From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Date: Thu, 26 Jan 2012 14:01:39 -0600 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <87bopq6xng.fsf@lifelogs.com> References: <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com> <87aa5aa38p.fsf@lifelogs.com> <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com> <87aa5aa38p.fsf@lifelogs.com> <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com> <87aa5aa38p.fsf@lifelogs.com> <87y5suuz85.fsf@Rainer.invalid> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1327608980 32721 80.91.229.12 (26 Jan 2012 20:16:20 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 26 Jan 2012 20:16:20 +0000 (UTC) Cc: 9113@debbugs.gnu.org, Lars Ingebrigtsen , Roland Winkler To: Achim Gratz Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 26 21:16:15 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from [140.186.70.17] (helo=lists.gnu.org) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RqVjy-0004lp-Rs for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 21:16:15 +0100 Original-Received: from localhost ([::1]:51622 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RqVjm-0003qq-3y for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 15:16:02 -0500 Original-Received: from [140.186.70.92] (port=53910 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RqUan-0001Y6-Rt for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 14:02:48 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RqUah-0007jB-HE for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 14:02:39 -0500 Original-Received: from [140.186.70.43] (port=40457 helo=debbugs.gnu.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RqUah-0007i8-DV for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 14:02:35 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1RqUb7-0004vY-T8 for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 14:03:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 26 Jan 2012 19:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9113 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 9113-submit@debbugs.gnu.org id=B9113.132760457818930 (code B ref 9113); Thu, 26 Jan 2012 19:03:01 +0000 Original-Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 19:02:58 +0000 Original-Received: from localhost ([127.0.0.1]:45844 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RqUb1-0004vF-Jm for submit@debbugs.gnu.org; Thu, 26 Jan 2012 14:02:57 -0500 Original-Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:47406) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1RqUav-0004uz-DF for 9113@debbugs.gnu.org; Thu, 26 Jan 2012 14:02:53 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap0EAIiiIU/AqF0N/2dsb2JhbABCr1GBcgEBBAF5EAsNARMPCwEKDwEESQ4Fh3yqEo1ZiT4QAQgBBgQDAwQlgmUdDoEFNAIHGoMaBIg/klmMdw Original-Received: from unknown (HELO chiexchange02.w2k.jumptrading.com) ([192.168.93.13]) by cer-mailmxol2.jumptrading.com with ESMTP; 26 Jan 2012 19:03:35 +0000 Original-Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP Server id 8.2.176.0; Thu, 26 Jan 2012 13:02:09 -0600 Original-Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Jan 2012 13:02:09 -0600 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <87y5suuz85.fsf@Rainer.invalid> (Achim Gratz's message of "Thu, 26 Jan 2012 18:53:46 +0100, Thu, 26 Jan 2012 12:28:47 -0500, Thu, 26 Jan 2012 18:52:25 +0100") User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) X-OriginalArrivalTime: 26 Jan 2012 19:02:09.0443 (UTC) FILETIME=[010A6730:01CCDC5D] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:56057 Archived-At: >>> 2) use unencrypted authinfo with encrypted password tokens, which >>> looks like this: >> >>> machine supertest password >>> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM= On Thu, 26 Jan 2012 18:53:46 +0100 Achim Gratz wrote: AG> That looks appealing. Can it work with ssh-agent also? No, unfortunately. On Thu, 26 Jan 2012 12:28:47 -0500 Stefan Monnier wrote: SM> That might be a good option. It works fairly well but it's hacky, and can't be shared with other programs. I'd like to implement it with libnettle at least, so it doesn't depend on the external gpg utility. But yes, we could do this one and it would work on all platforms with libnettle. On Thu, 26 Jan 2012 18:52:25 +0100 Lars Ingebrigtsen wrote: LI> Yes. But it will require the user to type in a password to get to the LI> password. :-) And again, programs like Firefox defaults to storing the LI> passwords in non-encrypted files, so I don't really see why Emacs should LI> be more difficult to use than Firefox. The encryption doesn't have to be strong. It could use a well-known secret that the user can override, rather than an actual passphrase, and then no questions will be asked. SM> Another option (the better long-term option) is to use an external SM> keychain service to handle these issues. That's what we should focus on SM> for the "next time". Do you mean gpg-agent or the OS keychain? Neither is available on all platforms consistently. >> IIRC for 23 the default was to keep the password for the current session >> and not to store it in any file at all. I think it's a better default >> than writing it in clear in some file, so at least for 24.1 reverting to >> the Emacs-23 default is very attractive. LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24 LI> prompts you for whether you want to store the password or not. If you LI> don't want to, say "n". One possible flow: If the user says `y' then we can ask (if `auth-sources' is 'ask) "Do you want to keep your passwords in a GPG-encrypted file?" If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check that EPA/EPG are enabled. If GPG is not available, what do we do? Use libnettle? Or explain and pretend they said `n'? If they say `n' then set `auth-sources' to "~/.authinfo". So it's one extra step. But it is getting unwieldy. Ted