[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: interjecting a custom epa passphrase prompt

From: ken manheimer
Subject: Re: interjecting a custom epa passphrase prompt
Date: Sun, 5 Dec 2010 12:51:53 -0500

On Wed, Dec 1, 2010 at 9:26 PM, Daiki Ueno <address@hidden> wrote:
> ken manheimer <address@hidden> writes:
> > i am trying to use 'epg-context-set-passphrase-callback' to adjust the
> > context for encryption to try to interject my own prompting, but it's
> > having no effect.
> Most likely you are using GnuPG 2, which does not ask passphrase on tty
> or on status FD, unlike GnuPG 1.  Try:
> $ gpg --version

you're right, i was using gnupg v2.

> Assuming that:
> > has all provision for custom passphrase prompting in epg been
> > eliminated?
> Still you could use GnuPG 1 for your custom passphrase prompting, since
> GnuPG 2 is not a newer version of GnuPG, but a separate product.

well, i'm surprised!  the passphrase callback does become effective
when i switch to using gnupg v1.  i'm very glad i have an avenue to
preserve the allout features.  it's a mixed situation, though,
requiring user intervention make a configuration choice that has
unclear security and other implications.

i think i understand that epg design decision, though - epg uses the
discretion for prompting that the underlying gnupg implementation
makes available, in a sense deferring responsibility for that security
exposure to that underlying gnupg implementation.

i guess i can tell allout users that they can get passphrase hinting
and verification if they configure epg to use gnupg v1 rather than
gnupg v2, but to realize that that involves passphrase handling in
emacs lisp code, which is more susceptible to subvention than
containing it solely in the gnupg execution.

one thing i notice would have been helpful would be to have some clear
warning about this underlying gnupg behavior dependence in the epg.el
code, somehow associated with the passphrase callback code.  if
situated well and clearly, this could help developers using the epg
library a lot in making choices connected with somewhat special uses
like mine, in allout.

i want to thank you very much for the speedy response, by the way!
that was very helpful - i could quickly confirm that i could reap some
results from my efforts to that point, and continue forward, which was
very reassuring.  i'm sorry i didn't reply sooner - the little time i
had available was spent confirming and scoping out how i would use the
passphrase callback.  i hope to have some more time, soon, to complete
allout's switchover to epg.

> Regards,
> --
> Daiki Ueno


reply via email to

[Prev in Thread] Current Thread [Next in Thread]