From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: ken manheimer Newsgroups: gmane.emacs.devel Subject: Re: interjecting a custom epa passphrase prompt Date: Sun, 5 Dec 2010 12:51:53 -0500 Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1291571552 23929 80.91.229.12 (5 Dec 2010 17:52:32 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 5 Dec 2010 17:52:32 +0000 (UTC) Cc: emacs-devel@gnu.org To: Daiki Ueno Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Dec 05 18:52:27 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PPIl4-00088B-0k for ged-emacs-devel@m.gmane.org; Sun, 05 Dec 2010 18:52:22 +0100 Original-Received: from localhost ([127.0.0.1]:49049 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PPIl2-0005TG-Vg for ged-emacs-devel@m.gmane.org; Sun, 05 Dec 2010 12:52:21 -0500 Original-Received: from [140.186.70.92] (port=45020 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PPIku-0005QA-Ho for emacs-devel@gnu.org; Sun, 05 Dec 2010 12:52:13 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PPIks-0004gE-SF for emacs-devel@gnu.org; Sun, 05 Dec 2010 12:52:12 -0500 Original-Received: from mail-ww0-f49.google.com ([74.125.82.49]:39302) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PPIks-0004g0-OA for emacs-devel@gnu.org; Sun, 05 Dec 2010 12:52:10 -0500 Original-Received: by wwb17 with SMTP id 17so3364439wwb.30 for ; Sun, 05 Dec 2010 09:52:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=5o7WHUsx3fLFZNJwpXZcj6vsWrJOjSEYvKb1LWP3UO8=; b=rz+WDnK+M7uvzINZcoa67yFZ1lW7ea/377RmhrAjlzICCRz1iCWeGXx5zU21EFVp9x RWY3I6WNpyso6z5sLnKHJoOmHeALbUXbp0rSDyoQe/9svm0TYxcoApr8r7bu5Bc4BYPZ uXAOSfwf1QvhE6c+3pBbcoJNWrLe2EVtzEhYM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=xeHFcak8W7RlPEz9c6scbB07BtJ4E4U9ThQO8gHSzE36eZCJqwdPEqqWC/csGWRpSt wRbf5EOIC23JrAq0RMvaZPTP430ce/mtk2Sws+3FhR9LBJeDbcx3x/HcZ85GYYiY+IGV Ag8/zZYafzrHc2LCpWVLXXYEZcCgXcVbEev+8= Original-Received: by 10.216.180.76 with SMTP id i54mr265332wem.33.1291571528951; Sun, 05 Dec 2010 09:52:08 -0800 (PST) Original-Received: by 10.216.65.141 with HTTP; Sun, 5 Dec 2010 09:51:53 -0800 (PST) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:133434 Archived-At: On Wed, Dec 1, 2010 at 9:26 PM, Daiki Ueno wrote: > > ken manheimer writes: > > > i am trying to use 'epg-context-set-passphrase-callback' to adjust the > > context for encryption to try to interject my own prompting, but it's > > having no effect. > > Most likely you are using GnuPG 2, which does not ask passphrase on tty > or on status FD, unlike GnuPG 1. =A0Try: > > $ gpg --version you're right, i was using gnupg v2. > Assuming that: > > > has all provision for custom passphrase prompting in epg been > > eliminated? > > Still you could use GnuPG 1 for your custom passphrase prompting, since > GnuPG 2 is not a newer version of GnuPG, but a separate product. well, i'm surprised! the passphrase callback does become effective when i switch to using gnupg v1. i'm very glad i have an avenue to preserve the allout features. it's a mixed situation, though, requiring user intervention make a configuration choice that has unclear security and other implications. i think i understand that epg design decision, though - epg uses the discretion for prompting that the underlying gnupg implementation makes available, in a sense deferring responsibility for that security exposure to that underlying gnupg implementation. i guess i can tell allout users that they can get passphrase hinting and verification if they configure epg to use gnupg v1 rather than gnupg v2, but to realize that that involves passphrase handling in emacs lisp code, which is more susceptible to subvention than containing it solely in the gnupg execution. one thing i notice would have been helpful would be to have some clear warning about this underlying gnupg behavior dependence in the epg.el code, somehow associated with the passphrase callback code. if situated well and clearly, this could help developers using the epg library a lot in making choices connected with somewhat special uses like mine, in allout. i want to thank you very much for the speedy response, by the way! that was very helpful - i could quickly confirm that i could reap some results from my efforts to that point, and continue forward, which was very reassuring. i'm sorry i didn't reply sooner - the little time i had available was spent confirming and scoping out how i would use the passphrase callback. i hope to have some more time, soon, to complete allout's switchover to epg. > Regards, > -- > Daiki Ueno -- ken http://myriadicity.net