* pgg*.el and passphrase caching
@ 2003-08-19 9:02 Mark Trettin
2003-08-19 18:31 ` Kirk Strauser
2003-08-20 7:29 ` Michael Teichgräber
0 siblings, 2 replies; 10+ messages in thread
From: Mark Trettin @ 2003-08-19 9:02 UTC (permalink / raw)
Hallo,
I want to switch from gpg.el to pgg.el. I encounterd the problem, that
passphrase caching doesn't work as I would expect. I try to describe
what happens:
I have 3 mails:
- msg 1 from A
- msg 2 my answer to 1
- msg 3 A's answer to 2
If I want to (re)view msg 1 pgg.el asks me to enter the passphrase for
A's key-ID. When I enter my passphrase the message gets decrypted and
the passphrase is cached so I can view msg 2 without reentering the
passphrase. When I now want to view message 3 pgg again asks me for A's
passphrase so I have to reenter mine.
I *think* the problem is, that all messages also are "encrypted to self"
and pgg.el wants to take the first Key-ID it finds (and this is the one
of the originator of the mail).
Is there a way to say: "Always take one of my Key-IDs"? And then
decrypt the messages with the cached phrase?
I don't know if it's a gpg problem or a pgg one.
Bye
Mark
--
Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05'
BOFH excuse #165:
Backbone Scoliosis
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin
@ 2003-08-19 18:31 ` Kirk Strauser
2003-08-20 5:57 ` Michael Teichgräber
2003-08-20 6:23 ` Xavier Maillard
2003-08-20 7:29 ` Michael Teichgräber
1 sibling, 2 replies; 10+ messages in thread
From: Kirk Strauser @ 2003-08-19 18:31 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 359 bytes --]
At 2003-08-19T09:02:42Z, Mark Trettin <mtr-dev0@gmx.de> writes:
> Is there a way to say: "Always take one of my Key-IDs"? And then decrypt
> the messages with the cached phrase?
By the same token:
I use gpg-agent. How can I prevent Gnus from prompting for my passphrase so
that the agent always handles the entry?
--
Kirk Strauser
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-19 18:31 ` Kirk Strauser
@ 2003-08-20 5:57 ` Michael Teichgräber
2003-08-20 14:07 ` Kirk Strauser
2003-08-20 6:23 ` Xavier Maillard
1 sibling, 1 reply; 10+ messages in thread
From: Michael Teichgräber @ 2003-08-20 5:57 UTC (permalink / raw)
Cc: ding
[-- Attachment #1: Type: text/plain, Size: 4377 bytes --]
Kirk Strauser <kirk@strauser.com> writes:
> I use gpg-agent. How can I prevent Gnus from prompting for my
> passphrase so that the agent always handles the entry?
For a while I have been using the appended patch. It introduces a
defcustom of type boolean `pgg-gpg-use-agent-if-available', and a
defconst `pgg-gpg-agent-available' that is t if GPG_AGENT_INFO is set.
A function pgg-gpg-use-agent then is used at various places to avoid
the passphrase being read by Gnus.
--
Michael
Index: pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 6.13
diff -u -p -r6.13 pgg-gpg.el
--- pgg-gpg.el 6 Apr 2003 00:18:33 -0000 6.13
+++ pgg-gpg.el 17 Apr 2003 12:14:01 -0000
@@ -36,6 +36,14 @@
:group 'pgg-gpg
:type 'string)
+(defcustom pgg-gpg-use-agent-if-available nil
+ "Whether to use gpg-agent if it can be located via environment."
+ :group 'pgg-gpg
+ :type 'boolean)
+
+(defconst pgg-gpg-agent-available (if (getenv "GPG_AGENT_INFO") t)
+ "If gpg-agent can be located, this constant is t.")
+
(defcustom pgg-gpg-extra-args nil
"Extra arguments for every GnuPG invocation."
:group 'pgg-gpg
@@ -46,6 +54,13 @@
(defvar pgg-gpg-user-id nil
"GnuPG ID of your default identity.")
+(defun pgg-gpg-use-agent ()
+ "If it returns t, gpg will be told to use gpg-agent for secret key
+management, otherwise PGG will ask you for passphrase(s). Depends on
+the value of `pgg-gpg-use-agent-if-available', and whether the agent
+can be located."
