I have to enter my passphrase twice?

I have to enter my passphrase twice?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 608 bytes --]

As of recent, I have to enter my GnuPG passphrase twice when signing
outgoing messages.  I can't track down the exact time this started
happening; suffice to say it was a couple of apt-get update's ago.  

The most frustrating part is that I can't seem to pin down the behavior.
Sometimes I get prompted:

  GnuPG passphrase for 8D02A6F1:

Other times I see:

  GnuPG passphrase for kirk@strauser.com:

At other times, I see one of them followed immediately by the other one.

I am signing my messages with the "<#secure method=pgpmime mode=sign>"
method.  Any thoughts?
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: I have to enter my passphrase twice?

[Simon Josefsson]

Kirk Strauser <kirk@strauser.com> writes:

> As of recent, I have to enter my GnuPG passphrase twice when signing
> outgoing messages.  I can't track down the exact time this started
> happening; suffice to say it was a couple of apt-get update's ago.  
>
> The most frustrating part is that I can't seem to pin down the behavior.
> Sometimes I get prompted:
>
>   GnuPG passphrase for 8D02A6F1:
>
> Other times I see:
>
>   GnuPG passphrase for kirk@strauser.com:
>
> At other times, I see one of them followed immediately by the other one.
>
> I am signing my messages with the "<#secure method=pgpmime mode=sign>"
> method.  Any thoughts?

How is the message posted?  Note that news, mail and gcc are
considered separate mechanisms (they have different body encoding
requirements), so more than one signature may be needed in some cases.

Re: I have to enter my passphrase twice?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 1162 bytes --]

At 2003-05-05T14:30:26Z, Kirk Strauser <kirk@strauser.com> writes:

> As of recent, I have to enter my GnuPG passphrase twice when signing
> outgoing messages.

OK, I've narrowed down the trigger behavior slightly.  It happens when I use
"<#secure method=pgp mode=sign>" to sign my email (instead of
"method=pgpmime").  When I hit C-c C-c to send my message, I get:

    GnuPG passphrase for kirk@strauser.com: 

After I enter it, I see:

    Sending via mail...

flash briefly across the minibuffer.  Then I get a second prompt:

    GnuPG passphrase for kirk@strauser.com: 

and only after I correctly re-enter my passphrase do I get the "Message
sent" message.

The supremely annoying part is that if I mis-enter my passphrase at the
second prompt, which I sometimes do because it's a fairly long phrase, then
the message gets sent twice.

Finally, I've set pgg-default-user-id to "8D02A6F1", which is the
fingerprint for my key.  Why is it now sometimes prompting for the key for
"kirk@strauser.com", which is something it had never done before?

Did I manage to (require 'nsa-passphrase-logger) somewhere?
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: I have to enter my passphrase twice?

[Simon Josefsson]

Kirk Strauser <kirk@strauser.com> writes:

> At 2003-05-05T14:30:26Z, Kirk Strauser <kirk@strauser.com> writes:
>
>> As of recent, I have to enter my GnuPG passphrase twice when signing
>> outgoing messages.
>
> OK, I've narrowed down the trigger behavior slightly.  It happens when I use
> "<#secure method=pgp mode=sign>" to sign my email (instead of
> "method=pgpmime").  When I hit C-c C-c to send my message, I get:
>
>     GnuPG passphrase for kirk@strauser.com: 
>
> After I enter it, I see:
>
>     Sending via mail...
>
> flash briefly across the minibuffer.  Then I get a second prompt:
>
>     GnuPG passphrase for kirk@strauser.com: 
>
> and only after I correctly re-enter my passphrase do I get the "Message
> sent" message.
>
> The supremely annoying part is that if I mis-enter my passphrase at the
> second prompt, which I sometimes do because it's a fairly long phrase, then
> the message gets sent twice.

Do you use GCC?  Perhaps the message that is mailed is signed
correctly, but the second signature (for GCC) fails, and the GCC code
doesn't signal an error.  Can you look in your GCC group?

> Finally, I've set pgg-default-user-id to "8D02A6F1", which is the
> fingerprint for my key.  Why is it now sometimes prompting for the key for
> "kirk@strauser.com", which is something it had never done before?

This problem should be fixed by the patch below.  Please try it and
tell if it works or not.

Index: mml1991.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml1991.el,v
retrieving revision 6.22
diff -u -p -u -w -r6.22 mml1991.el
--- mml1991.el	2 May 2003 17:55:20 -0000	6.22
+++ mml1991.el	5 May 2003 15:54:17 -0000
@@ -234,7 +234,7 @@
       (delete-region (point-min) (point)))
     (quoted-printable-decode-region (point-min) (point-max))
     (unless (let ((pgg-default-user-id
-		   (or (message-options-get 'message-sender)
+		   (or (message-options-get 'mml-sender)
 		       pgg-default-user-id)))
 	      (pgg-sign-region (point-min) (point-max) t))
       (pop-to-buffer pgg-errors-buffer)

Re: I have to enter my passphrase twice?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 664 bytes --]

At 2003-05-05T15:55:29Z, Simon Josefsson <jas@extundo.com> writes:

> Do you use GCC?  Perhaps the message that is mailed is signed correctly,
> but the second signature (for GCC) fails, and the GCC code doesn't signal
> an error.  Can you look in your GCC group?

