Re: trunk r118306: epg: Utilize --pinentry-mode added in GnuPG 2.1

Re: trunk r118306: epg: Utilize --pinentry-mode added in GnuPG 2.1

[Ted Zlatanov]

On Fri, 07 Nov 2014 06:13:27 +0000 Daiki Ueno <ueno@gnu.org> wrote: 

DU> +(defcustom epa-pinentry-mode nil
DU> +  "The pinentry mode.
DU> +
DU> +GnuPG 2.1 or later has an option to control the behavior of
DU> +Pinentry invocation.  Possible modes are: `ask', `cancel',
DU> +`error', and `loopback'.  See the GnuPG manual for the meanings.
DU> +
DU> +In epa commands, a particularly useful mode is `loopback', which
DU> +redirects all Pinentry queries to the caller, so Emacs can query
DU> +passphrase through the minibuffer, instead of external Pinentry
DU> +program."
DU> +  :type '(choice (const nil)
DU> +		 (const ask)
DU> +		 (const cancel)
DU> +		 (const error)
DU> +		 (const loopback))
DU> +  :group 'epa
DU> +  :version "25.1")
DU> +

Hello,

does this mean `epa-file-cache-passphrase-for-symmetric-encryption' can
work with GnuPG 2.1?  Do you plan to enable that functionality?

Thanks
Ted

Re: trunk r118306: epg: Utilize --pinentry-mode added in GnuPG 2.1

[Daiki Ueno]

Apparently, I missed Cc: to the list.  Resending with a bit more info,
for those interested.

Ted Zlatanov <tzz@lifelogs.com> writes:

> does this mean `epa-file-cache-passphrase-for-symmetric-encryption' can
> work with GnuPG 2.1?  Do you plan to enable that functionality?

With GnuPG 2.1, the variable is even not necessary anymore.  When you set
epa-pinentry-mode to loopback, gpg-agent (now internally invoked by gpg)
talks to Emacs.  That means the passphrase you input from the minibuffer
will be cached in the gpg-agent's cache.

If you are on Debian sid, you can try it with:

- install GnuPG 2.1 package from experimental:
  $ apt-get install gnupg2/experimental

- add 'allow-loopback-pinentry' to ~/.gnupg/gpg-agent.conf
  $ echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf

- set epg-gpg-program to "gpg2" and also epa-pinentry-mode to 'loopback

Regards,
-- 
Daiki Ueno