[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prom

From: Ted Zlatanov
Subject: bug#15553: 24.3.50; epg.el and GnuPG 2.x cause unavoidable pinentry prompts for symmetrically encrypted files
Date: Mon, 07 Oct 2013 21:01:06 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Tue, 08 Oct 2013 08:54:17 +0900 Daiki Ueno <address@hidden> wrote: 

DU> Teodor Zlatanov <address@hidden> writes:

>> 1. Install GnuPG 2.x, don't run gpg-agent
>> 2. Open file.gpg, X or curses pinentry dialog pops up
>> The suggested workaround is to run gpg-agent.

DU> So you can workaround, what's your problem?

See below.

>> Problems:
>> - on a headless server this can lock up Emacs

DU> Not a problem if you use the workaround.

>> - if the GPG agent is dead, locked up, or not running, there's no remedy

DU> Ditto.

Look.  gpg-agent is an external daemon.  Kill it manually or it dies
accidentally or it blocks for whatever reason.  Now the user has no
access to their secret data and Emacs could even completely lock up.

You're assuming access to a resource that you can't verify (gpg-agent).
Or rather, GnuPG is depending on it.

>> - there's no way to avoid the prompt in favor of an Emacs minibuffer query

DU> As I said a number of times, that degrades security.  If the insecurity
DU> is okay for you, what's the reason you want to use GnuPG 2.x rather than
DU> GnuPG 1.x?

I'd rather not use either but have no choice right now.  I would like to
avoid the GnuPG dependency altogether as I've explained.  Anyhow, I was
hoping that GnuPG 2.x can provide a special option (as we've discussed
that you could propose) to make this possible.  If that's not your
interest, then let's just call this one done as a "user misunderstanding
of basic security" or whatever you like.

Thanks for your time

reply via email to

[Prev in Thread] Current Thread [Next in Thread]