Yes, I use GCC.  Out of curiosity, why would it sign the message twice?

> This problem should be fixed by the patch below.  Please try it and
> tell if it works or not.

So far, so good.  Thanks!

One lingering question, though: where did it get "kirk@strauser.com" as my
key ID?  That happens to be a userid on the key I use, but I never specified
it anywhere.
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: I have to enter my passphrase twice?

[Steve Youngs]

|--==> "KS" == Kirk Strauser <kirk@strauser.com> writes:

  KS> As of recent, I have to enter my GnuPG passphrase twice when
  KS> signing outgoing messages.

I've seen this too, bloody annoying.  You're using PGG, right?  You
can easily get around this by setting a passphrase cache:

,----[ C-h v pgg-cache-passphrase RET ]
| `pgg-cache-passphrase' is a variable declared in Lisp.
|   -- loaded from "pgg-def"
| 
| Value: t
| 
| Documentation:
| If t, cache passphrase.
`----

,----[ C-h v pgg-passphrase-cache-expiry RET ]
| `pgg-passphrase-cache-expiry' is a variable declared in Lisp.
|   -- loaded from "pgg-def"
| 
| Value: 16
| 
| Documentation:
| How many seconds the passphrase is cached.
| Whether the passphrase is cached at all is controlled by
| `pgg-cache-passphrase'.
`----


-- 
|---<Steve Youngs>---------------<GnuPG KeyID: 10D5C9C5>---|
|        XEmacs - The only _______ you'll ever need.       |
|          Fill in the blank, yes, it's THAT good!         |
|------------------------------------<youngs@xemacs.org>---|

Re: I have to enter my passphrase twice?

[Simon Josefsson]

Kirk Strauser <kirk@strauser.com> writes:

> At 2003-05-05T15:55:29Z, Simon Josefsson <jas@extundo.com> writes:
>
>> Do you use GCC?  Perhaps the message that is mailed is signed correctly,
>> but the second signature (for GCC) fails, and the GCC code doesn't signal
>> an error.  Can you look in your GCC group?
>
> Yes, I use GCC.  Out of curiosity, why would it sign the message twice?

Because the body in GCC may be encoded differently than the body that
is sent via mail.  If this sounds weird, here is an elaboration:

Consider if you set gnus-gcc-externalize-attachments and attach a file
to your message.  Then the body encoded for GCC is very different than
the body encoded for mail.  (Namely, the latter one includes the file,
whereas the former only includes a external MIME reference.)

If you posted your message to a newsgroup too (that is, both via mail
and news, and GCC), you might have to sign the message three times,
since Usenet have different encoding requirements than mail (e.g.,
iso-8859-1 may be prefered over utf-8 in one newsgroup, and the other
way around in another, and any choice may be different from what is
prefered for mail).

In general, a given MML message encoded for mail, news or GCC do not
necessarily look the same.  So they need different signatures.

I guess the security system could "cache" (unsigned-msg, signed-msg)
tuples so the user is not queried twice if the encodings are
identical.  But this sounds like work, and might end up not being used
in the majority of cases anyway due to subtle differences.

Perhaps you object to these ideas, and want GCC to simply save a
_copy_ of what was actually mailed.  Currently this is not what GCC
does, but if you want that behavior instead, BCC yourself and filter
them into your sent-mail folder.

> One lingering question, though: where did it get "kirk@strauser.com" as my
> key ID?  That happens to be a userid on the key I use, but I never specified
> it anywhere.

It was taken from the From: header.

Re: I have to enter my passphrase twice?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 474 bytes --]

At 2003-05-05T17:22:47Z, Simon Josefsson <jas@extundo.com> writes:

> Because the body in GCC may be encoded differently than the body that
> is sent via mail.

OK, that's reasonable.  Still, why did it just start happening in the last
few days?  I've been using this exact setup for the last few months without
incident.  In fact, my .gnus dates to last month.  I *think* that the change
happened during the update (via Debian) to Gnus 5.10.1.
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: I have to enter my passphrase twice?

[Simon Josefsson]

Kirk Strauser <kirk@strauser.com> writes:

> At 2003-05-05T17:22:47Z, Simon Josefsson <jas@extundo.com> writes:
>
>> Because the body in GCC may be encoded differently than the body that
>> is sent via mail.
>
> OK, that's reasonable.  Still, why did it just start happening in the last
> few days?  I've been using this exact setup for the last few months without
> incident.  In fact, my .gnus dates to last month.  I *think* that the change
> happened during the update (via Debian) to Gnus 5.10.1.

I suspect it is related to the changes of the default key id, which
causes the PGG key phrase cache to stop work, so now you get the query
twice, whereas before the PGG key phrase handled it.  Just a guess.

(Yes, the PGG key phrase cache need to be improved.  Currently I think
it becomes somewhat confused when you have multiple personalities.)

Re: I have to enter my passphrase twice?

[Kirk Strauser]

[-- Attachment #1: Type: text/plain, Size: 356 bytes --]

At 2003-05-05T16:38:13Z, Steve Youngs <youngs@xemacs.org> writes:

> I've seen this too, bloody annoying.  You're using PGG, right?  You
> can easily get around this by setting a passphrase cache:

You'd think.  But I've set pgg-cache-passphrase to 't' and
pgg-passphrase-cache-expiry to '7200' and it didn't help.  :-/
-- 
Kirk Strauser

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]