[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix needed for communication with gpg-agent

From: Sascha Wilde
Subject: Re: Fix needed for communication with gpg-agent
Date: Thu, 22 Feb 2007 23:00:49 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux)

Chong Yidong <address@hidden> wrote:

> Werner Koch <address@hidden> writes:
>>> Admittedly, it is a rather naughty solution: GPG is called through an
>>> elisp terminal (as implemented by `make-term' in term.el), with a
>>> modified process filter whose purpose is to send GPG the string to be
>> With all that code running in emacs, I doubt that it makes sense at
>> all to use the curses versions of Pinentry.
> In that case, I think Emacs should disable use of gpg-agent when
> running in a console, except when gpg-agent already has a passphrase
> cached.  Then all we need is some method for Emacs to determine if the
> necessary passphrase is cached.

Even if it is possible to determine this (I don't know right now),
there is an additional problem:  the key caching of the gpg-agent
times out after an configurable interval, so after that time emacs
would suddenly stop using the agent -- this sounds like undesirable to

> If gpg-agent does not have the
> passphrase, Emacs will then prompting for the passphrase and send it
> to GPG, without caching it in Elisp (i.e. subsequent calls to GPG will
> require entering the passphrase again).

I think this suggestion is based on a misunderstanding -- the security
problems in the current implementation (when not using gpg-agent) has
nothing to do with caching, it comes form the fact, that emacs writes
the the passphrase to an temporary file (which is then feed to gpg).

>> Is it possible to enhance server-start/emacsclient so that it does not
>> edit a file but asks for string and returns that one?  Pinentry could
>> then use this feature for user interaction.
> I'm not sure how this suggestion could work.

I haven't fully understood this idea, too.  In general I doubt, that
it is an good idea to make gpg-agent depend on an running emacs for
passphrase input -- even if many emacs users are using emacs as there
primary working environment and therefor have it running all the
time -- not everyone does...

Sascha Wilde
Life's too short to read boring signatures

reply via email to

[Prev in Thread] Current Thread [Next in Thread]