bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Mark Karpov]

***

My .authinfo.gpg file is encrypted with GPG. Emacs is smart enough to
invoke GPG for me when I want to see contents of the file or when I use
GNUS to read my emails.

However, GPG uses graphical dialog box to ask for passphrase. This
destroys Emacs user experience, because I cannot cancel it with C-g, I
cannot finish input with C-m or C-j. I need to use RET, which I usually
use for completely different purposes (because we have C-m and C-j
alternatives and return is relatively easy to reach). Other editing
functionality is unavailable. Last time I tried it in terminal the
dialog box barely worked (some keys pressing were not registered for
example). Simply put, GUI dialog boxes is not something I like in Emacs.

Now, I don't know if it's possible, it's probably GPG-side thing, but
could it be done in minibuffer (like sudo in shell and Emacs shell),
then somehow passed to GPG?

Thanks.

***



In GNU Emacs 25.0.50.13 (x86_64-unknown-linux-gnu, GTK+ Version 3.16.4)
 of 2015-06-27 on arch
Repository revision: ff80437668dd0d5163c9e43f0c200b923b39166b
Windowing system distributor `The X.Org Foundation', version 11.0.11702000
Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GCONF GSETTINGS
NOTIFY ACL GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: M

Minor modes in effect:
  global-git-commit-mode: t
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  flyspell-mode: t
  whitespace-mode: t
  yas-global-mode: t
  yas-minor-mode: t
  show-paren-mode: t
  minibuffer-electric-default-mode: t
  ido-vertical-mode: t
  ido-ubiquitous-mode: t
  ido-everywhere: t
  global-auto-revert-mode: t
  global-aggressive-indent-mode: t
  display-time-mode: t
  delete-selection-mode: t
  smartparens-global-mode: t
  smartparens-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  auto-fill-function: do-auto-fill
  transient-mark-mode: t
  auto-fill-mode: 1

Recent messages:
Wrote /home/mark/.emacs.d/.git/COMMIT_EDITMSG
Git finished [2 times]
Reverting (up to) 2 file-visiting buffer(s)...
(No buffers need to be reverted)
Type C-h i to view popup manual, ? to describe an argument or action.
Running git push -v origin master:refs/heads/master [2 times]
Git finished
Type C-h i to view popup manual, ? to describe an argument or action.
Type "q" in help window to restore its previous buffer.
C-h C-' is undefined

Load-path shadows:
None found.

Features:
(shadow sort mail-extr ace-window linum magit-blame magit-stash
magit-bisect magit-remote magit-commit magit-sequence magit magit-log
magit-apply magit-wip magit-diff smerge-mode magit-core magit-process
magit-popup magit-mode magit-git crm magit-section magit-utils
git-commit log-edit pcvs-util add-log with-editor tramp-sh tramp
tramp-compat tramp-loaddefs trampver shell pcomplete emacsbug sendmail
markdown-mode vc vc-dispatcher vc-git diff-mode smex hl-line nndraft
nnmh nnfolder utf-7 epa-file epa derived epg gnutls network-stream nsm
auth-source starttls gnus-agent gnus-srvr gnus-score score-mode
nnvirtual gnus-msg gnus-art mm-uu mml2015 mm-view mml-smime smime
password-cache dig mailcap nntp gnus-cache gnus-sum gnus-group gnus-undo
gnus-start gnus-cloud nnimap nnmail mail-source tls utf7 netrc nnoo
parse-time gnus-spec gnus-int gnus-range message dired format-spec
rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader gnus-win gnus
gnus-ems nnheader gnus-util mail-utils mm-util help-fns mail-prsvr
wid-edit rainbow-delimiters flycheck-haskell haskell-cabal haskell-utils
flycheck find-func rx subr-x flyspell ispell whitespace mk-visual
solarized-dark-theme solarized mk-texinfo mk-tex mk-scheme mk-python
mk-prolog mk-org mk-markdown mk-man mk-magit mk-lisp slime-fancy
slime-trace-dialog slime-fontifying-fu slime-package-fu slime-references
slime-compiler-notes-tree slime-scratch slime-presentations bridge
slime-fuzzy slime-fancy-trace slime-fancy-inspector slime-c-p-c
slime-editing-commands slime-autodoc slime-repl slime-parse slime
compile etags xref eieio eieio-core arc-mode archive-mode noutline
outline pp comint ansi-color ring hyperspec browse-url slime-autoloads
mk-ibuffer mk-haskell mk-gnus mk-eshell mk-erc mk-elisp mk-dired mk-diff
mk-clojure mk-calendar mk-c mk-bookmark mk-minor-modes
common-lisp-snippets yasnippet help-mode cl whole-line-or-region paren
minibuf-eldef ido-vertical-mode ido-ubiquitous ido-completing-read+
cl-macs gv ido autorevert filenotify cl-seq aggressive-indent easy-mmode
time delsel smartparens-config smartparens byte-opt thingatpt mk-global
edmacro kmacro ace-link avy mk-utils f dash s ucs-normalize mk-abbrev
misc server finder-inf tex-site fix-word advice info easymenu bytecomp
byte-compile cl-extra seq cl-loaddefs pcase cl-lib cconv package
epg-config time-date mule-util tooltip eldoc electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel x-win term/common-win x-dnd
tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment
elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan
thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian
slovak czech european ethiopic indian cyrillic chinese charscript
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote dbusbind gfilenotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 513899 74790)
 (symbols 48 48032 0)
 (miscs 40 1906 1422)
 (strings 32 105349 59509)
 (string-bytes 1 3157922)
 (vectors 16 72892)
 (vector-slots 8 1898462 176041)
 (floats 8 614 772)
 (intervals 56 2639 708)
 (buffers 976 29)
 (heap 1024 55248 6145))

