* pgg*.el and passphrase caching @ 2003-08-19 9:02 Mark Trettin 2003-08-19 18:31 ` Kirk Strauser 2003-08-20 7:29 ` Michael Teichgräber 0 siblings, 2 replies; 10+ messages in thread From: Mark Trettin @ 2003-08-19 9:02 UTC (permalink / raw) Hallo, I want to switch from gpg.el to pgg.el. I encounterd the problem, that passphrase caching doesn't work as I would expect. I try to describe what happens: I have 3 mails: - msg 1 from A - msg 2 my answer to 1 - msg 3 A's answer to 2 If I want to (re)view msg 1 pgg.el asks me to enter the passphrase for A's key-ID. When I enter my passphrase the message gets decrypted and the passphrase is cached so I can view msg 2 without reentering the passphrase. When I now want to view message 3 pgg again asks me for A's passphrase so I have to reenter mine. I *think* the problem is, that all messages also are "encrypted to self" and pgg.el wants to take the first Key-ID it finds (and this is the one of the originator of the mail). Is there a way to say: "Always take one of my Key-IDs"? And then decrypt the messages with the cached phrase? I don't know if it's a gpg problem or a pgg one. Bye Mark -- Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05' BOFH excuse #165: Backbone Scoliosis ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin @ 2003-08-19 18:31 ` Kirk Strauser 2003-08-20 5:57 ` Michael Teichgräber 2003-08-20 6:23 ` Xavier Maillard 2003-08-20 7:29 ` Michael Teichgräber 1 sibling, 2 replies; 10+ messages in thread From: Kirk Strauser @ 2003-08-19 18:31 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 359 bytes --] At 2003-08-19T09:02:42Z, Mark Trettin <mtr-dev0@gmx.de> writes: > Is there a way to say: "Always take one of my Key-IDs"? And then decrypt > the messages with the cached phrase? By the same token: I use gpg-agent. How can I prevent Gnus from prompting for my passphrase so that the agent always handles the entry? -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-19 18:31 ` Kirk Strauser @ 2003-08-20 5:57 ` Michael Teichgräber 2003-08-20 14:07 ` Kirk Strauser 2003-08-20 6:23 ` Xavier Maillard 1 sibling, 1 reply; 10+ messages in thread From: Michael Teichgräber @ 2003-08-20 5:57 UTC (permalink / raw) Cc: ding [-- Attachment #1: Type: text/plain, Size: 4377 bytes --] Kirk Strauser <kirk@strauser.com> writes: > I use gpg-agent. How can I prevent Gnus from prompting for my > passphrase so that the agent always handles the entry? For a while I have been using the appended patch. It introduces a defcustom of type boolean `pgg-gpg-use-agent-if-available', and a defconst `pgg-gpg-agent-available' that is t if GPG_AGENT_INFO is set. A function pgg-gpg-use-agent then is used at various places to avoid the passphrase being read by Gnus. -- Michael Index: pgg-gpg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v retrieving revision 6.13 diff -u -p -r6.13 pgg-gpg.el --- pgg-gpg.el 6 Apr 2003 00:18:33 -0000 6.13 +++ pgg-gpg.el 17 Apr 2003 12:14:01 -0000 @@ -36,6 +36,14 @@ :group 'pgg-gpg :type 'string) +(defcustom pgg-gpg-use-agent-if-available nil + "Whether to use gpg-agent if it can be located via environment." + :group 'pgg-gpg + :type 'boolean) + +(defconst pgg-gpg-agent-available (if (getenv "GPG_AGENT_INFO") t) + "If gpg-agent can be located, this constant is t.") + (defcustom pgg-gpg-extra-args nil "Extra arguments for every GnuPG invocation." :group 'pgg-gpg @@ -46,6 +54,13 @@ (defvar pgg-gpg-user-id nil "GnuPG ID of your default identity.") +(defun pgg-gpg-use-agent () + "If it returns t, gpg will be told to use gpg-agent for secret key +management, otherwise PGG will ask you for passphrase(s). Depends on +the value of `pgg-gpg-use-agent-if-available', and whether the agent +can be located." + (and pgg-gpg-agent-available pgg-gpg-use-agent-if-available)) + (defun pgg-gpg-process-region (start end passphrase program args) (let* ((output-file-name (expand-file-name (make-temp-name "pgg-output") @@ -53,7 +68,8 @@ (args `("--status-fd" "2" ,@(if passphrase '("--passphrase-fd" "0")) + ,@(if (pgg-gpg-use-agent) '("--use-agent")) "--yes" ; overwrite "--output" ,output-file-name ,@pgg-gpg-extra-args ,@args)) (output-buffer pgg-output-buffer) @@ -96,8 +112,8 @@ (re-search-forward "^\\[GNUPG:] GOOD_PASSPHRASE\\>" nil t))) (pgg-add-passphrase-cache (progn - (goto-char (point-min)) - (if (re-search-forward + (goto-char (point-max)) + (if (re-search-backward "^\\[GNUPG:] NEED_PASSPHRASE \\w+ ?