[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Small patch to enable use of gpg-agent with pgg
From: |
Sascha Wilde |
Subject: |
Re: Small patch to enable use of gpg-agent with pgg |
Date: |
Sun, 26 Mar 2006 20:11:30 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
Simon Josefsson <address@hidden> wrote:
> Sascha Wilde <address@hidden> writes:
>> Here is an example[0] from my own experience:
>>
>> - A user logs in on machine 'A' and starts the gpg-agent.
>> - He leaves the machine, but stays logged in...
>> - Now he uses machine 'B' to log in on machine 'A':
>> the environment is setup to use the already running gpg-agent
>> (automatically, in an login script)
>> - He starts Emacs/Gnus and tries to sign, decrypt whatever...
>> - The agent runs and is working, everything seems fine, but the user
>> isn't queried for the passphrase ... what happened?
>> - The User _is_ actually queried, but the pinentry program is started
>> on the X11 Display or tty of machine 'A'.
>>
>> I think this is a design problem of the gpg-agent. And yes, there are
>> several ways to circumvent this problem, but I think it would be very
>> convenient, if I could tell pgg to just ignore any agent and ask for
>> the passphrase.
>
> This example seems strange. How would the user's second session get
> the GPG_AGENT_INFO environment variable that points to the gpg-agent
> running in the user's first session? Without that, I don't think it
> will work as you describe.
You are right, but that is the way things work, when you follow the
official gpg-agent documentation:
| [...] If you don't use an X server, you can also put this into your
| regular startup file `~/.profile' or `.bash_profile'. It is best
| not to run multiple instance of the `gpg-agent', so you should make
| sure that only one is running: `gpg-agent' uses an environment
| variable to inform clients about the communication parameters. You
| can write the content of this environment variable to a file so that
| you can test for a running agent. [...]
> I'm not sure I see any disadvantage (except code complexity) with
> Daiki's approach.
Having a second thought on the subject I agree.
The problem exists (even in simpler use cases: when you login on the
text console and start an X server from there, the pinentry will
always appear on the console) but it is only related to gpg-agent
design and the documented use pattern -- so the place where this
problems should be discussed and solved is gnupg development.
I'll write the gnupg developers on this subject.
cheers
sascha
--
Sascha Wilde
- no sig today... sorry!
- Re: Small patch to enable use of gpg-agent with pgg, (continued)
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Sascha Wilde, 2006/03/27
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Reiner Steib, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Sascha Wilde, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Sascha Wilde, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg, Simon Josefsson, 2006/03/23
- Re: Small patch to enable use of gpg-agent with pgg,
Sascha Wilde <=
- Re: Small patch to enable use of gpg-agent with pgg, Miles Bader, 2006/03/23
Re: Small patch to enable use of gpg-agent with pgg, Reiner Steib, 2006/03/27