[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix needed for communication with gpg-agent
From: |
Sascha Wilde |
Subject: |
Re: Fix needed for communication with gpg-agent |
Date: |
Thu, 22 Feb 2007 23:00:49 +0100 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.93 (gnu/linux) |
Chong Yidong <address@hidden> wrote:
> Werner Koch <address@hidden> writes:
>
>>> Admittedly, it is a rather naughty solution: GPG is called through an
>>> elisp terminal (as implemented by `make-term' in term.el), with a
>>> modified process filter whose purpose is to send GPG the string to be
>>
>> With all that code running in emacs, I doubt that it makes sense at
>> all to use the curses versions of Pinentry.
>
> In that case, I think Emacs should disable use of gpg-agent when
> running in a console, except when gpg-agent already has a passphrase
> cached. Then all we need is some method for Emacs to determine if the
> necessary passphrase is cached.
Even if it is possible to determine this (I don't know right now),
there is an additional problem: the key caching of the gpg-agent
times out after an configurable interval, so after that time emacs
would suddenly stop using the agent -- this sounds like undesirable to
me...
> If gpg-agent does not have the
> passphrase, Emacs will then prompting for the passphrase and send it
> to GPG, without caching it in Elisp (i.e. subsequent calls to GPG will
> require entering the passphrase again).
I think this suggestion is based on a misunderstanding -- the security
problems in the current implementation (when not using gpg-agent) has
nothing to do with caching, it comes form the fact, that emacs writes
the the passphrase to an temporary file (which is then feed to gpg).
>> Is it possible to enhance server-start/emacsclient so that it does not
>> edit a file but asks for string and returns that one? Pinentry could
>> then use this feature for user interaction.
>
> I'm not sure how this suggestion could work.
I haven't fully understood this idea, too. In general I doubt, that
it is an good idea to make gpg-agent depend on an running emacs for
passphrase input -- even if many emacs users are using emacs as there
primary working environment and therefor have it running all the
time -- not everyone does...
cheers
sascha
--
Sascha Wilde
Life's too short to read boring signatures
- Re: Fix needed for communication with gpg-agent, (continued)
Re: Fix needed for communication with gpg-agent, Miles Bader, 2007/02/19
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/19
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Werner Koch, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent,
Sascha Wilde <=
- Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/22
- Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
- Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/23
Re: Fix needed for communication with gpg-agent, Sascha Wilde, 2007/02/23
Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/24
Re: Fix needed for communication with gpg-agent, Chong Yidong, 2007/02/25
Re: Fix needed for communication with gpg-agent, Andreas Schwab, 2007/02/25
Re: Fix needed for communication with gpg-agent, David Kastrup, 2007/02/25
Re: Fix needed for communication with gpg-agent, Richard Stallman, 2007/02/25