+ (and pgg-gpg-agent-available pgg-gpg-use-agent-if-available))
+
(defun pgg-gpg-process-region (start end passphrase program args)
(let* ((output-file-name
(expand-file-name (make-temp-name "pgg-output")
@@ -53,7 +68,8 @@
(args
`("--status-fd" "2"
,@(if passphrase '("--passphrase-fd" "0"))
+ ,@(if (pgg-gpg-use-agent) '("--use-agent"))
"--yes" ; overwrite
"--output" ,output-file-name
,@pgg-gpg-extra-args ,@args))
(output-buffer pgg-output-buffer)
@@ -96,8 +112,8 @@
(re-search-forward "^\\[GNUPG:] GOOD_PASSPHRASE\\>" nil t)))
(pgg-add-passphrase-cache
(progn
- (goto-char (point-min))
- (if (re-search-forward
+ (goto-char (point-max))
+ (if (re-search-backward
"^\\[GNUPG:] NEED_PASSPHRASE \\w+ ?\\w*" nil t)
(substring (match-string 0) -8)))
passphrase)))
@@ -123,9 +139,10 @@ If optional argument SIGN is non-nil, do
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
(when sign
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))))
(args
(append
(list "--batch" "--armor" "--always-trust" "--encrypt")
@@ -148,9 +165,10 @@ If optional argument SIGN is non-nil, do
"Decrypt the current region between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))
(args '("--batch" "--decrypt")))
(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(with-current-buffer pgg-errors-buffer
@@ -162,9 +180,10 @@ If optional argument SIGN is non-nil, do
"Make detached signature from text between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
(passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'sign)))
+ (unless (pgg-gpg-use-agent)
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ (pgg-gpg-lookup-key pgg-gpg-user-id 'sign))))
(args
(list (if cleartext "--clearsign" "--detach-sign")
"--armor" "--batch" "--verbose"
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-19 18:31 ` Kirk Strauser
2003-08-20 5:57 ` Michael Teichgräber
@ 2003-08-20 6:23 ` Xavier Maillard
1 sibling, 0 replies; 10+ messages in thread
From: Xavier Maillard @ 2003-08-20 6:23 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 658 bytes --]
Kirk Strauser <kirk@strauser.com> writes:
> At 2003-08-19T09:02:42Z, Mark Trettin <mtr-dev0@gmx.de> writes:
>
> > Is there a way to say: "Always take one of my Key-IDs"? And then
> > decrypt\r the messages with the cached phrase?
> \r By the same token:\r \r I use gpg-agent. How can I prevent Gnus
> from prompting for my passphrase so\r that the agent always handles
> the entry?\r -- \r Kirk Strauser
Why all those leading " ^M" appear in this message ?? I have never ever
seen this before with a Gnus edited/sent message before.
zeDek
--
"Schweigen - mit arrogantem Unterton - schlaegt das schlagenste
Argument" (Hassencamp)
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin
2003-08-19 18:31 ` Kirk Strauser
@ 2003-08-20 7:29 ` Michael Teichgräber
2003-08-20 15:31 ` Mark Trettin
1 sibling, 1 reply; 10+ messages in thread
From: Michael Teichgräber @ 2003-08-20 7:29 UTC (permalink / raw)
Mark Trettin <mtr-dev0@gmx.de> writes:
> I *think* the problem is, that all messages also are "encrypted to self"
> and pgg.el wants to take the first Key-ID it finds (and this is the one
> of the originator of the mail).
This looks like the same I once reported on gnus-bug@gnus.org:
| Message-ID: <87he9ww7pt.fsf@iridium.renata.de>
| Subject: pgg-decrypt-region: wrong key-ID displayed
| Date: Sat, 22 Mar 2003 01:44:30 +0100
|
| when trying to decrypt a message that has been encrypted to me and to
| the sender, the sender's key-ID is displayed when PGG is prompting for
| the passphrase of _my_ key.
|
| The reason for this is the way the local `pgg-default-user-id' is
| determined within pgg-decrypt-region in pgg.el:
|
| (packet (cdr (assq 1 (with-temp-buffer
| (insert-buffer buf)
| (pgg-decode-armor-region
| (point-min) (point-max))))))
| (key (cdr (assq 'key-identifier packet)))
| (pgg-default-user-id
| (if key
| (concat "0x" (pgg-truncate-key-identifier key))
| pgg-default-user-id))
|
| Pgg-decode-armor-region returns per example a list:
|
| ((18)
| (1
| (version . 3)
| (key-identifier . "7F362B5EDCE28EC5") <-- sender's key-ID
| (public-key-algorithm . ELG-E))
| (1
| (version . 3)
| (key-identifier . "DC38B8B40E9C9C4B") <-- my key ID
| (public-key-algorithm . ELG-E))) ,
|
| so that `(cdr (assq 1 ...' leads to a `packet' containing the sender's
| key information. PGG then prompts with `GnuPG passphrase for 0xDCE28EC5:'
| instead of `...0E9C9C4B:'.
|
| A way to change this could be first to search for a packet containing
| a key identifier that equals the (long) key identifier of the key with
| user ID `pgg-default-user-id', and then--if no matching packet could
| be found--use the sequence as it is coded at the moment.
|
| This can be a bit complicated, since the user ID `pgg-default-user-id'
| may be given in various ways, so that it would be neccessary to invoke
| something similar to `(pgg-*-lookup-key pgg-default-user-id t)' to get
| a list of long key identifiers of subkeys (`ssb') of this private key.
|
| An easy approach would be to change the prompt into just `GnuPG
| passphrase:' without showing the key identifier.
|
|
| The current implementation also has the (keyboard-wearing) side
| effect, that passphrase caching in these cases does not work, since
| the passphrase of the sender's secret key obviously cannot be in my
| cache. (The easy approach would not fix this.)
