[Enigmail] GPG-AGENT preferences
Dirk Wetter
dirk.wetter at drwetter.org
Fri Oct 26 05:53:09 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On 26.10.2007 12:14, Patrick Brunschwig wrote:
> Dirk Wetter wrote:
>> Hi all,
>
>> the logic -- if I understand everything correctly --
>> behind when to use gpg-agent and when not doesn't
>> make sense to me. This seems to be one of the cases
>> where a program wants to be smarter than me, a human. :-)
>
>> A real world case: I have a Suse 10.3 system here
>> where through some magic I do not understand -- and
>> I do not care -- the GPG_AGENT_INFO environment variable is set.
>> However there's no gpg-agent started/it died/whatsoever. Besides:
>> Also if there would be one: heck, I don't want to use
>> it. Also the config in TB/EM say "please don't use it, I
>> don't want it". Why is that overridden?
>
>> My suggestion is to give the power of decision whether to use
>> the agent or not the switch "use gpg-agent for passphrase
>> handling" --- as people would expect -- and not the existence
>> of an environment variable.
>
> The problem is not so easy than you think. It's true, it currently looks
> like Enigmail refuses to accept what the user wants (which is basically
> true). The reason for to implement it this way is because with GnuPG v2,
> the use of gpg-agent is mandatory, i.e. GnuPG v2 does not work properly
> if the gpg-agent doesn't work.
Specifically the version 2 command line interface doesn't hiccup if
GPG_AGENT_INFO exists && there's no agent as opposed to EM/TB:
% set | grep -a GPG
GPG_AGENT_INFO=/tmp/gpg-5UBfpf/S.gpg-agent:11502:1
% dd if=/dev/zero of=test count=42
42+0 records in
42+0 records out
21504 bytes (22 kB) copied, 0.000182177 s, 118 MB/s
% gpg -e test
% rm -f test
% gpg -d test.gpg >test
You need a passphrase to unlock the secret key for user: "Dirk Wetter <XXXXXX>
2048-bit ELG key, ID XXXXX created 2003-11-26 (main key ID XXXXX)
can't connect to `/tmp/gpg-5UBfpf/S.gpg-agent': No such file or directory
gpg: can't connect to the agent - trying fall back
can?t lock memory: Cannot allocate memory
Warning: using insecure memory!
gpg: encrypted with 2048-bit ELG key, ID XXXXX, created 2003-11-26
"Dirk Wetter <XXXXX>"
% ls -l test
- -rw-r----- 1 me mygroup 21504 2007-10-26 14:15 test
> Given this, I have decided to start to
> adopt to GnuPG v2, and make use of gpg-agent whenever either
> GPG_AGENT_INFO is set, or if GnuPG v2 is detected.
What about the fallback solution above?
> In addition to the above, the use of gpg-agent has another advantage: it
> solves the problem of having several keys with different passwords.
[Yes, I read about that here (albeit forgot the point), but personally I
never had a problem with that before. ]
> If you don't want to use gpg-agent, then you must unset GPG_AGENT_INFO.
Ok, I certainly can do that with a wrapper (or within xsession) as a
workaround.
But what is the point of the button in the preferences then?
Why not look for the env variable, try to connect to the agent, if it fails
fall back to standard behavior. That must be somehow possible (the manpage
let assume that this is not, but since one can do that on the command
line...)?!
Cheers,
Dirk
> -Patrick
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
http://mozdev.org/mailman/listinfo/enigmail
- --
Dirk Wetter @ Dr. Wetter IT-Consulting http://drwetter.org
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3 64E5 C967 34D8 11B7 C62F
- -
Found core file older than 7 days: /usr/share/man/man5/core.5.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREDAAYFAkch4zUACgkQyWc02BG3xi/iCgCfV9M60iZSEQdoY8ceWyOPNyhw
g3oAn1IAvap+vv5G8pBxtPAgTxOJun1b
=tYyk
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list