From: tomas@tuxteam.de
To: tomas@tuxteam.de, help-gnu-emacs@gnu.org, info-gnus-english@gnu.org
Subject: Re: Passphrase caching for GnuPG in Emacs?
Date: Mon, 9 Nov 2015 14:50:22 +0100 [thread overview]
Message-ID: <20151109135022.GC21743@tuxteam.de> (raw)
In-Reply-To: <87si4fwa3n.fsf@informationelle-selbstbestimmung-im-internet.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Nov 09, 2015 at 02:55:40PM +0100, Jens Lechtenboerger wrote:
> On 2015-11-09, at 09:45, tomas@tuxteam.de wrote:
>
> > On Sun, Nov 08, 2015 at 05:00:56PM +0100, Jens Lechtenboerger wrote:
> >> Hi there,
> >>
> >> I plan to refactor the code used for GnuPG in the Message mode of
> >> Emacs [...]
> > The last time I gave gpg 2 a try, a crude GTK dialog appeared from
> > nowhere (disrupting my command line workflow). I just ran away,
> > screaming.
> >
> > It seems there's a command-line pinentry these days. From Emacs,
> > my dream would be that it's Emacs which handles user interaction.
>
> What you describe is the default for GUIs, I guess.
yes, I suppose.
> If I use the option
> pinentry-program /usr/local/bin/pinentry-curses
> in gpg-agent.conf and start Emacs within a terminal (option -nw),
> then the passphrase needs to be entered within the terminal window,
> whose contents get replaced by pinentry-curses while entering the
> passphrase. Would that be good enough for you?
That would force me to use Emacs -nw. Hmmm.
> Moreover, as mentioned above there is Emacs support in pinentry,
> which can be enabled by configure options at compile time.
Yep, that'll be it. I'm aware of the risks[1], I'll take them. Thanks
for pointing me to a solution.
> >From the pinentry info pages:
> “Having Emacs get the passphrase is convenient, however, it is a
> significant security risk [...]
> Out of curiosity: Are you customizing any of the 8 variables related
> to passphrase caching that I mentioned in my earlier message?
No. Your changes won't affect me. My question was on a tangent anyway,
but thanks for the clarifications.
[1] If someone takes over my Emacs I'm SOL anyway. All my data go down
in flames :-)
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlZApJ4ACgkQBcgs9XrR2kZ73gCfbwJpAAdMrzdRCartF9kL3FNK
ANoAmwVTM18AhtjlUWFWmTzSIpJIoibO
=NOky
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-11-09 13:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-08 16:00 Passphrase caching for GnuPG in Emacs? Jens Lechtenboerger
2015-11-09 8:45 ` tomas
2015-11-09 13:47 ` Stefan Monnier
2015-11-09 13:45 ` tomas
2015-11-09 13:55 ` Jens Lechtenboerger
2015-11-09 13:50 ` tomas [this message]
2016-01-05 15:40 ` Teemu Likonen
2016-01-05 15:58 ` Jens Lechtenboerger
2016-01-05 18:16 ` Jude DaShiell
2016-01-05 19:06 ` Teemu Likonen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151109135022.GC21743@tuxteam.de \
--to=tomas@tuxteam.de \
--cc=help-gnu-emacs@gnu.org \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).