I've appended a patch I used at that time to get it working the
following way:
> Is there a way to say: "Always take one of my Key-IDs"? And then
> decrypt the messages with the cached phrase?
The interface in PGG is extended by a function
pgg-lookup-secret-keys-avail (similar to pgg-lookup-key) that should
return a list of IDs of all your secret keys. Each backend would have
to define such a function. I only implemented one for the
GnuPG-backend: pgg-gpg-lookup-secret-keys-avail.
Then, in pgg-decrypt-region, Gnus wouldn't only extract the key ID of
the first packet of the message, but those of all key packets.
This list `msg-keys' then is intersected with the `user-keys' returned
by pgg-gpg-lookup-secret-keys-avail. The first match is used as `key'
ID (in contrast to the key ID of the first packet, as it is coded in
PGG at the moment).
Because I have switched to using gpg-agent, where Gnus' passphrase
caching won't be used, I forgot about this problem.
Perhaps the appended patch can serve as an example for a fix that
covers all PGG backends.
--
Michael
Index: pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 6.18
diff -u -p -r6.18 pgg-gpg.el
--- pgg-gpg.el 8 Aug 2003 23:25:24 -0000 6.18
+++ pgg-gpg.el 20 Aug 2003 07:12:52 -0000
@@ -117,6 +117,24 @@
(progn (end-of-line)(point)))
":")) 8)))))
+(defun pgg-gpg-lookup-secret-keys-avail ()
+ "Get a list of all key IDs from secret keyring."
+ (let ((args (list "--with-colons" "--no-greeting" "--batch"
+ "--list-secret-keys" "--fast-list-mode"))
+ keylist)
+ (with-temp-buffer
+ (apply #'call-process pgg-gpg-program nil t nil args)
+ (goto-char (point-min))
+ (while (re-search-forward "^\\(ssb\\|sec\\|sub\\|pub\\):" nil t)
+ (setq keylist
+ (cons
+ (substring
+ (nth 3 (split-string
+ (buffer-substring (- (match-end 0) 1)
+ (progn (end-of-line)(point)))
+ ":")) 8) keylist))))
+ keylist))
+
(defun pgg-gpg-encrypt-region (start end recipients &optional sign)
"Encrypt the current region between START and END.
If optional argument SIGN is non-nil, do a combined sign and encrypt."
Index: pgg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v
retrieving revision 6.20
diff -u -p -r6.20 pgg.el
--- pgg.el 24 Jul 2003 02:58:18 -0000 6.20
+++ pgg.el 20 Aug 2003 07:12:52 -0000
@@ -192,11 +192,26 @@ the region."
"Decrypt the current region between START and END."
(interactive "r")
(let* ((buf (current-buffer))
- (packet (cdr (assq 1 (with-temp-buffer
+ (packets (with-temp-buffer
(insert-buffer-substring buf)
- (pgg-decode-armor-region
- (point-min) (point-max))))))
- (key (cdr (assq 'key-identifier packet)))
+ (pgg-decode-armor-region start end)))
+ (packet (cdr (assq 1 packets)))
+ (key (let (found-key
+ msg-keys
+ (user-keys
+ (pgg-lookup-secret-keys-avail)))
+ ;; extract key IDs from session key packets -> msg-keys
+ (dolist (element packets msg-keys)
+ (if (eq (car element) 1)
+ (let ((key (assq 'key-identifier element)))
+ (if key (setq msg-keys
+ (cons (pgg-truncate-key-identifier
+ (cdr key)) msg-keys))))))
+ ;; intersect key IDs of available secret keys with msg-keys
+ (dolist (key user-keys found-key)
+ (if (member key msg-keys)
+ (unless found-key (setq found-key key))))
+ (if found-key found-key (cdr (assq 'key-identifier packet)))))
(pgg-default-user-id
(if key
(concat "0x" (pgg-truncate-key-identifier key))
@@ -341,6 +356,9 @@ within the region."
