From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/53778 Path: main.gmane.org!not-for-mail From: =?iso-8859-1?q?Michael_Teichgr=E4ber?= Newsgroups: gmane.emacs.gnus.general Subject: Re: pgg*.el and passphrase caching Date: Wed, 20 Aug 2003 09:29:58 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: <87u18clrbd.fsf@wmipf.in-berlin.de> References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1061365613 14090 80.91.224.253 (20 Aug 2003 07:46:53 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 20 Aug 2003 07:46:53 +0000 (UTC) Original-X-From: ding-owner+M2319@lists.math.uh.edu Wed Aug 20 09:46:52 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19pNgB-0003Gn-00 for ; Wed, 20 Aug 2003 09:46:52 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19pNep-0007Gl-00; Wed, 20 Aug 2003 02:45:27 -0500 Original-Received: from sclp3.sclp.com ([64.157.176.121]) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19pNeg-0007Gd-00 for ding@lists.math.uh.edu; Wed, 20 Aug 2003 02:45:18 -0500 Original-Received: (qmail 77673 invoked by alias); 20 Aug 2003 07:45:18 -0000 Original-Received: (qmail 77668 invoked from network); 20 Aug 2003 07:45:17 -0000 Original-Received: from mail.s.netic.de (212.9.160.11) by sclp3.sclp.com with SMTP; 20 Aug 2003 07:45:17 -0000 Original-Received: from host-212-9-163-168.dial.netic.de ([212.9.163.168] helo=iridium.renata.de) by mail.s.netic.de with esmtp (Exim 4.10) id 19pNec-000LbA-00 for ding@gnus.org; Wed, 20 Aug 2003 09:45:14 +0200 Original-Received: from micha by iridium.renata.de with local (masqmail 0.2.20) id 19pNcQ-5CX-00 for ; Wed, 20 Aug 2003 09:42:58 +0200 Mail-Reply-To: "Michael =?iso-8859-1?q?Teichgr=E4ber=22?= Original-To: ding@gnus.org X-Wo-Ist-Die-ISS: http://wmipf.in-berlin.de/sat/curpos.html X-Betriebssystem: Debian GNU/Linux X-Request-PGP: http://wmipf.in-berlin.de/mtgpg.asc X-PGP-Key: 5656 F203 8343 0A2E 8259 6102 3F0D B4F4 1182 8000 In-Reply-To: (Mark Trettin's message of "Tue, 19 Aug 2003 11:02:42 +0200") User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.2 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:53778 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:53778 Mark Trettin writes: > I *think* the problem is, that all messages also are "encrypted to self" > and pgg.el wants to take the first Key-ID it finds (and this is the one > of the originator of the mail). This looks like the same I once reported on gnus-bug@gnus.org: | Message-ID: <87he9ww7pt.fsf@iridium.renata.de> | Subject: pgg-decrypt-region: wrong key-ID displayed | Date: Sat, 22 Mar 2003 01:44:30 +0100 | | when trying to decrypt a message that has been encrypted to me and to | the sender, the sender's key-ID is displayed when PGG is prompting for | the passphrase of _my_ key. | | The reason for this is the way the local `pgg-default-user-id' is | determined within pgg-decrypt-region in pgg.el: | | (packet (cdr (assq 1 (with-temp-buffer | (insert-buffer buf) | (pgg-decode-armor-region | (point-min) (point-max)))))) | (key (cdr (assq 'key-identifier packet))) | (pgg-default-user-id | (if key | (concat "0x" (pgg-truncate-key-identifier key)) | pgg-default-user-id)) | | Pgg-decode-armor-region returns per example a list: | | ((18) | (1 | (version . 3) | (key-identifier . "7F362B5EDCE28EC5") <-- sender's key-ID | (public-key-algorithm . ELG-E)) | (1 | (version . 3) | (key-identifier . "DC38B8B40E9C9C4B") <-- my key ID | (public-key-algorithm . ELG-E))) , | | so that `(cdr (assq 1 ...' leads to a `packet' containing the sender's | key information. PGG then prompts with `GnuPG passphrase for 0xDCE28EC5:' | instead of `...0E9C9C4B:'. | | A way to change this could be first to search for a packet containing | a key identifier that equals the (long) key identifier of the key with | user ID `pgg-default-user-id', and then--if no matching packet could | be found--use the sequence as it is coded at the moment. | | This can be a bit complicated, since the user ID `pgg-default-user-id' | may be given in various ways, so that it would be neccessary to invoke | something similar to `(pgg-*-lookup-key pgg-default-user-id t)' to get | a