From: "Michael Teichgräber" <mt@wmipf.in-berlin.de>
Cc: ding@gnus.org
Subject: Re: pgg*.el and passphrase caching
Date: Wed, 20 Aug 2003 07:57:59 +0200 [thread overview]
Message-ID: <87k798oopk.fsf@wmipf.in-berlin.de> (raw)
In-Reply-To: <871xvhxzvo.fsf@pooh.honeypot.net> (Kirk Strauser's message of "Tue, 19 Aug 2003 13:31:55 -0500")
[-- Attachment #1: Type: text/plain, Size: 4377 bytes --]
Kirk Strauser <kirk@strauser.com> writes:
> I use gpg-agent. How can I prevent Gnus from prompting for my
> passphrase so that the agent always handles the entry?
For a while I have been using the appended patch. It introduces a
defcustom of type boolean `pgg-gpg-use-agent-if-available', and a
defconst `pgg-gpg-agent-available' that is t if GPG_AGENT_INFO is set.
A function pgg-gpg-use-agent then is used at various places to avoid
the passphrase being read by Gnus.
--
Michael
Index: pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 6.13
diff -u -p -r6.13 pgg-gpg.el
--- pgg-gpg.el 6 Apr 2003 00:18:33 -0000 6.13
+++ pgg-gpg.el 17 Apr 2003 12:14:01 -0000
@@ -36,6 +36,14 @@
:group 'pgg-gpg
:type 'string)
+(defcustom pgg-gpg-use-agent-if-available nil
+ "Whether to use gpg-agent if it can be located via environment."
+ :group 'pgg-gpg
+ :type 'boolean)
+
+(defconst pgg-gpg-agent-available (if (getenv "GPG_AGENT_INFO") t)
+ "If gpg-agent can be located, this constant is t.")
+
(defcustom pgg-gpg-extra-args nil
"Extra arguments for every GnuPG invocation."
:group 'pgg-gpg
@@ -46,6 +54,13 @@
(defvar pgg-gpg-user-id nil
"GnuPG ID of your default identity.")
+(defun pgg-gpg-use-agent ()
+ "If it returns t, gpg will be told to use gpg-agent for secret key
+management, otherwise PGG will ask you for passphrase(s). Depends on
+the value of `pgg-gpg-use-agent-if-available', and whether the agent
+can be located."
+ (and pgg-gpg-agent-available pgg-gpg-use-agent-if-available))
+
(defun pgg-gpg-process-region (start end passphrase program args)
(let* ((output-file-name
(expand-file-name (make-temp-name "pgg-output")
@@ -53,7 +68,8 @@
(args
`("--status-fd" "2"
,@(if passphrase '("--passphrase-fd" "0"))
+ ,@(if (pgg-gpg-use-agent) '("--use-agent"))
"--yes" ; overwrite
"--output" ,output-file-name
,@pgg-gpg-extra-args ,@args))
(output-buffer pgg-output-buffer)
@@ -96,8 +112,8 @@
(re-search-forward "^\\[GNUPG:] GOOD_PASSPHRASE\\>" nil t)))
(pgg-add-passphrase-cache
(progn
- (goto-char (point-min))
- (if (re-search-forward
+ (goto-char (point-max))
+ (if (re-search-backward
"^\\[GNUPG:] NEED_PASSPHRASE \\w+ ?\\w*" nil t)
(substring (match-string 0) -8)))
passphrase)))
@@ -123,9 +139,10 @@ If optional argument SIGN is non-nil, do
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
(when sign
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))))
(args
(append
(list "--batch" "--armor" "--always-trust" "--encrypt")
@@ -148,9 +165,10 @@ If optional argument SIGN is non-nil, do
"Decrypt the current region between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))
(args '("--batch" "--decrypt")))
(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(with-current-buffer pgg-errors-buffer
@@ -162,9 +180,10 @@ If optional argument SIGN is non-nil, do
"Make detached signature from text between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'sign)))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'sign))))
(args
(list (if cleartext "--clearsign" "--detach-sign")
"--armor" "--batch" "--verbose"
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
next prev parent reply other threads:[~2003-08-20 5:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-19 9:02 Mark Trettin
2003-08-19 18:31 ` Kirk Strauser
2003-08-20 5:57 ` Michael Teichgräber [this message]
2003-08-20 14:07 ` Kirk Strauser
2003-08-20 15:00 ` Kirk Strauser
[not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl>
2003-08-20 16:38 ` Kirk Strauser
2003-08-20 16:44 ` Simon Josefsson
2003-08-20 6:23 ` Xavier Maillard
2003-08-20 7:29 ` Michael Teichgräber
2003-08-20 15:31 ` Mark Trettin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k798oopk.fsf@wmipf.in-berlin.de \
--to=mt@wmipf.in-berlin.de \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).