(defun pgg-lookup-key (string &optional type)
(pgg-invoke "lookup-key" (or pgg-scheme pgg-default-scheme) string type))
+
+(defun pgg-lookup-secret-keys-avail ()
+ (pgg-invoke "lookup-secret-keys-avail" (or pgg-scheme pgg-default-scheme)))
(defvar pgg-insert-url-function (function pgg-insert-url-with-w3))
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-20 5:57 ` Michael Teichgräber
@ 2003-08-20 14:07 ` Kirk Strauser
2003-08-20 15:00 ` Kirk Strauser
0 siblings, 1 reply; 10+ messages in thread
From: Kirk Strauser @ 2003-08-20 14:07 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 287 bytes --]
At 2003-08-20T05:57:59Z, Michael Teichgräber <mt@wmipf.in-berlin.de> writes:
> For a while I have been using the appended patch.
FYI, your message directly to me came through perfectly. The message that
got posted to the mailing list had a broken signature.
--
Kirk Strauser
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-20 14:07 ` Kirk Strauser
@ 2003-08-20 15:00 ` Kirk Strauser
[not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl>
2003-08-20 16:44 ` Simon Josefsson
0 siblings, 2 replies; 10+ messages in thread
From: Kirk Strauser @ 2003-08-20 15:00 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 302 bytes --]
At 2003-08-20T14:07:56Z, Kirk Strauser <kirk@strauser.com> writes:
> FYI, your message directly to me came through perfectly. The message that
> got posted to the mailing list had a broken signature.
...as did mine just now (and so, presumably, will this one). Nevermind.
--
Kirk Strauser
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-20 7:29 ` Michael Teichgräber
@ 2003-08-20 15:31 ` Mark Trettin
0 siblings, 0 replies; 10+ messages in thread
From: Mark Trettin @ 2003-08-20 15:31 UTC (permalink / raw)
On Wed, 20 Aug 2003, Michael Teichgräber spake thusly:
> Mark Trettin <mtr-dev0@gmx.de> writes:
>
>> I *think* the problem is, that all messages also are "encrypted to self"
>> and pgg.el wants to take the first Key-ID it finds (and this is the one
>> of the originator of the mail).
>
> This looks like the same I once reported on gnus-bug@gnus.org:
Yes it does.
[...]
> I've appended a patch I used at that time to get it working the
> following way:
>
>> Is there a way to say: "Always take one of my Key-IDs"? And then
>> decrypt the messages with the cached phrase?
Thank you very much. It seems to work.
[...]
Bye
Mark
--
Mark Trettin · Aachen · Germany · Where is Aachen? --> N: 50°46' E: 06°05'
BOFH excuse #58:
high pressure system failure
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
[not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl>
@ 2003-08-20 16:38 ` Kirk Strauser
0 siblings, 0 replies; 10+ messages in thread
From: Kirk Strauser @ 2003-08-20 16:38 UTC (permalink / raw)
Cc: jochen
[-- Attachment #1: Type: text/plain, Size: 322 bytes --]
At 2003-08-20T16:15:27Z, Jochen Küpper <jochen@jochen-kuepper.de> writes:
> Do people observe this issue on other mailing lists? Anybody has good
> guesses what the problem was elsewhere and how it might be fixed?
I haven't seen this problem on any other mailing list, and I'm on quite a
few.
--
Kirk Strauser
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: pgg*.el and passphrase caching
2003-08-20 15:00 ` Kirk Strauser
[not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl>
@ 2003-08-20 16:44 ` Simon Josefsson
1 sibling, 0 replies; 10+ messages in thread
From: Simon Josefsson @ 2003-08-20 16:44 UTC (permalink / raw)
Cc: ding
Kirk Strauser <kirk@strauser.com> writes:
> At 2003-08-20T14:07:56Z, Kirk Strauser <kirk@strauser.com> writes:
>
>> FYI, your message directly to me came through perfectly. The message that
>> got posted to the mailing list had a broken signature.
>
> ...as did mine just now (and so, presumably, will this one). Nevermind.
This is a known problem with the mailing list software used for this
list; it corrupts PGP/MIME parts. Not Gnus' fault.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2003-08-20 16:44 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-19 9:02 pgg*.el and passphrase caching Mark Trettin
2003-08-19 18:31 ` Kirk Strauser
2003-08-20 5:57 ` Michael Teichgräber
2003-08-20 14:07 ` Kirk Strauser
2003-08-20 15:00 ` Kirk Strauser
[not found] ` <86d6f0nw4g.fsf@doze.rijnh.nl>
2003-08-20 16:38 ` Kirk Strauser
2003-08-20 16:44 ` Simon Josefsson
2003-08-20 6:23 ` Xavier Maillard
2003-08-20 7:29 ` Michael Teichgräber
2003-08-20 15:31 ` Mark Trettin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).