From: Ted Zlatanov <tzz@lifelogs.com>
To: 15553@debbugs.gnu.org
Cc: ueno@gnu.org
Subject: bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files
Date: Mon, 07 Oct 2013 21:01:06 -0400 [thread overview]
Message-ID: <874n8szict.fsf@flea.lifelogs.com> (raw)
In-Reply-To: <87a9ikwsbi.fsf-ueno-ueno@gnu.org> (Daiki Ueno's message of "Tue, 08 Oct 2013 08:54:17 +0900")
On Tue, 08 Oct 2013 08:54:17 +0900 Daiki Ueno <ueno@gnu.org> wrote:
DU> Teodor Zlatanov <tzz@lifelogs.com> writes:
>> 1. Install GnuPG 2.x, don't run gpg-agent
>> 2. Open file.gpg, X or curses pinentry dialog pops up
>>
>> The suggested workaround is to run gpg-agent.
DU> So you can workaround, what's your problem?
See below.
>> Problems:
>>
>> - on a headless server this can lock up Emacs
DU> Not a problem if you use the workaround.
>> - if the GPG agent is dead, locked up, or not running, there's no remedy
DU> Ditto.
Look. gpg-agent is an external daemon. Kill it manually or it dies
accidentally or it blocks for whatever reason. Now the user has no
access to their secret data and Emacs could even completely lock up.
You're assuming access to a resource that you can't verify (gpg-agent).
Or rather, GnuPG is depending on it.
>> - there's no way to avoid the prompt in favor of an Emacs minibuffer query
DU> As I said a number of times, that degrades security. If the insecurity
DU> is okay for you, what's the reason you want to use GnuPG 2.x rather than
DU> GnuPG 1.x?
I'd rather not use either but have no choice right now. I would like to
avoid the GnuPG dependency altogether as I've explained. Anyhow, I was
hoping that GnuPG 2.x can provide a special option (as we've discussed
that you could propose) to make this possible. If that's not your
interest, then let's just call this one done as a "user misunderstanding
of basic security" or whatever you like.
Thanks for your time
Ted
next prev parent reply other threads:[~2013-10-08 1:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-07 18:03 bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files Teodor Zlatanov
2013-10-07 23:54 ` Daiki Ueno
2013-10-08 1:01 ` Ted Zlatanov [this message]
2013-10-08 1:43 ` Daiki Ueno
2013-10-08 3:27 ` Stefan Monnier
2013-10-08 7:07 ` Daiki Ueno
2013-10-08 16:57 ` Stefan Monnier
2013-10-09 0:39 ` Daiki Ueno
2013-10-09 3:05 ` Stefan Monnier
2013-10-09 4:10 ` Daiki Ueno
2013-10-10 0:33 ` Stefan Monnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874n8szict.fsf@flea.lifelogs.com \
--to=tzz@lifelogs.com \
--cc=15553@debbugs.gnu.org \
--cc=ueno@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).