\\w*" nil t) (substring (match-string 0) -8))) passphrase))) @@ -123,9 +139,10 @@ If optional argument SIGN is non-nil, do (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id)) (passphrase (when sign - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))) + (unless (pgg-gpg-use-agent) + (pgg-read-passphrase + (format "GnuPG passphrase for %s: " pgg-gpg-user-id) + (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))) (args (append (list "--batch" "--armor" "--always-trust" "--encrypt") @@ -148,9 +165,10 @@ If optional argument SIGN is non-nil, do "Decrypt the current region between START and END." (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id)) (passphrase - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))) + (unless (pgg-gpg-use-agent) + (pgg-read-passphrase + (format "GnuPG passphrase for %s: " pgg-gpg-user-id) + (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))) (args '("--batch" "--decrypt"))) (pgg-gpg-process-region start end passphrase pgg-gpg-program args) (with-current-buffer pgg-errors-buffer @@ -162,9 +180,10 @@ If optional argument SIGN is non-nil, do "Make detached signature from text between START and END." (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id)) (passphrase - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - (pgg-gpg-lookup-key pgg-gpg-user-id 'sign))) + (unless (pgg-gpg-use-agent) + (pgg-read-passphrase + (format "GnuPG passphrase for %s: " pgg-gpg-user-id) + (pgg-gpg-lookup-key pgg-gpg-user-id 'sign)))) (args (list (if cleartext "--clearsign" "--detach-sign") "--armor" "--batch" "--verbose" [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-20 5:57 ` Michael Teichgräber @ 2003-08-20 14:07 ` Kirk Strauser 2003-08-20 15:00 ` Kirk Strauser 0 siblings, 1 reply; 10+ messages in thread From: Kirk Strauser @ 2003-08-20 14:07 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 287 bytes --] At 2003-08-20T05:57:59Z, Michael Teichgräber <mt@wmipf.in-berlin.de> writes: > For a while I have been using the appended patch. FYI, your message directly to me came through perfectly. The message that got posted to the mailing list had a broken signature. -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-20 14:07 ` Kirk Strauser @ 2003-08-20 15:00 ` Kirk Strauser [not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl> 2003-08-20 16:44 ` Simon Josefsson 0 siblings, 2 replies; 10+ messages in thread From: Kirk Strauser @ 2003-08-20 15:00 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 302 bytes --] At 2003-08-20T14:07:56Z, Kirk Strauser <kirk@strauser.com> writes: > FYI, your message directly to me came through perfectly. The message that > got posted to the mailing list had a broken signature. ...as did mine just now (and so, presumably, will this one). Nevermind. -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <86d6f0nw4g.fsf@doze.rijnh.nl>]
* Re: pgg*.el and passphrase caching [not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl> @ 2003-08-20 16:38 ` Kirk Strauser 0 siblings, 0 replies; 10+ messages in thread From: Kirk Strauser @ 2003-08-20 16:38 UTC (permalink / raw) Cc: jochen [-- Attachment #1: Type: text/plain, Size: 322 bytes --] At 2003-08-20T16:15:27Z, Jochen Küpper <jochen@jochen-kuepper.de> writes: > Do people observe this issue on other mailing lists? Anybody has good > guesses what the problem was elsewhere and how it might be fixed? I haven't seen this problem on any other mailing list, and I'm on quite a few. -- Kirk Strauser [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-20 15:00 ` Kirk Strauser [not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl> @ 2003-08-20 16:44 ` Simon Josefsson 1 sibling, 0 replies; 10+ messages in thread From: Simon Josefsson @ 2003-08-20 16:44 UTC (permalink / raw) Cc: ding Kirk Strauser <kirk@strauser.com> writes: > At 2003-08-20T14:07:56Z, Kirk Strauser <kirk@strauser.com> writes: > >> FYI, your message directly to me came through perfectly. The message that >> got posted to the mailing list had a broken signature. > > ...as did mine just now (and so, presumably, will this one). Nevermind. This is a known problem with the mailing list software used for this list; it corrupts PGP/MIME parts. Not Gnus' fault. