[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15552: 24.3.50; epa-file-cache-passphrase-for-symmetric-encryption n

From: Daiki Ueno
Subject: bug#15552: 24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x
Date: Wed, 09 Oct 2013 06:51:57 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Stefan Monnier <address@hidden> writes:

>>>>> 1. On the local system, install GnuPG 2.x and don't run the gpg-agent
>>>>> 2. Set epa-file-cache-passphrase-for-symmetric-encryption to t
>>>>> 3. Open file.gpg: password dialog pops up
>>>>> 4. close file.gpg
>>>>> 5. Open file.gpg: password dialog pops up again
>>>>> Step (5) should not prompt.  It works properly with GnuPG 1.x.

> Still I'm confused: what kind of caching does
> epa-file-cache-passphrase-for-symmetric-encryption offer, then?
> From the docstring I got the impression that it would cache the
> passphrase in Emacs's heap, so gpg's own caching should be largely
> irrelevant (in the second session it will prompt for a password, which
> Emacs should provide from its own cache without prompting the user).

It used to work like that with gpg1.  However, gpg2's implementation
choice is that it does not leak the indication that gpg2 (actually
gpg-agent) requires passphrase and it does not allow other tools than
pinentry to inject passphrase.

IMO that's a good idea for security (as pinentry uses secmem).

>         Stefan "Also confused about what "symmetric" has to do with it"

Perhaps you could try the above recipe under gpg-agent is properly set up:

$ echo abc > file
$ gpg --symmetric file
$ eval `gpg-agent --daemon`
$ gpg2 < file.gpg
$ gpg2 < file.gpg

You won't be asked for the passphrase at the second time, because
gpg-agent remembers passphrase based on the file content.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]