From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: John Williams Newsgroups: gmane.emacs.bugs Subject: bug#29907: 25.3; Easy PG should warn users that passphrases are not cached forever Date: Sun, 28 Jan 2018 18:31:28 +0000 Message-ID: References: <87mv0ykkue.fsf@users.sourceforge.net> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="f403045d5b641906bf0563da575e" X-Trace: blaine.gmane.org 1517164227 29032 195.159.176.226 (28 Jan 2018 18:30:27 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 28 Jan 2018 18:30:27 +0000 (UTC) Cc: 29907@debbugs.gnu.org To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jan 28 19:30:22 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1efriW-0006hX-4Y for geb-bug-gnu-emacs@m.gmane.org; Sun, 28 Jan 2018 19:30:12 +0100 Original-Received: from localhost ([::1]:54087 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1efrkW-0004y7-Um for geb-bug-gnu-emacs@m.gmane.org; Sun, 28 Jan 2018 13:32:16 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40722) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1efrkM-0004wo-1O for bug-gnu-emacs@gnu.org; Sun, 28 Jan 2018 13:32:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1efrkI-0006RJ-SV for bug-gnu-emacs@gnu.org; Sun, 28 Jan 2018 13:32:06 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:38564) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1efrkI-0006RA-NB for bug-gnu-emacs@gnu.org; Sun, 28 Jan 2018 13:32:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1efrkI-0006tS-Gt for bug-gnu-emacs@gnu.org; Sun, 28 Jan 2018 13:32:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: John Williams Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 28 Jan 2018 18:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 29907 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 29907-submit@debbugs.gnu.org id=B29907.151716430626471 (code B ref 29907); Sun, 28 Jan 2018 18:32:02 +0000 Original-Received: (at 29907) by debbugs.gnu.org; 28 Jan 2018 18:31:46 +0000 Original-Received: from localhost ([127.0.0.1]:46461 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1efrk2-0006st-Dr for submit@debbugs.gnu.org; Sun, 28 Jan 2018 13:31:46 -0500 Original-Received: from mail-wr0-f174.google.com ([209.85.128.174]:33934) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1efrk0-0006se-KY for 29907@debbugs.gnu.org; Sun, 28 Jan 2018 13:31:45 -0500 Original-Received: by mail-wr0-f174.google.com with SMTP id 36so4847185wrh.1 for <29907@debbugs.gnu.org>; Sun, 28 Jan 2018 10:31:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V4b0AuEZ+ItqbcMgQhNPS2i0LrMkmZp28EmcioNUnsM=; b=HYT9VgIak513UJOTLsNIo/zjS6r6LnX/nOq4lmPuhNuazEfgK4piz8Ok9tVhwlCwAK Ex+QV0pJVj8rpnoT1FbCjIksL760H5jmruSzO5YMdwCRoF+yjXZUHakPIY+1g+pluzcT 8kRmpUZSSfd1fdYvuL+3DC0F/IWm4lKJ+bV4dTLR+I8qphsYnwYQzociXoLcGLI47guE +c8bT/QOC6cr1/tNzBStBwD8AYLPd+LFWjMpnNCbtB3otegOv04oFq9kL4JdnWYpX0T+ oM796QrPHQZRCcOhNDHPUY1BHrYu4jruwdm8MgJdJDTDFZIHK8TnPnrpTUNZJ6AVaQls tGyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V4b0AuEZ+ItqbcMgQhNPS2i0LrMkmZp28EmcioNUnsM=; b=tPMgc+wMCBNtptJvBTBlmenxRBvJCTxleRtMlVzBRhJMlppgJCNCov/0wV+j1xoQE3 a4k8oZFNQNIX4kXlU4ArWeEvW7fAqj9AckNVBn52tMjbRjTOgH1vlbi7wTegQGf/F1Ov cp/h6OPJvDu+1FI95USxCTTcI7vv6tDwjq/bHoBg9O0q1810LfTdP/XvoserAzw9OXo7 nI2X6bwf2suoiLf2/suLNg6v/PQBLhEIJQS74ls9278jPGJ9MeSni3AhvT0sBr/hYsO7 BzIzuvZFs3SHokbUNMd0sk9G5FgXCsEv14mfvbsOmh2qQ8YOb+hlpCIF8Ah0vIWIVMZK Ze1Q== X-Gm-Message-State: AKwxytcIGPmwWthTE/SRPyN5IWv1evK4+2SqixwyoaI24B37LoJQ4eBH mohBtJl+LC9NE3+l/HK2Rf4L9dZeSUP4woTjifY= X-Google-Smtp-Source: AH8x227q1a63kJPCTnAxwOReCl/XhSFTcdYLldXwVCb4Muk9wnU7zRDEvinEhH5+PlezxMfswO8KVEP+jDOMtVBah/Y= X-Received: by 10.223.142.105 with SMTP id n96mr361362wrb.54.1517164298829; Sun, 28 Jan 2018 10:31:38 -0800 (PST) In-Reply-To: <87mv0ykkue.fsf@users.sourceforge.net> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:142616 Archived-At: --f403045d5b641906bf0563da575e Content-Type: text/plain; charset="UTF-8" Thanks! On Mon, 29 Jan 2018 at 05:29 Noam Postavsky wrote: > John Williams writes: > > > I encrypted a file using Easy PG. When I did so, I specified a pass > > phrase via a window manager pop-up dialog and checked the option to > > save the pass phrase in the "keyring". I am using GNOME, so I assumed > > that the "keyring" in question was Seahorse. > > > > I opened the file again and was not prompted for the pass phrase. I > > was happy. I rebooted to see if the cache was ephemeral, and lo, it > > was not. I was happy. > > > > A few days later, I attempted to open the file again, and was prompted > > for the password. I had forgotten it, and now there is no way to > > access the contents of the file. I am very sad, because the contents > > of the file are worth about $20,000 to me. > > Hmm, I don't think gpg-agent caches over reboots, so I wonder what saved > your pass phrase the first time. > > > Mea culpa. I should not have trusted software for such an important > > task without reading the manual. But after reading the manual, I find > > no mention that the pass phrase caching is ephemeral. After much > > Googling, I found out about gpg-agent and max-cache-ttl. > > > > I don't think it's reasonable to expect users to read long manuals, or > > already be experts in underlying technology, in order to use simple > > functionality. I also think the the dialog that prompts for a pass > > phrase should inform the user about default-cache-ttl and > > max-cache-ttl. > > > > I also think the dialog, and the manual, should emphasise very > > strongly that pass phrases are not cached forever. > > I somewhat feel that the term "cache" already implies temporary, but > saying it explicitly shouldn't hurt I guess. Emacs is not in control of > the dialog at all, so we cannot affect that. > > --- i/doc/misc/epa.texi > +++ w/doc/misc/epa.texi > @@ -474,7 +474,9 @@ Caching Passphrases > > Typing passphrases is a troublesome task if you frequently open and > close the same file. GnuPG and EasyPG Assistant provide mechanisms to > -remember your passphrases. However, the configuration is a bit > +remember your passphrases for a limited time. Using these, you only > +need to re-enter the passphrase occasionally. > +However, the configuration is a bit > confusing since it depends on your GnuPG installation@xref{GnuPG > version compatibility}, encryption method (symmetric or public key), > and whether or not you want to use gpg-agent. Here are some > --f403045d5b641906bf0563da575e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks!=C2=A0