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-19 18:31 ` Kirk Strauser 2003-08-20 5:57 ` Michael Teichgräber @ 2003-08-20 6:23 ` Xavier Maillard 1 sibling, 0 replies; 10+ messages in thread From: Xavier Maillard @ 2003-08-20 6:23 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 658 bytes --] Kirk Strauser <kirk@strauser.com> writes: > At 2003-08-19T09:02:42Z, Mark Trettin <mtr-dev0@gmx.de> writes: > > > Is there a way to say: "Always take one of my Key-IDs"? And then > > decrypt\r the messages with the cached phrase? > \r By the same token:\r \r I use gpg-agent. How can I prevent Gnus > from prompting for my passphrase so\r that the agent always handles > the entry?\r -- \r Kirk Strauser Why all those leading " ^M" appear in this message ?? I have never ever seen this before with a Gnus edited/sent message before. zeDek -- "Schweigen - mit arrogantem Unterton - schlaegt das schlagenste Argument" (Hassencamp) [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin 2003-08-19 18:31 ` Kirk Strauser @ 2003-08-20 7:29 ` Michael Teichgräber 2003-08-20 15:31 ` Mark Trettin 1 sibling, 1 reply; 10+ messages in thread From: Michael Teichgräber @ 2003-08-20 7:29 UTC (permalink / raw) Mark Trettin <mtr-dev0@gmx.de> writes: > I *think* the problem is, that all messages also are "encrypted to self" > and pgg.el wants to take the first Key-ID it finds (and this is the one > of the originator of the mail). This looks like the same I once reported on gnus-bug@gnus.org: | Message-ID: <87he9ww7pt.fsf@iridium.renata.de> | Subject: pgg-decrypt-region: wrong key-ID displayed | Date: Sat, 22 Mar 2003 01:44:30 +0100 | | when trying to decrypt a message that has been encrypted to me and to | the sender, the sender's key-ID is displayed when PGG is prompting for | the passphrase of _my_ key. | | The reason for this is the way the local `pgg-default-user-id' is | determined within pgg-decrypt-region in pgg.el: | | (packet (cdr (assq 1 (with-temp-buffer | (insert-buffer buf) | (pgg-decode-armor-region | (point-min) (point-max)))))) | (key (cdr (assq 'key-identifier packet))) | (pgg-default-user-id | (if key | (concat "0x" (pgg-truncate-key-identifier key)) | pgg-default-user-id)) | | Pgg-decode-armor-region returns per example a list: | | ((18) | (1 | (version . 3) | (key-identifier . "7F362B5EDCE28EC5") <-- sender's key-ID | (public-key-algorithm . ELG-E)) | (1 | (version . 3) | (key-identifier . "DC38B8B40E9C9C4B") <-- my key ID | (public-key-algorithm . ELG-E))) , | | so that `(cdr (assq 1 ...' leads to a `packet' containing the sender's | key information. PGG then prompts with `GnuPG passphrase for 0xDCE28EC5:' | instead of `...0E9C9C4B:'. | | A way to change this could be first to search for a packet containing | a key identifier that equals the (long) key identifier of the key with | user ID `pgg-default-user-id', and then--if no matching packet could | be found--use the sequence as it is coded at the moment. | | This can be a bit complicated, since the user ID `pgg-default-user-id' | may be given in various ways, so that it would be neccessary to invoke | something similar to `(pgg-*-lookup-key pgg-default-user-id t)' to get | a list of long key identifiers of subkeys (`ssb') of this private key. | | An easy approach would be to change the prompt into just `GnuPG | passphrase:' without showing the key identifier. | | | The current implementation also has the (keyboard-wearing) side | effect, that passphrase caching in these cases does not work, since | the passphrase of the sender's secret key obviously cannot be in my | cache. (The easy approach would not fix this.) I've appended a patch I used at that time to get it working the following way: > Is there a way to say: "Always take one of my Key-IDs"? And then > decrypt the messages with the cached phrase? The interface in PGG is extended by a function pgg-lookup-secret-keys-avail (similar to pgg-lookup-key) that should return a list of IDs of all your secret keys. Each backend would have to define such a function. I only implemented one for the GnuPG-backend: pgg-gpg-lookup-secret-keys-avail. Then, in pgg-decrypt-region, Gnus wouldn't only extract the key ID of the first packet of the message, but those of all key packets. This list `msg-keys' then is intersected with the `user-keys' returned by pgg-gpg-lookup-secret-keys-avail. The first match is used as `key' ID (in contrast to the key ID of the first packet, as it is coded in PGG at