bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Artur Malabarba]

As is well-documented, the variable
`epa-file-cache-passphrase-for-symmetric-encryption'` has no effect on
GnuPG 2.0.

I would like to request this support be added, if possible.
Ted mentioned on another thread that GnuPG 2.x recently added this
functionality, but he wasn't sure and I have no idea how to check that.

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Daiki Ueno]

Artur Malabarba <bruce.connor.am@gmail.com> writes:

> As is well-documented, the variable
> `epa-file-cache-passphrase-for-symmetric-encryption'` has no effect on
> GnuPG 2.0.
>
> I would like to request this support be added, if possible.
> Ted mentioned on another thread that GnuPG 2.x recently added this
> functionality, but he wasn't sure and I have no idea how to check that.

I'm not sure what you want, but perhaps this might help:
https://lists.gnu.org/archive/html/emacs-devel/2014-11/msg00421.html

Regards,
-- 
Daiki Ueno

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Artur Malabarba]

[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

> I'm not sure what you want, but perhaps this might help:
> https://lists.gnu.org/archive/html/emacs-devel/2014-11/msg00421.html

Might be, thanks. I'll try it out tomorrow.
If it works I'll add a sentence to the docstring of
*epa-file-cache-passphrase-for-symmetric-encryption*.

[-- Attachment #2: Type: text/html, Size: 430 bytes --]

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Artur Malabarba]

2015-05-12 0:25 GMT+01:00 Artur Malabarba <bruce.connor.am@gmail.com>:
>> I'm not sure what you want, but perhaps this might help:
>> https://lists.gnu.org/archive/html/emacs-devel/2014-11/msg00421.html
>
> Might be, thanks. I'll try it out tomorrow.
> If it works I'll add a sentence to the docstring of
> epa-file-cache-passphrase-for-symmetric-encryption.

It didn't help. Well, it sort of did, but it also made things worse.
- It helped in the sense that now I only get prompted the first time I
open the file (instead of every time).
- It made things worse in the sense that I now have to type the
password 4(!) times when saving the file (all prompts are inside
emacs). The first prompt is "Passphrase for symmetric encryption for
/.../file.gpg: ", then I get "Confirm password: ", then I get the
first one again, then the second one again.

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Daiki Ueno]

Artur Malabarba <bruce.connor.am@gmail.com> writes:

> - It made things worse in the sense that I now have to type the
> password 4(!) times when saving the file (all prompts are inside
> emacs). The first prompt is "Passphrase for symmetric encryption for
> /.../file.gpg: ", then I get "Confirm password: ", then I get the
> first one again, then the second one again.

Oh, you are right.  GnuPG 2.1 --pinentry-mode=loopback asks passphrase
twice on symmetric encryption, while GnuPG 1.x does that only once (look
at the GET_HIDDEN lines below):

  $ gpg2 --command-fd=1 --status-fd=1 --pinentry-mode=loopback --symmetric -o /dev/null < /dev/null
  gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
  gpg: It is only intended for test purposes and should NOT be
  gpg: used in a production environment or with production keys!
  [GNUPG:] NEED_PASSPHRASE_SYM 7 3 2
  [GNUPG:] GET_HIDDEN passphrase.enter
  test
  [GNUPG:] GOT_IT
  [GNUPG:] GET_HIDDEN passphrase.enter
  test
  [GNUPG:] GOT_IT
  [GNUPG:] BEGIN_ENCRYPTION 2 7
  [GNUPG:] END_ENCRYPTION

  $ gpg --command-fd=1 --status-fd=1 --symmetric -o /dev/null < /dev/null
  [GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
  [GNUPG:] GET_HIDDEN passphrase.enter
  test
  [GNUPG:] GOT_IT
  [GNUPG:] BEGIN_ENCRYPTION 0 3
  [GNUPG:] END_ENCRYPTION

Though I suppose the repetition is meant to be a confirmation, I think
it is not very useful for clients (since we already know that the
confirmation is needed) and causes compatibility issues.

Could this be fixed in GnuPG itself?

Thanks,
-- 
Daiki Ueno

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Werner Koch]

On Tue, 12 May 2015 12:48, ueno@gnu.org said:

> Oh, you are right.  GnuPG 2.1 --pinentry-mode=loopback asks passphrase
> twice on symmetric encryption, while GnuPG 1.x does that only once (look

That is quite possible, the loopback mode basically emulates the calls
to the pinentry, which is in this case called twice.  It is not intended
as a replacement for the passphrase-fd stuff from gpg 1.

> Could this be fixed in GnuPG itself?

I think this makes sense.  Can you please file a bug at bugs.gnupg.org?


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Daiki Ueno]

Werner Koch <wk@gnupg.org> writes:

> I think this makes sense.  Can you please file a bug at bugs.gnupg.org?

Done as: https://bugs.gnupg.org/gnupg/issue1976

Regards,
-- 
Daiki Ueno

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Daiki Ueno]

Daiki Ueno <ueno@gnu.org> writes:

> Done as: https://bugs.gnupg.org/gnupg/issue1976

So, now that the original issue was fixed in GnuPG by Neal (in the above
bug), and another approach is also taken to mitigate the issue with
GnuPG 2.0.x as well, I'm closing this bug.

Artur: it would be great if you could have a chance to try those changes
and report any issue.

Regards,
-- 
Daiki Ueno

bug#20550: 25.0.50; Add GnuPG 2.x support to epa-file-cache-passphrase-for-symmetric-encryption.

[Artur Malabarba]

> Artur: it would be great if you could have a chance to try those changes
> and report any issue.

Seems to be working. Thanks.