From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Werner Koch <wk@gnupg.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Fix needed for communication with gpg-agent
Date: Fri, 23 Feb 2007 09:53:09 +0100
Message-ID: <87ps81tfuy.fsf@wheatstone.g10code.de>
References: <E1HIWcj-0002DU-Cw@fencepost.gnu.org>
	<87irdzs6pp.fsf@stupidchicken.com> <87fy91g1pl.fsf@catnip.gol.com>
	<87wt2dk2rv.fsf@stupidchicken.com> <873b4yt7xx.fsf@stupidchicken.com>
	<87ps82ukz8.fsf@wheatstone.g10code.de>
	<87slcynii0.fsf@stupidchicken.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1172221245 21624 80.91.229.12 (23 Feb 2007 09:00:45 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Fri, 23 Feb 2007 09:00:45 +0000 (UTC)
Cc: Sascha Wilde <wilde@sha-bang.de>, Daiki Ueno <ueno@unixuser.org>,
	emacs-devel@gnu.org, rms@gnu.org, Miles Bader <miles@gnu.org>
To: Chong Yidong <cyd@stupidchicken.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Feb 23 10:00:38 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1HKWI9-0007xm-10
	for ged-emacs-devel@m.gmane.org; Fri, 23 Feb 2007 10:00:37 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1HKWI8-0007b1-JM
	for ged-emacs-devel@m.gmane.org; Fri, 23 Feb 2007 04:00:36 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HKWHt-0007aw-Uy
	for emacs-devel@gnu.org; Fri, 23 Feb 2007 04:00:22 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1HKWHs-0007aj-Bw
	for emacs-devel@gnu.org; Fri, 23 Feb 2007 04:00:21 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1HKWHs-0007ag-7v
	for emacs-devel@gnu.org; Fri, 23 Feb 2007 04:00:20 -0500
Original-Received: from kerckhoffs.g10code.com ([217.69.77.222])
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1HKWHr-0005JI-OV
	for emacs-devel@gnu.org; Fri, 23 Feb 2007 04:00:19 -0500
Original-Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1
	(Debian)) id 1HKWL9-00078H-7X
	for <emacs-devel@gnu.org>; Fri, 23 Feb 2007 10:03:43 +0100
Original-Received: from wk by localhost with local (Exim 4.62 #1 (Debian))
	id 1HKWAv-0000pS-Bt; Fri, 23 Feb 2007 09:53:09 +0100
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Mail-Followup-To: Chong Yidong <cyd@stupidchicken.com>, Sascha Wilde
	<wilde@sha-bang.de>, Daiki Ueno <ueno@unixuser.org>, Miles Bader
	<miles@gnu.org>, rms@gnu.org, emacs-devel@gnu.org
In-Reply-To: <87slcynii0.fsf@stupidchicken.com> (Chong Yidong's message of
	"Thu\, 22 Feb 2007 13\:40\:23 -0500")
User-Agent: Gnus/5.110006 (No Gnus v0.6)
X-detected-kernel: Linux 2.2 (2)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:66658
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/66658>

On Thu, 22 Feb 2007 19:40, cyd@stupidchicken.com said:

> In that case, I think Emacs should disable use of gpg-agent when
> running in a console, except when gpg-agent already has a passphrase
> cached.  Then all we need is some method for Emacs to determine if the

That is only a short term solution.  The goal of gpg-agent is to take
care of _all_ secret key[1] management.  gpg and gpgsm will delegate
all secret key operations to gpg-agent and nevermwork with a secret
key directly.  This is already the case for gpgsm, the S/MIME variant
of gpg.  As time permits this will be implemented in gpg too.  Using
gpg-agent as a passphrase cache for gpg is only a temporrary solution.

> > Is it possible to enhance server-start/emacsclient so that it does not
> > edit a file but asks for string and returns that one?  Pinentry could
> > then use this feature for user interaction.
>
> I'm not sure how this suggestion could work.

Recall that pinentry is called on the sole discretion of gpg-agent.
Only gpg-agent knows whether Pinentry needs to be called.

My suggestion is this:

 +-------+    +-----------+    +-----------+       +----------+
 | emacs | -> | gpg/gpgsm | -> | gpg-agent | ----> | pinentry |
 +-------+    +-----------+    +-----------+ (may) +----------+
     ^                                                  |
     |                                                  |
     +--------------------------------------------------+
           (some mechanism to loop back to emacs)

Pinentry uses this:

  if DISPLAY set
     Use GUI mode; no problem
  else if SOME_EMACS_ENVVAR set
     Loop back to emacs
  else 
     Use Curses

to decide wether that emacs loop back method is to be used.  It will
then ask emacs: Please create a form or a minibuffer with this or that
description and return the user input to me.

I don't know the emacsclient protocol and whether it can easiliy be
enhanced for that case.  To me this sounds like a viable solution
which does not require emacs to stop other processing if no pinentry
is required.


Shalom-Salam,

   Werner