the moment). Because I have switched to using gpg-agent, where Gnus' passphrase caching won't be used, I forgot about this problem. Perhaps the appended patch can serve as an example for a fix that covers all PGG backends. -- Michael Index: pgg-gpg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v retrieving revision 6.18 diff -u -p -r6.18 pgg-gpg.el --- pgg-gpg.el 8 Aug 2003 23:25:24 -0000 6.18 +++ pgg-gpg.el 20 Aug 2003 07:12:52 -0000 @@ -117,6 +117,24 @@ (progn (end-of-line)(point))) ":")) 8))))) +(defun pgg-gpg-lookup-secret-keys-avail () + "Get a list of all key IDs from secret keyring." + (let ((args (list "--with-colons" "--no-greeting" "--batch" + "--list-secret-keys" "--fast-list-mode")) + keylist) + (with-temp-buffer + (apply #'call-process pgg-gpg-program nil t nil args) + (goto-char (point-min)) + (while (re-search-forward "^\\(ssb\\|sec\\|sub\\|pub\\):" nil t) + (setq keylist + (cons + (substring + (nth 3 (split-string + (buffer-substring (- (match-end 0) 1) + (progn (end-of-line)(point))) + ":")) 8) keylist)))) + keylist)) + (defun pgg-gpg-encrypt-region (start end recipients &optional sign) "Encrypt the current region between START and END. If optional argument SIGN is non-nil, do a combined sign and encrypt." Index: pgg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v retrieving revision 6.20 diff -u -p -r6.20 pgg.el --- pgg.el 24 Jul 2003 02:58:18 -0000 6.20 +++ pgg.el 20 Aug 2003 07:12:52 -0000 @@ -192,11 +192,26 @@ the region." "Decrypt the current region between START and END." (interactive "r") (let* ((buf (current-buffer)) - (packet (cdr (assq 1 (with-temp-buffer + (packets (with-temp-buffer (insert-buffer-substring buf) - (pgg-decode-armor-region - (point-min) (point-max)))))) - (key (cdr (assq 'key-identifier packet))) + (pgg-decode-armor-region start end))) + (packet (cdr (assq 1 packets))) + (key (let (found-key + msg-keys + (user-keys + (pgg-lookup-secret-keys-avail))) + ;; extract key IDs from session key packets -> msg-keys + (dolist (element packets msg-keys) + (if (eq (car element) 1) + (let ((key (assq 'key-identifier element))) + (if key (setq msg-keys + (cons (pgg-truncate-key-identifier + (cdr key)) msg-keys)))))) + ;; intersect key IDs of available secret keys with msg-keys + (dolist (key user-keys found-key) + (if (member key msg-keys) + (unless found-key (setq found-key key)))) + (if found-key found-key (cdr (assq 'key-identifier packet))))) (pgg-default-user-id (if key (concat "0x" (pgg-truncate-key-identifier key)) @@ -341,6 +356,9 @@ within the region." (defun pgg-lookup-key (string &optional type) (pgg-invoke "lookup-key" (or pgg-scheme pgg-default-scheme) string type)) + +(defun pgg-lookup-secret-keys-avail () + (pgg-invoke "lookup-secret-keys-avail" (or pgg-scheme pgg-default-scheme))) (defvar pgg-insert-url-function (function pgg-insert-url-with-w3)) ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching 2003-08-20 7:29 ` Michael Teichgräber @ 2003-08-20 15:31 ` Mark Trettin 0 siblings, 0 replies; 10+ messages in thread From: Mark Trettin @ 2003-08-20 15:31 UTC (permalink / raw) On Wed, 20 Aug 2003, Michael Teichgräber spake thusly: > Mark Trettin <mtr-dev0@gmx.de> writes: > >> I *think* the problem is, that all messages also are "encrypted to self" >> and pgg.el wants to take the first Key-ID it finds (and this is the one >> of the originator of the mail). > > This looks like the same I once reported on gnus-bug@gnus.org: Yes it does. [...] > I've appended a patch I used at that time to get it working the > following way: > >> Is there a way to say: "Always take one of my Key-IDs"? And then >> decrypt the messages with the cached phrase? Thank you very much. It seems to work. [...] Bye Mark -- Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05' BOFH excuse #58: high pressure system failure ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2003-08-20 16:44 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin 2003-08-19 18:31 ` Kirk Strauser 2003-08-20 5:57 ` Michael Teichgräber 2003-08-20 14:07 ` Kirk Strauser 2003-08-20 15:00 ` Kirk Strauser [not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl> 2003-08-20 16:38 ` Kirk Strauser 2003-08-20 16:44 ` Simon Josefsson 2003-08-20 6:23 ` Xavier Maillard 2003-08-20 7:29 ` Michael Teichgräber 2003-08-20 15:31 ` Mark Trettin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).