Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <address@hidden> writes:

> Could you please leave it in the GNU Emacs CVS, where it actually
> works as intended?

Yep, done.  It complicate syncing a bit, though.

>> If/when Daiki's idea (as I understand it) is implemented, the end
>> result will be:
>>
>> *) Pgg will invoke gpg and then figure out whether a passphrase is
>>    needed and only at that point query for it.  This will work
>>    regardless of whether the agent is used, whether a passphrase is
>>    required or not, or whether a pin code is required.  The user
>>    doesn't have to fiddle with any variable.
>
> I don't think so.  While I'm sure, that Daiki's idea -- once it
> works -- will handle certain situations better than mine, there will
> still be the need for an variable enabling the user to turn of any use
> of the agent.
>
> Here is an example[0] from my own experience:
>
> - A user logs in on machine 'A' and starts the gpg-agent.
> - He leaves the machine, but stays logged in...
> - Now he uses machine 'B' to log in on machine 'A':
>   the environment is setup to use the already running gpg-agent
>   (automatically, in an login script)
> - He starts Emacs/Gnus and tries to sign, decrypt whatever...
> - The agent runs and is working, everything seems fine, but the user
>   isn't queried for the passphrase ... what happened?
> - The User _is_ actually queried, but the pinentry program is started
>   on the X11 Display or tty of machine 'A'.
>
> I think this is a design problem of the gpg-agent.  And yes, there are
> several ways to circumvent this problem, but I think it would be very
> convenient, if I could tell pgg to just ignore any agent and ask for
> the passphrase.

This example seems strange.  How would the user's second session get
the GPG_AGENT_INFO environment variable that points to the gpg-agent
running in the user's first session?  Without that, I don't think it
will work as you describe.  I think the user should start another
gpg-agent for his new session.

I'm not sure I see any disadvantage (except code complexity) with
Daiki's approach.  Maybe you can expand on the above, or think of more
problems, and we can see whether maybe we should use some other
approach.  Perhaps move that discussion to the ding list only.

Daiki's approach is also arguable more correct if you don't have a
passphrase at all.  The Gnus query for a passphrase would be quite
confusing in that case.

> Even gpg itself doesn't use an available agent automatically, but only
> when it's asked to (by setting --use-agent) and I think this is a good
> decision.

I have 'use-agent' in my gpg.conf.  If the agent isn't available, gpg
will fall back to querying to user interactively.  That seem to give
the best user experience for gpg, so I think we should support it.

Further, if you use a smartcard (like an OpenPGP card), it seems you
_must_ use the agent for things to work at all.  (I can't get gpg to
sign anything using my smartcard if I disable the agent.)