From: Simon Josefsson <jas@extundo.com>
Cc: ding@gnus.org
Subject: Re: Entering passphrase twice when sending PGP signed message
Date: Sun, 14 Sep 2003 14:05:23 +0200 [thread overview]
Message-ID: <ilupti3zibg.fsf@latte.josefsson.org> (raw)
In-Reply-To: <m3smn0yxik.fsf@hniksic.iskon.hr> (Hrvoje Niksic's message of "Sun, 14 Sep 2003 03:22:27 +0200")
Hrvoje Niksic <hniksic@xemacs.org> writes:
> Simon Josefsson <jas@extundo.com> writes:
>
>> Hrvoje Niksic <hniksic@xemacs.org> writes:
>>
>>> How about remembering the passphrase and reusing it the second time?
>>> The passphrase would be forgotten the moment the mail sending process
>>> is finished. At first that sounds like a violation of passphrase
>>> privacy, but think about it: as long as the string is not copied
>>> around, it's no more dangerous to use it twice and delete it than to
>>> prompt for it twice, deleting it each time around.
>>
>> This is supposed to work by default,
>
> Now I'm somewhat confused because your previous mail sounded exactly
> the opposite -- like it's not supposed to work by default. But then
> again, I haven't studied the code, it might be a much more complex
> issue than I'm aware of.
Sorry if I gave the wrong impression, I (incorrectly) jumped to the
assumption that you wanted GPG to only be run once, thus removing the
need for two passphrase inputs. I argued that running GPG twice was a
feature, but I wasn't very clear. The passphrase cache should work by
default, both for signing and encrypting IMHO, so if this was your
only concern, it is only a Small Matter Of Bugfixing.
On further thought, one could argue that it should be possible to
customize the passphrase cache to a mode where decryption happens
automatically using the passphrase cache, but signing do require
password input every time, or at least a yes-or-no-p. Since I use an
infinite passphrase cache lifetime, to be able to read encrypted
messages easily, I'd want this to make sure I don't sign something I
wasn't aware of.
>> but if you have multiple PGP identities, there is a known problem.
>
> But I don't have multiple PGP identities, at least not for now.
Hm, perhaps that wasn't the only criteria. The passphrase seem to
work only for some people.
>> For me, the passphrase is cached so everything is decrypted
>> automatically, but for signing I have to enter it (twice).
>
> I haven't tried encryption/decryption yet. I wanted to start with
> something simple, such as signing, and stumbled on the
> type-the-passphrase-twice thing which makes (to me) the whole
> experience a rather unpleasant one.
I agree.
next prev parent reply other threads:[~2003-09-14 12:05 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-13 13:27 Hrvoje Niksic
2003-09-13 21:24 ` Simon Josefsson
2003-09-13 23:20 ` Hrvoje Niksic
2003-09-14 0:41 ` Simon Josefsson
2003-09-14 1:22 ` Hrvoje Niksic
2003-09-14 12:05 ` Simon Josefsson [this message]
2003-09-14 15:06 ` Hrvoje Niksic
2003-09-14 15:18 ` Simon Josefsson
2003-09-14 17:17 ` Hrvoje Niksic
2003-09-14 21:48 ` Simon Josefsson
2003-09-14 23:03 ` Jesper Harder
2003-09-14 23:15 ` Simon Josefsson
2003-09-15 0:52 ` Jesper Harder
2003-09-15 11:18 ` Simon Josefsson
2003-10-17 18:03 ` Lars Magne Ingebrigtsen
2003-10-17 21:44 ` Simon Josefsson
2003-10-17 22:39 ` Lars Magne Ingebrigtsen
2003-10-18 0:04 ` Simon Josefsson
2003-10-18 15:49 ` Jesper Harder
2003-10-18 16:26 ` Lars Magne Ingebrigtsen
2005-10-13 19:48 ` Attachments and security menu (was: Entering passphrase twice when sending PGP signed message) Reiner Steib
2006-04-26 20:30 ` Attachments and security menu Reiner Steib
2003-09-14 21:02 ` Entering passphrase twice when sending PGP signed message Matthias Andree
2003-09-14 21:38 ` Simon Josefsson
2003-09-14 23:12 ` Matthias Andree
2003-09-14 23:49 ` