctrl_t ctrl)
       }
   }
 
+  /* Tell the pinentry that we would prefer that the given character
+     is used as the invisible character by the entry widget.  */
+  if (opt.pinentry_invisible_char)
+    {
+      char *optstr;
+      if ((optstr = xtryasprintf ("OPTION invisible-char=%s",
+                                  opt.pinentry_invisible_char)))
+        {
+          assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+                           NULL);
+          /* We ignore errors because this is just a fancy thing and
+             older pinentries do not support this feature.  */
+          xfree (optstr);
+        }
+    }
 
   /* Tell the pinentry the name of a file it shall touch after having
      messed with the tty.  This is optional and only supported by
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 84f8be0a1..f81a2fbd8 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -92,6 +92,7 @@ enum cmd_and_opt_values
 
   oPinentryProgram,
   oPinentryTouchFile,
+  oPinentryInvisibleChar,
   oDisplay,
   oTTYname,
   oTTYtype,
@@ -166,6 +167,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
                 /* */             N_("|PGM|use PGM as the PIN-Entry program")),
   ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
+  ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
   ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
                 /* */             N_("|PGM|use PGM as the SCdaemon program") ),
   ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
@@ -576,6 +578,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.debug_pinentry = 0;
       opt.pinentry_program = NULL;
       opt.pinentry_touch_file = NULL;
+      xfree (opt.pinentry_invisible_char);
+      opt.pinentry_invisible_char = NULL;
       opt.scdaemon_program = NULL;
       opt.def_cache_ttl = DEFAULT_CACHE_TTL;
       opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
@@ -624,6 +628,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 
     case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
     case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
+    case oPinentryInvisibleChar:
+      xfree (opt.pinentry_invisible_char);
+      opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
+      break;
     case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
     case oDisableScdaemon: opt.disable_scdaemon = 1; break;
     case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 62d23bbf1..4e18b9288 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -396,6 +396,12 @@ user may not bypass this check.
 @opindex enable-passphrase-history
 This option does nothing yet.
 
+@item --pinentry-invisible-char @var{char}
+@opindex pinentry-invisible-char
+This option asks the Pinentry to use @var{char} for displaying hidden
+characters.  @var{char} must be one character UTF-8 string.  A
+Pinentry may or may not honor this request.
+
 @item --pinentry-program @var{filename}
 @opindex pinentry-program
 Use program @var{filename} as the PIN entry.  The default is
@@ -703,7 +709,10 @@ started with a configuration file, the configuration file is read
 again.  Only certain options are honored: @code{quiet},
 @code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level},
 @code{debug-pinentry},
-@code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
+@code{no-grab},
+@code{pinentry-program},
+@code{pinentry-invisible-char},
+@code{default-cache-ttl},
 @code{max-cache-ttl}, @code{ignore-cache-for-signing},
 @code{no-allow-external-cache}, @code{allow-emacs-pinentry},
 @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and