gpg 2.2 and epa

gpg 2.2 and epa

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

I tried installing gpg 2.2 some months ago, but Emacs master ceased to
recognize when it was asking for a password.  Has anyone had success
with this?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

gpg 2.2 and epa

[Paul Eggert]

Richard Stallman wrote:
> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
> recognize when it was asking for a password.  Has anyone had success
> with this?

Emacs master works for me on my Ubuntu 18.04.1 desktop, where "gpg --version" 
reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.

Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is, 
Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs. 
On my desktop, when I am using Emacs and need a GPG passphrase, a window pops up 
(I assume generated by the GPG agent), and the agent remembers the key.

If you want to continue to type the passphrase into Emacs, here is a relevant 
20-message thread, dated 2016:

https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html

with the conclusion seeming to be "it's not worth the trouble".

Re: gpg 2.2 and epa

[Juri Linkov]

> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
> recognize when it was asking for a password.  Has anyone had success
> with this?

When I had the same problem, the only way to get out of this situation
was to manually decrypt a file from an old format, and encrypt it again
in a new format, e.g.

gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

Re: gpg 2.2 and epa

[Óscar Fuentes]

Juri Linkov <juri@linkov.net> writes:

>> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
>> recognize when it was asking for a password.  Has anyone had success
>> with this?
>
> When I had the same problem, the only way to get out of this situation
> was to manually decrypt a file from an old format, and encrypt it again
> in a new format, e.g.
>
> gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

Or put

ignore-mdc-error

in ~/.gnupg/gpg.conf

Emacs has nothing to do with this. It was a change on gnupg.

Re: gpg 2.2 and epa

[Eli Zaretskii]

> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Sun, 2 Dec 2018 16:47:29 -0800
> Cc: emacs-devel@gnu.org
> 
> If you want to continue to type the passphrase into Emacs, here is a relevant 
> 20-message thread, dated 2016:
> 
> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
> 
> with the conclusion seeming to be "it's not worth the trouble".

NEWS.26 (or just NEWS if you use Emacs 26) has some text about this;
search for "gpg".  Maybe the information there will be useful as well
(I don't use gpg, so I have no idea).

Re: gpg 2.2 and epa

[Filipp Gunbin]

On 02/12/2018 16:47 -0800, Paul Eggert wrote:

> Richard Stallman wrote:
>> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
>> recognize when it was asking for a password.  Has anyone had success
>> with this?
>
> Emacs master works for me on my Ubuntu 18.04.1 desktop, where "gpg --version"
> reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.
>
> Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is,
> Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs.
> On my desktop, when I am using Emacs and need a GPG passphrase, a window pops up
> (I assume generated by the GPG agent), and the agent remembers the key.
>
> If you want to continue to type the passphrase into Emacs, here is a relevant
> 20-message thread, dated 2016:
>
> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
>
> with the conclusion seeming to be "it's not worth the trouble".

With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
quering to Emacs.  This works ok in master.  No other settings should be
required for that.

Filipp

Re: gpg 2.2 and epa

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is, 
  > Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs.

I should have added that I always use Emacs on a tty.
When gpg tries to read the password on a tty under Emacs,
it does not work: both programs try to read at once
and it is unpredictable which one gets each character.

With gpg 1, something in Emacs recognizes that it wants a password,
reads the password in Emacs, then passes it to gpg.  That method works.
But it doesn't seem to activate when using gpg 2.

Has anyone seen this problem?


-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: gpg 2.2 and epa

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > When I had the same problem, the only way to get out of this situation
  > was to manually decrypt a file from an old format, and encrypt it again
  > in a new format, e.g.

  > gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

GPG 1 can decrypt all the files I receive, so I don't think my problem
has to do with a difference in format.  I think you must have had a
different problem.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: gpg 2.2 and epa

[Ted Zlatanov]

On Mon, 03 Dec 2018 18:17:59 +0300 Filipp Gunbin <fgunbin@fastmail.fm> wrote: 

FG> With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
FG> quering to Emacs.  This works ok in master.  No other settings should be
FG> required for that.

At least for me, that was insufficient. The GnuPG configuration (usually
~/.gnupg/gpg-agent.conf) needed this before the loopback worked:

allow-loopback-pinentry

HTH
Ted

Re: gpg 2.2 and epa

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 762 bytes --]

Ted Zlatanov [2018-12-31 16:21:19Z] wrote:

> On Mon, 03 Dec 2018 18:17:59 +0300 Filipp Gunbin <fgunbin@fastmail.fm> wrote: 
> FG> With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
> FG> quering to Emacs. This works ok in master. No other settings
> FG> should be required for that.
>
> At least for me, that was insufficient. The GnuPG configuration
> (usually ~/.gnupg/gpg-agent.conf) needed this before the loopback
> worked:
>
> allow-loopback-pinentry

"allow-loopback-pinentry" is the default, at least in gpg 2.1.18. I
believe it wasn't the default at first when the feature was introduced.

-- 
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: gpg 2.2 and epa

[Ted Zlatanov]

On Mon, 31 Dec 2018 18:46:12 +0200 Teemu Likonen <tlikonen@iki.fi> wrote: 

TL> "allow-loopback-pinentry" is the default, at least in gpg 2.1.18. I
TL> believe it wasn't the default at first when the feature was introduced.

Ah, thanks for letting me know. I definitely needed it back then and
haven't kept up with the releases.

Ted

Re: gpg 2.2 and epa

[Colin Baxter]

Dear Filipp,

>>>>> Filipp Gunbin <fgunbin@fastmail.fm> writes:

    Filipp> On 02/12/2018 16:47 -0800, Paul Eggert wrote:
    >> Richard Stallman wrote:
    >>> I tried installing gpg 2.2 some months ago, but Emacs master
    >>> ceased to recognize when it was asking for a password.  Has
    >>> anyone had success with this?
    >> 
    >> Emacs master works for me on my Ubuntu 18.04.1 desktop, where
    >> "gpg --version" reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.
    >> 
    >> Emacs master (like Emacs 26.1) delegates password handling to
    >> gpg2. That is, Emacs itself isn't responsible for reading
    >> passphrases; gpg2 does it for Emacs.  On my desktop, when I am
    >> using Emacs and need a GPG passphrase, a window pops up (I assume
    >> generated by the GPG agent), and the agent remembers the key.
    >> 
    >> If you want to continue to type the passphrase into Emacs, here
    >> is a relevant 20-message thread, dated 2016:
    >> 
    >> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
    >> 
    >> with the conclusion seeming to be "it's not worth the trouble".

    Filipp> With (setq epg-pinentry-mode 'loopback), gpg redirects
    Filipp> passphrase quering to Emacs.  This works ok in master.  No
    Filipp> other settings should be required for that.

This works for emacs-27 even if you ssh in to a remote machine and
launch emacs from there. Thanks Filipp for this, I've found it very
useful.

Best wishes,

-- 
Colin Baxter
m43cap@yandex.com