On Mon, 29 Jan 2018 at 05:29 Noam Postavsky <npostavs@users.sourceforge.net> wrot= e:
John Williams <johnfrombluff@gmail.com&= gt; writes:

> I encrypted a file using Easy PG. When I did so, I specified a pass > phrase via a window manager pop-up dialog and checked the option to > save the pass phrase in the "keyring". I am using GNOME, so = I assumed
> that the "keyring" in question was Seahorse.
>
> I opened the file again and was not prompted for the pass phrase. I > was happy. I rebooted to see if the cache was ephemeral, and lo, it > was not. I was happy.
>
> A few days later, I attempted to open the file again, and was prompted=
> for the password. I had forgotten it, and now there is no way to
> access the contents of the file. I am very sad, because the contents > of the file are worth about $20,000 to me.

Hmm, I don't think gpg-agent caches over reboots, so I wonder what save= d
your pass phrase the first time.

> Mea culpa. I should not have trusted software for such an important > task without reading the manual. But after reading the manual, I find<= br> > no mention that the pass phrase caching is ephemeral. After much
> Googling, I found out about gpg-agent and max-cache-ttl.
>
> I don't think it's reasonable to expect users to read long man= uals, or
> already be experts in underlying technology, in order to use simple > functionality. I also think the the dialog that prompts for a pass
> phrase should inform the user about default-cache-ttl and
> max-cache-ttl.
>
> I also think the dialog, and the manual, should emphasise very
> strongly that pass phrases are not cached forever.

I somewhat feel that the term "cache" already implies temporary, = but
saying it explicitly shouldn't hurt I guess.=C2=A0 Emacs is not in cont= rol of
the dialog at all, so we cannot affect that.

--- i/doc/misc/epa.texi
+++ w/doc/misc/epa.texi
@@ -474,7 +474,9 @@ Caching Passphrases

=C2=A0Typing passphrases is a troublesome task if you frequently open and =C2=A0close the same file.=C2=A0 GnuPG and EasyPG Assistant provide mechani= sms to
-remember your passphrases.=C2=A0 However, the configuration is a bit
+remember your passphrases for a limited time.=C2=A0 Using these, you only<= br> +need to re-enter the passphrase occasionally.
+However, the configuration is a bit
=C2=A0confusing since it depends on your GnuPG installation@xref{GnuPG
=C2=A0version compatibility}, encryption method (symmetric or public key),<= br> =C2=A0and whether or not you want to use gpg-agent.=C2=A0 Here are some
--f403045d5b641906bf0563da575e--