Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <address@hidden> wrote:

[pgg-gpg-update-agent won't work on pre 22 emacsen]

>> Given that this function probably won't be used at all if Daiki's idea
>> is implemented, I think we should remove the function for now.
>> Daiki's approach (if I understand it correctly) of not second-guessing
>> what parameters gpg will need is more reliable than this approach,
>> even if this approach would work fine on all emacsen.
>
> I removed the function.  The end result is this:
>
> 1) People who don't use the agent don't have to do anything, this is
>    as before.
>
> 2) People who use the agent must enable pgg-gpg-use-agent manually.
>    This is better than before, because the agent didn't work at all
>    with pgg then.
>
> 3) People who use the agent must make sure the agent is still running
>    (or disable the variable temporarily, or re-start the agent and
>    fixing the environment variable using M-x setenv).

Could you please leave it in the GNU Emacs CVS, where it actually
works as intended?

> If/when Daiki's idea (as I understand it) is implemented, the end
> result will be:
>
> *) Pgg will invoke gpg and then figure out whether a passphrase is
>    needed and only at that point query for it.  This will work
>    regardless of whether the agent is used, whether a passphrase is
>    required or not, or whether a pin code is required.  The user
>    doesn't have to fiddle with any variable.

I don't think so.  While I'm sure, that Daiki's idea -- once it
works -- will handle certain situations better than mine, there will
still be the need for an variable enabling the user to turn of any use
of the agent.

Here is an example[0] from my own experience:

- A user logs in on machine 'A' and starts the gpg-agent.
- He leaves the machine, but stays logged in...
- Now he uses machine 'B' to log in on machine 'A':
  the environment is setup to use the already running gpg-agent
  (automatically, in an login script)
- He starts Emacs/Gnus and tries to sign, decrypt whatever...
- The agent runs and is working, everything seems fine, but the user
  isn't queried for the passphrase ... what happened?
- The User _is_ actually queried, but the pinentry program is started
  on the X11 Display or tty of machine 'A'.

I think this is a design problem of the gpg-agent.  And yes, there are
several ways to circumvent this problem, but I think it would be very
convenient, if I could tell pgg to just ignore any agent and ask for
the passphrase.

Even gpg itself doesn't use an available agent automatically, but only
when it's asked to (by setting --use-agent) and I think this is a good
decision.

cheers
sascha

[0] actually, the simple example of emacs running an a text console
    which I used before, was totally wrong -- it works just fine as I
    tested a few minutes ago...  :-)
-- 
Sascha Wilde
Wer HTML postet oder gepostetes HTML quotet oder sich gepostetes oder
gequotetes HTML beschafft, um es in Verkehr zu bringen, wird geplonkt.