Re: Entering passphrase twice when sending PGP signed message

[Simon Josefsson <jas@extundo.com>]

Hrvoje Niksic <hniksic@xemacs.org> writes:

>> On further thought, one could argue that it should be possible to
>> customize the passphrase cache to a mode where decryption happens
>> automatically using the passphrase cache, but signing do require
>> password input every time, or at least a yes-or-no-p.  Since I use
>> an infinite passphrase cache lifetime, to be able to read encrypted
>> messages easily, I'd want this to make sure I don't sign something I
>> wasn't aware of.
>
> yes-no-p would be fine, but requiring the password every time is going
> a bit too far.  Entering the passphrase and answering yes-no-p are
> IMHO orthogonal.

I agree, but to clarify, I think the passphrase cache should have a
few modes: (I'm not sure the modes marked with '(?)' are useful.)

* Disabled.
* Enabled for decrypt. (?)
* Enabled for sign. (?)
* Enabled for decrypt and sign.
* Enabled for decrypt and sign, but require confirmation for sign.
* Enabled for decrypt and sign, but require confirmation for decrypt. (?)
* Enabled for decrypt and sign, but require confirmation.

I.e., I didn't mean PGG should ask for a passphrase and then issue
yes-or-no-p, instead I meant that if the passphrase is cached, PGG
should use yes-or-no-p before using the cache.

Finally, if the OpenPGP implementation doesn't require a passphrase
(e.g., gpg-agent), PGG should never ask for a passphrase.  I'm not
sure if PGG can find this out automatically in a reliable way, so
perhaps this should be another modus operandi to add to the above set.