From: Ted Zlatanov <tzz@lifelogs.com>
To: 15552@debbugs.gnu.org
Cc: ueno@gnu.org
Subject: bug#15552: 24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x
Date: Mon, 07 Oct 2013 20:46:34 -0400 [thread overview]
Message-ID: <878uy4zj11.fsf@flea.lifelogs.com> (raw)
In-Reply-To: <87fvscwswx.fsf-ueno-ueno@gnu.org> (Daiki Ueno's message of "Tue, 08 Oct 2013 08:41:40 +0900")
On Tue, 08 Oct 2013 08:41:40 +0900 Daiki Ueno <ueno@gnu.org> wrote:
DU> tags 15552 notabug
DU> thanks
DU> Teodor Zlatanov <tzz@lifelogs.com> writes:
>> 1. On the local system, install GnuPG 2.x and don't run the gpg-agent
>> 2. Set epa-file-cache-passphrase-for-symmetric-encryption to t
>> 3. Open file.gpg: password dialog pops up
>> 4. close file.gpg
>> 5. Open file.gpg: password dialog pops up again
>>
>> Step (5) should not prompt. It works properly with GnuPG 1.x.
DU> That's intended behavior. It is documented and I stated a number of
DU> times the reason and why I chose such a lengthy name of the variable and
DU> the default is nil:
DU> 1. Emacs heap is not so secure
DU> 2. Using Emacs for password input degrades the security
(please note I opened this at Stefan's request; I knew you wouldn't be
interested in resolving it)
I appreciate your concern for security, but the behavior is broken from
a user's perspective and you make no effort to help at the time the
issue occurs. You could, for instance, check the GnuPG version and be
helpful.
At least fix the docstring and maybe emit a message to be helpful about
it. There's no mention that it breaks with GnuPG 2.x:
epa-file-cache-passphrase-for-symmetric-encryption is a variable defined in `epa-file.el'.
Its value is t
Original value was nil
Documentation:
If non-nil, cache passphrase for symmetric encryption.
For security reasons, this option is turned off by default and
not recommended to use. Instead, consider using public-key
encryption with gpg-agent which does the same job in a safer
way.
DU> You never hear or remember.
Right, thanks again.
Ted
next prev parent reply other threads:[~2013-10-08 0:46 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-07 17:56 bug#15552: 24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x Teodor Zlatanov
2013-10-07 23:41 ` Daiki Ueno
2013-10-08 0:46 ` Ted Zlatanov [this message]
2013-10-08 3:14 ` Stefan Monnier
2013-10-08 7:03 ` Daiki Ueno
2013-10-08 10:47 ` Ted Zlatanov
2013-10-08 17:17 ` Stefan Monnier
2013-10-08 21:51 ` Daiki Ueno
2013-10-09 3:01 ` Stefan Monnier
2013-10-09 3:53 ` Daiki Ueno
2013-10-09 9:32 ` Ted Zlatanov
2013-10-09 12:40 ` Stefan Monnier
2013-10-10 3:08 ` Daiki Ueno
2013-10-10 13:25 ` Ted Zlatanov
2013-10-10 14:31 ` Stefan Monnier
2013-10-10 14:32 ` Stefan Monnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878uy4zj11.fsf@flea.lifelogs.com \
--to=tzz@lifelogs.com \
--cc=15552@debbugs.gnu.org \
--cc=ueno@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.