Re: Why donʼt gnu.org and RMS sign mail?

[Dmitry Alexandrov]

Richard Stallman <address@hidden> wrote:
>   > Well, Iʼve tried, and the key obstacle now is that there seems to be 
> nothing to fix: with either GnuPG 2.1 or GnuPG 2.2 setting:
>
>   >   (setq epa-pinentry-mode 'loopback) ;; for Emacs 26
>   >   (setq epg-pinentry-mode 'loopback) ;; for Emacs 27
>
> Please note that I use Emacs on a text terminal.

Sure, I kept that in mind.

> That is what creates the problem.

Yes, indeed.  pinentry-curses(1) (which is used by default when no graphics is 
available) compete with Emacs for exclusive control over input, so once it 
started, it may be hard even to leave it without switching to the secondary TTY 
and typing ‘$ killall pinentry’.

With pinentry-tty(1) the situation is no way better.  They are specifically 
designed that way for security reasons.

> Also, I don't know what 'loopback' does.  It might not be what I want.

You want not to retype the passphrase on every access to the private key.  This 
requires using gpg-agent(1), which in modern GPG is the daemon that actually 
does the stuff, while gpg(1) is a mere frontend to it.

When gpg-agent need a passphrase to be typed in, it may either: (1) launch a 
pinentry command; or (2) send a request for it back to gpg(1) (or whatever 
frontend is used).

Default is to do the former, ‘loopback’ instructs it to do the latter.

Indeed, this is not the only way to use GPG 2 and Emacs on the same TTY, but 
the closest one to the legacy GPG 1 setup, that you are using now.

Another way is to use pinentry.el, which can be installed from elpa.gnu.org.  
However it needs support by pinentry itself, which is intentionally disabled in 
many distributions (e. g. Debian) for another bunch of security reasons.

signature.asc
Description: PGP signature