[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prom
From: |
Ted Zlatanov |
Subject: |
bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files |
Date: |
Mon, 07 Oct 2013 21:01:06 -0400 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Tue, 08 Oct 2013 08:54:17 +0900 Daiki Ueno <ueno@gnu.org> wrote:
DU> Teodor Zlatanov <tzz@lifelogs.com> writes:
>> 1. Install GnuPG 2.x, don't run gpg-agent
>> 2. Open file.gpg, X or curses pinentry dialog pops up
>>
>> The suggested workaround is to run gpg-agent.
DU> So you can workaround, what's your problem?
See below.
>> Problems:
>>
>> - on a headless server this can lock up Emacs
DU> Not a problem if you use the workaround.
>> - if the GPG agent is dead, locked up, or not running, there's no remedy
DU> Ditto.
Look. gpg-agent is an external daemon. Kill it manually or it dies
accidentally or it blocks for whatever reason. Now the user has no
access to their secret data and Emacs could even completely lock up.
You're assuming access to a resource that you can't verify (gpg-agent).
Or rather, GnuPG is depending on it.
>> - there's no way to avoid the prompt in favor of an Emacs minibuffer query
DU> As I said a number of times, that degrades security. If the insecurity
DU> is okay for you, what's the reason you want to use GnuPG 2.x rather than
DU> GnuPG 1.x?
I'd rather not use either but have no choice right now. I would like to
avoid the GnuPG dependency altogether as I've explained. Anyhow, I was
hoping that GnuPG 2.x can provide a special option (as we've discussed
that you could propose) to make this possible. If that's not your
interest, then let's just call this one done as a "user misunderstanding
of basic security" or whatever you like.
Thanks for your time
Ted
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Teodor Zlatanov, 2013/10/07
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Daiki Ueno, 2013/10/07
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files,
Ted Zlatanov <=
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Stefan Monnier, 2013/10/07
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Daiki Ueno, 2013/10/08
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Stefan Monnier, 2013/10/08
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Daiki Ueno, 2013/10/08
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Stefan Monnier, 2013/10/08
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Daiki Ueno, 2013/10/09
- bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files, Stefan Monnier, 2013/10/09