From: Ted Zlatanov <tzz@lifelogs.com>
To: Achim Gratz <Stromeko@nexgo.de>
Cc: 9113@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>,
Roland Winkler <winkler@gnu.org>
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Thu, 26 Jan 2012 14:01:39 -0600 [thread overview]
Message-ID: <87bopq6xng.fsf@lifelogs.com> (raw)
In-Reply-To: <87y5suuz85.fsf@Rainer.invalid> (Achim Gratz's message of "Thu, 26 Jan 2012 18:53:46 +0100, Thu, 26 Jan 2012 12:28:47 -0500, Thu, 26 Jan 2012 18:52:25 +0100")
>>> 2) use unencrypted authinfo with encrypted password tokens, which
>>> looks like this:
>>
>>> machine supertest password
>>> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
On Thu, 26 Jan 2012 18:53:46 +0100 Achim Gratz <Stromeko@nexgo.de> wrote:
AG> That looks appealing. Can it work with ssh-agent also?
No, unfortunately.
On Thu, 26 Jan 2012 12:28:47 -0500 Stefan Monnier <monnier@IRO.UMontreal.CA> wrote:
SM> That might be a good option.
It works fairly well but it's hacky, and can't be shared with other
programs. I'd like to implement it with libnettle at least, so it
doesn't depend on the external gpg utility. But yes, we could do this
one and it would work on all platforms with libnettle.
On Thu, 26 Jan 2012 18:52:25 +0100 Lars Ingebrigtsen <larsi@gnus.org> wrote:
LI> Yes. But it will require the user to type in a password to get to the
LI> password. :-) And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.
The encryption doesn't have to be strong. It could use a well-known
secret that the user can override, rather than an actual passphrase, and
then no questions will be asked.
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
Do you mean gpg-agent or the OS keychain? Neither is available on all
platforms consistently.
>> IIRC for 23 the default was to keep the password for the current session
>> and not to store it in any file at all. I think it's a better default
>> than writing it in clear in some file, so at least for 24.1 reverting to
>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
One possible flow:
If the user says `y' then we can ask (if `auth-sources' is 'ask)
"Do you want to keep your passwords in a GPG-encrypted file?"
If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
that EPA/EPG are enabled. If GPG is not available, what do we do? Use
libnettle? Or explain and pretend they said `n'?
If they say `n' then set `auth-sources' to "~/.authinfo".
So it's one extra step. But it is getting unwieldy.
Ted
next prev parent reply other threads:[~2012-01-26 20:01 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-18 3:08 bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Roland Winkler
2012-01-25 20:18 ` Ted Zlatanov
2012-01-26 2:02 ` Stefan Monnier
2012-01-26 15:32 ` Ted Zlatanov
2012-01-26 17:28 ` Stefan Monnier
2012-01-26 17:52 ` Lars Ingebrigtsen
2012-01-26 17:53 ` Achim Gratz
2012-01-26 20:01 ` Ted Zlatanov [this message]
2012-01-26 21:41 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Stefan Monnier
2012-01-30 16:36 ` Lars Ingebrigtsen
2012-01-30 22:18 ` Stefan Monnier
2012-01-30 22:21 ` Lars Ingebrigtsen
2012-01-31 9:00 ` Michael Albinus
2012-01-31 17:51 ` Stefan Monnier
2012-02-13 17:35 ` Ted Zlatanov
2012-02-13 18:35 ` Michael Albinus
2012-01-27 1:47 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Daiki Ueno
2012-01-27 16:23 ` Ted Zlatanov
2012-01-29 9:50 ` Daiki Ueno
2012-01-30 16:33 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Lars Ingebrigtsen
2012-01-31 6:55 ` Chong Yidong
2012-01-31 11:57 ` Lars Ingebrigtsen
2012-02-03 17:14 ` Kevin Rodgers
2012-01-31 11:11 ` Ted Zlatanov
2012-01-31 11:37 ` Michael Albinus
2012-02-13 17:38 ` Ted Zlatanov
2012-01-28 8:47 ` Roland Winkler
2012-01-28 19:05 ` Lars Ingebrigtsen
2012-01-28 19:32 ` Roland Winkler
2012-01-30 16:18 ` Lars Ingebrigtsen
2012-01-30 18:49 ` Roland Winkler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bopq6xng.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=9113@debbugs.gnu.org \
--cc=Stromeko@nexgo.de \
--cc=larsi@gnus.org \
--cc=winkler@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).