list of long key identifiers of subkeys (`ssb') of this private key. | | An easy approach would be to change the prompt into just `GnuPG | passphrase:' without showing the key identifier. | | | The current implementation also has the (keyboard-wearing) side | effect, that passphrase caching in these cases does not work, since | the passphrase of the sender's secret key obviously cannot be in my | cache. (The easy approach would not fix this.) I've appended a patch I used at that time to get it working the following way: > Is there a way to say: "Always take one of my Key-IDs"? And then > decrypt the messages with the cached phrase? The interface in PGG is extended by a function pgg-lookup-secret-keys-avail (similar to pgg-lookup-key) that should return a list of IDs of all your secret keys. Each backend would have to define such a function. I only implemented one for the GnuPG-backend: pgg-gpg-lookup-secret-keys-avail. Then, in pgg-decrypt-region, Gnus wouldn't only extract the key ID of the first packet of the message, but those of all key packets. This list `msg-keys' then is intersected with the `user-keys' returned by pgg-gpg-lookup-secret-keys-avail. The first match is used as `key' ID (in contrast to the key ID of the first packet, as it is coded in PGG at the moment). Because I have switched to using gpg-agent, where Gnus' passphrase caching won't be used, I forgot about this problem. Perhaps the appended patch can serve as an example for a fix that covers all PGG backends. -- Michael Index: pgg-gpg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v retrieving revision 6.18 diff -u -p -r6.18 pgg-gpg.el --- pgg-gpg.el 8 Aug 2003 23:25:24 -0000 6.18 +++ pgg-gpg.el 20 Aug 2003 07:12:52 -0000 @@ -117,6 +117,24 @@ (progn (end-of-line)(point))) ":")) 8))))) +(defun pgg-gpg-lookup-secret-keys-avail () + "Get a list of all key IDs from secret keyring." + (let ((args (list "--with-colons" "--no-greeting" "--batch" + "--list-secret-keys" "--fast-list-mode")) + keylist) + (with-temp-buffer + (apply #'call-process pgg-gpg-program nil t nil args) + (goto-char (point-min)) + (while (re-search-forward "^\\(ssb\\|sec\\|sub\\|pub\\):" nil t) + (setq keylist + (cons + (substring + (nth 3 (split-string + (buffer-substring (- (match-end 0) 1) + (progn (end-of-line)(point))) + ":")) 8) keylist)))) + keylist)) + (defun pgg-gpg-encrypt-region (start end recipients &optional sign) "Encrypt the current region between START and END. If optional argument SIGN is non-nil, do a combined sign and encrypt." Index: pgg.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v retrieving revision 6.20 diff -u -p -r6.20 pgg.el --- pgg.el 24 Jul 2003 02:58:18 -0000 6.20 +++ pgg.el 20 Aug 2003 07:12:52 -0000 @@ -192,11 +192,26 @@ the region." "Decrypt the current region between START and END." (interactive "r") (let* ((buf (current-buffer)) - (packet (cdr (assq 1 (with-temp-buffer + (packets (with-temp-buffer (insert-buffer-substring buf) - (pgg-decode-armor-region - (point-min) (point-max)))))) - (key (cdr (assq 'key-identifier packet))) + (pgg-decode-armor-region start end))) + (packet (cdr (assq 1 packets))) + (key (let (found-key + msg-keys + (user-keys + (pgg-lookup-secret-keys-avail))) + ;; extract key IDs from session key packets -> msg-keys + (dolist (element packets msg-keys) + (if (eq (car element) 1) + (let ((key (assq 'key-identifier element))) + (if key (setq msg-keys + (cons (pgg-truncate-key-identifier + (cdr key)) msg-keys)))))) + ;; intersect key IDs of available secret keys with msg-keys + (dolist (key user-keys found-key) + (if (member key msg-keys) + (unless found-key (setq found-key key)))) + (if found-key found-key (cdr (assq 'key-identifier packet))))) (pgg-default-user-id (if key (concat "0x" (pgg-truncate-key-identifier key)) @@ -341,6 +356,9 @@ within the region." (defun pgg-lookup-key (string &optional type) (pgg-invoke "lookup-key" (or pgg-scheme pgg-default-scheme) string type)) + +(defun pgg-lookup-secret-keys-avail () + (pgg-invoke "lookup-secret-keys-avail" (or pgg-scheme pgg-default-scheme))) (defvar pgg-insert-url-function (function pgg-insert-url-with-w3))