* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
@ 2011-06-03 0:03 Roland Winkler
2011-06-03 4:20 ` Daiki Ueno
0 siblings, 1 reply; 6+ messages in thread
From: Roland Winkler @ 2011-06-03 0:03 UTC (permalink / raw)
To: 8791
I am running emacs remotely as a child of gpg-agent, but with X
forwarding disabled. If I am trying to visit a gpg-encrypted file,
I simply get the error message
File exists, but cannot be read
and I get an empty buffer.
I expect that this is related to the fact that EasyPG does not run
pinentry (or: does not run pinentry properly) if X forwarding is
disabled. If I do enable X forwarding and I try to open a
gpg-encrypted file, a pinentry window pops up, asking me for the
passphrase. Then I can visit gpg-encrypted files as expected.
I would expect that with X forwarding disabled, emacs will ask for the
passphrase in the minibuffer. (I believe I got this behavior when I had
no pinentry program installed.)
In GNU Emacs 23.3.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.12.9)
of 2011-06-02 on lukas
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: C
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: en_GB.utf8
value of $LANG: en_US.ISO-8859-15
value of $XMODIFIERS: nil
locale-coding-system: iso-latin-9-unix
default enable-multibyte-characters: t
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
2011-06-03 0:03 bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X Roland Winkler
@ 2011-06-03 4:20 ` Daiki Ueno
2011-06-04 2:18 ` Roland Winkler
0 siblings, 1 reply; 6+ messages in thread
From: Daiki Ueno @ 2011-06-03 4:20 UTC (permalink / raw)
To: Roland Winkler; +Cc: 8791
Roland Winkler <winkler@gnu.org> writes:
> I am running emacs remotely as a child of gpg-agent, but with X
> forwarding disabled. If I am trying to visit a gpg-encrypted file,
> I simply get the error message
>
> File exists, but cannot be read
>
> and I get an empty buffer.
>
> I would expect that with X forwarding disabled, emacs will ask for the
> passphrase in the minibuffer. (I believe I got this behavior when I had
> no pinentry program installed.)
Well I think pinentry should fallback to use curses in this case.
However it is not currently possible since there is no way to get the
tty where Emacs is running. See:
http://article.gmane.org/gmane.emacs.devel/96207
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
2011-06-03 4:20 ` Daiki Ueno
@ 2011-06-04 2:18 ` Roland Winkler
2011-06-06 1:46 ` Daiki Ueno
0 siblings, 1 reply; 6+ messages in thread
From: Roland Winkler @ 2011-06-04 2:18 UTC (permalink / raw)
To: Daiki Ueno; +Cc: 8791
On Fri Jun 3 2011 Daiki Ueno wrote:
> Well I think pinentry should fallback to use curses in this case.
> However it is not currently possible since there is no way to get the
> tty where Emacs is running. See:
>
> http://article.gmane.org/gmane.emacs.devel/96207
I do not know much about the internals of gpg. I was wondering: for
gpg, is there anything similar to the ssh-add command, which could
serve as a fallback?
Roland
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
2011-06-04 2:18 ` Roland Winkler
@ 2011-06-06 1:46 ` Daiki Ueno
2011-06-06 5:24 ` Roland Winkler
0 siblings, 1 reply; 6+ messages in thread
From: Daiki Ueno @ 2011-06-06 1:46 UTC (permalink / raw)
To: Roland Winkler; +Cc: 8791
"Roland Winkler" <winkler@gnu.org> writes:
> On Fri Jun 3 2011 Daiki Ueno wrote:
>> Well I think pinentry should fallback to use curses in this case.
>> However it is not currently possible since there is no way to get the
>> tty where Emacs is running. See:
>>
>> http://article.gmane.org/gmane.emacs.devel/96207
>
> I do not know much about the internals of gpg. I was wondering: for
> gpg, is there anything similar to the ssh-add command, which could
> serve as a fallback?
I suspect that gpg command installed on your remote system is GPG2,
which is tightly coupled with gpg-agent (and thus pinentry) for secret
key operations by its design.
Assuming that, I could imagine a couple of (insecure) workarounds:
1. install both GPG1 and GPG2
2. keep using GPG2 and write a pinentry program which retrieves
passphrase via emacsclient.
Generally I'd recommend 1, since most distros provide both packages,
which can be installed with no conflict.
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
2011-06-06 1:46 ` Daiki Ueno
@ 2011-06-06 5:24 ` Roland Winkler
2011-06-06 6:12 ` Daiki Ueno
0 siblings, 1 reply; 6+ messages in thread
From: Roland Winkler @ 2011-06-06 5:24 UTC (permalink / raw)
To: Daiki Ueno; +Cc: 8791
On Mon Jun 6 2011 Daiki Ueno wrote:
> > I do not know much about the internals of gpg. I was wondering: for
> > gpg, is there anything similar to the ssh-add command, which could
> > serve as a fallback?
>
> I suspect that gpg command installed on your remote system is GPG2,
> which is tightly coupled with gpg-agent (and thus pinentry) for secret
> key operations by its design.
...So I assume from your reply that, first of all, gpg does not have
anything similar to shh-add which is a program the user runs in
order to talk to the ssh agent. But gpg is doing it the other way
round: it's always the gpg agent which runs pinentry to ask the user
for a password.
I do not quite understand what motivated the authors of gpg and ssh
to use these different strategies. Oh well...
Anyway: thanks for EasyPG!
Roland
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X
2011-06-06 5:24 ` Roland Winkler
@ 2011-06-06 6:12 ` Daiki Ueno
0 siblings, 0 replies; 6+ messages in thread
From: Daiki Ueno @ 2011-06-06 6:12 UTC (permalink / raw)
To: Roland Winkler; +Cc: 8791-done
"Roland Winkler" <winkler@gnu.org> writes:
> ...So I assume from your reply that, first of all, gpg does not have
> anything similar to shh-add which is a program the user runs in
> order to talk to the ssh agent.
Ah, sorry, I misinterpreted your question - yes, there is:
gpg-preset-passphrase which is normally installed in /usr/libexec.
I'm not quite sure this is what you want as I seldom use that utility,
but anyway closing this bug for now.
> Anyway: thanks for EasyPG!
Welcome.
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-06-06 6:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-03 0:03 bug#8791: 23.3; EasyPG: pinentry in remote emacs session without X Roland Winkler
2011-06-03 4:20 ` Daiki Ueno
2011-06-04 2:18 ` Roland Winkler
2011-06-06 1:46 ` Daiki Ueno
2011-06-06 5:24 ` Roland Winkler
2011-06-06 6:12 ` Daiki Ueno
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).