Fix needed for communication with gpg-agent

[Richard Stallman]

Would someone please implement this code, needed for correct
redisplay after running pinentry?  Then please ack.

------- Start of forwarded message -------
From: Werner Koch <address@hidden>
To: address@hidden
Subject: Redraw after calling gpg (was: [bug] PGG shows ?? when prompt for 
passphrase)
CC: address@hidden
Organisation: g10 Code GmbH
Date: Wed, 14 Feb 2007 19:02:56 +0100
In-Reply-To: <address@hidden> (Richard Stallman's message
        of "Fri\, 09 Feb 2007 18\:49\:11 -0500")
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed 
        version=3.0.4

On Sat, 10 Feb 2007 00:49, address@hidden said:

> Can you write a self-contained proposal?  I will forward it to the
> other Emacs developers to ask someone to implement it or suggest
> changes.

gpg-agent is a tool to take care of passphrase caching, private key
operations and smart card access.  It works as a dameon started for
eahc user and calls a tool called Pinentry if it requires input from
the user (Passphrase or PIN).  This works very well on X11 as Pinentry
can create its own windows soley under its own control.

Without X, Pinentry falls back to a curses implementation (there is
also a curses only version of Pinentry).  This works pretty reliable
but poses one problem: The screen needs a redraw as there is no
portable way to save and restore the old screen content.  What can be
done is to redraw the screen every time after calling a crypto
operation which uses gpg or gpgsm.  This is of course not optimal as
in most cases the passphrase has been cached and an expensive redraw
is not required.

To solve this problem the latest SVN Pinentry (-r 155) and GnuPG (-r
4434) have a new feature: Pinentry will touch a file if the curses
version has been used right before returning control to gpg-agent and
eventually to the calling appliaction.  The file we touch is by
default the socket gpg-agent is listening fro requests by gpg or
gpgsm.

An application calling gpg and expecting thyat a pinentry might pop up
(i.e. signing or decrypting) should record the mtime of the socket
file and compare that after the call to gpg.  If it changed a redraw
should be done.  What a applaiction needs to do:

  1. Get the value of the envvar GPG_AGENT_INFO.  This envvar is set by
     gpg-agent and the central information on how to access gpg-agent.
     It works similar to the way ssh-agent works.  Example:
  
       $ echo $GPG_AGENT_INFO
       /tmp/gpg-0Hg6cf/S.gpg-agent:22391:1
  
  2. Parse that value and pass the first part to file-attributes.
     Record the mtime.
  
  3. Call gpg or gpgsm
  
  4. Do a file-attributes again on that file and compare the mtime
     against the recorded one.
  
  5. It there is a mismatch a redraw should be done.
  

Cronjobs invoking gpg (or ssh when --enable-ssh-support is used with
gpg-agent) might also lead to a pinentry pop up.  We can't do much
about this but I don't think that it is a real problem.  Such a
Pinentry will only pop up rarely and hitting C-l is much easier than
any other method.

if you want to test this system and are using X, you can add a line
like

  pinentry-program /usr/local/bin/pinentry-curses

into ~/.gnupg/gpg-agent.conf and give gpg-agent a HUP.


Salam-Shalom,

   Werner
------- End of forwarded message -------