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Stefan Monnier]

> Now, I don't know if it's possible, it's probably GPG-side thing, but
> could it be done in minibuffer (like sudo in shell and Emacs shell),
> then somehow passed to GPG?

It's probably possible, but FWIW, it's indeed done GPG-side (actually
from gpg-agent, IIUC) and it has security advantages, in that the
password never goes through Emacs at all (and gpg-agent is, by nature,
written in a more security-conscious way than Emacs).


        Stefan

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Maybe Emacs developers can cooperate with Werner Koch to set up a a
way GPG and Emacs can work together better for reading the passphrase.

There is the option of using gpg-agent.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Daiki Ueno]

Richard Stallman <rms@gnu.org> writes:

> Maybe Emacs developers can cooperate with Werner Koch to set up a a
> way GPG and Emacs can work together better for reading the passphrase.
>
> There is the option of using gpg-agent.

We are already working on that, see:
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20550

and the recent discussions on gnupg-devel mailing list, to make
gpg-agent (and pinentry) respect the INSIDE_EMACS envvar:
https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/029915.html

Now that all patches had landed in both GnuPG (2.1.x) and Emacs (git
master), maybe people who demand on this feature could try it, so it can
be safely backported to the GnuPG stable series?

Regards,
-- 
Daiki Ueno

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Mark Karpov]

Daiki Ueno <ueno@gnu.org> writes:

> Richard Stallman <rms@gnu.org> writes:
>
>> Maybe Emacs developers can cooperate with Werner Koch to set up a a
>> way GPG and Emacs can work together better for reading the passphrase.
>>
>> There is the option of using gpg-agent.
>
> We are already working on that, see:
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20550
>
> and the recent discussions on gnupg-devel mailing list, to make
> gpg-agent (and pinentry) respect the INSIDE_EMACS envvar:
> https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/029915.html
>
> Now that all patches had landed in both GnuPG (2.1.x) and Emacs (git
> master), maybe people who demand on this feature could try it, so it can
> be safely backported to the GnuPG stable series?
>
> Regards,

I would like to try this. I have

  ~ $ gpg --version
  gpg (GnuPG) 2.1.6
  libgcrypt 1.6.3
  Copyright (C) 2015 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  
  Home: ~/.gnupg
  Supported algorithms:
  Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
          CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2

…and Emacs built from git master (head: 8c81ac9 master ; Spelling fixes).

This doesn't seem to work out-of-the-box. What additional steps should
one undertake to get rid of the dialog box?

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Daiki Ueno]

Mark Karpov <markkarpov@openmailbox.org> writes:

> I would like to try this. I have

Thanks.

>   ~ $ gpg --version
>   gpg (GnuPG) 2.1.6
>   libgcrypt 1.6.3
>   Copyright (C) 2015 Free Software Foundation, Inc.
>   License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>   This is free software: you are free to change and redistribute it.
>   There is NO WARRANTY, to the extent permitted by law.
>   
>   Home: ~/.gnupg
>   Supported algorithms:
>   Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
>   Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>           CAMELLIA128, CAMELLIA192, CAMELLIA256
>   Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>   Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
> …and Emacs built from git master (head: 8c81ac9 master ; Spelling fixes).
>
> This doesn't seem to work out-of-the-box. What additional steps should
> one undertake to get rid of the dialog box?

First, make sure that your Pinentry is 0.9.5 or later.  Secondly, add
allow-emacs-pinentry to your ~/.gnupg/gpg-agent.conf.  Finally, start
the Emacs Pinentry server with M-x pinentry-start.

Then, you should be able to interact with gpg through minibufer.  Try
M-x shell and run gpg from there (or do M-x epa-encrypt-region, etc.).

If it doesn't work well, let me know (I expect that there are still
rough edges).

Regards,
-- 
Daiki Ueno

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Thanks for working on this.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.

bug#20982: 25.0.50; GPG uses GUI dialog box to ask for passphrase

[Daiki Ueno]

unarchive 20550
forcemerge 20550 20982
close 20550
stop

Daiki Ueno <ueno@gnu.org> writes:

>> This doesn't seem to work out-of-the-box. What additional steps should
>> one undertake to get rid of the dialog box?
>
> First, make sure that your Pinentry is 0.9.5 or later.  Secondly, add
> allow-emacs-pinentry to your ~/.gnupg/gpg-agent.conf.  Finally, start
> the Emacs Pinentry server with M-x pinentry-start.

A while ago, I added a hack to make the setup mostly out-of-the-box:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=bd8b5ac7

As it seems to be working, I'm closing this as a duplicate of 20550.