From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Fix needed for communication with gpg-agent Date: Sat, 17 Feb 2007 15:57:37 -0500 Message-ID: Reply-To: rms@gnu.org NNTP-Posting-Host: lo.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1171745964 14019 80.91.229.12 (17 Feb 2007 20:59:24 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 17 Feb 2007 20:59:24 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 17 21:59:16 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HIWeJ-0001vy-DT for ged-emacs-devel@m.gmane.org; Sat, 17 Feb 2007 21:59:15 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HIWeI-0004qH-Ve for ged-emacs-devel@m.gmane.org; Sat, 17 Feb 2007 15:59:15 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HIWe6-0004q8-G2 for emacs-devel@gnu.org; Sat, 17 Feb 2007 15:59:02 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HIWe6-0004pu-2n for emacs-devel@gnu.org; Sat, 17 Feb 2007 15:59:02 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HIWe5-0004pn-UL for emacs-devel@gnu.org; Sat, 17 Feb 2007 15:59:01 -0500 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HIWe5-0006uy-Hj for emacs-devel@gnu.org; Sat, 17 Feb 2007 15:59:01 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from ) id 1HIWcj-0002DU-Cw; Sat, 17 Feb 2007 15:57:37 -0500 X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:66490 Archived-At: Would someone please implement this code, needed for correct redisplay after running pinentry? Then please ack. ------- Start of forwarded message ------- From: Werner Koch To: rms@gnu.org Subject: Redraw after calling gpg (was: [bug] PGG shows ?? when prompt for passphrase) CC: ueno@unixuser.org Organisation: g10 Code GmbH Date: Wed, 14 Feb 2007 19:02:56 +0100 In-Reply-To: (Richard Stallman's message of "Fri\, 09 Feb 2007 18\:49\:11 -0500") MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed version=3.0.4 On Sat, 10 Feb 2007 00:49, rms@gnu.org said: > Can you write a self-contained proposal? I will forward it to the > other Emacs developers to ask someone to implement it or suggest > changes. gpg-agent is a tool to take care of passphrase caching, private key operations and smart card access. It works as a dameon started for eahc user and calls a tool called Pinentry if it requires input from the user (Passphrase or PIN). This works very well on X11 as Pinentry can create its own windows soley under its own control. Without X, Pinentry falls back to a curses implementation (there is also a curses only version of Pinentry). This works pretty reliable but poses one problem: The screen needs a redraw as there is no portable way to save and restore the old screen content. What can be done is to redraw the screen every time after calling a crypto operation which uses gpg or gpgsm. This is of course not optimal as in most cases the passphrase has been cached and an expensive redraw is not required. To solve this problem the latest SVN Pinentry (-r 155) and GnuPG (-r 4434) have a new feature: Pinentry will touch a file if the curses version has been used right before returning control to gpg-agent and eventually to the calling appliaction. The file we touch is by default the socket gpg-agent is listening fro requests by gpg or gpgsm. An application calling gpg and expecting thyat a pinentry might pop up (i.e. signing or decrypting) should record the mtime of the socket file and compare that after the call to gpg. If it changed a redraw should be done. What a applaiction needs to do: 1. Get the value of the envvar GPG_AGENT_INFO. This envvar is set by gpg-agent and the central information on how to access gpg-agent. It works similar to the way ssh-agent works. Example: $ echo $GPG_AGENT_INFO /tmp/gpg-0Hg6cf/S.gpg-agent:22391:1 2. Parse that value and pass the first part to file-attributes. Record the mtime. 3. Call gpg or gpgsm 4. Do a file-attributes again on that file and compare the mtime against the recorded one. 5. It there is a mismatch a redraw should be done. Cronjobs invoking gpg (or ssh when --enable-ssh-support is used with gpg-agent) might also lead to a pinentry pop up. We can't do much about this but I don't think that it is a real problem. Such a Pinentry will only pop up rarely and hitting C-l is much easier than any other method. if you want to test this system and are using X, you can add a line like pinentry-program /usr/local/bin/pinentry-curses into ~/.gnupg/gpg-agent.conf and give gpg-agent a HUP. Salam-Shalom, Werner ------- End of forwarded message -------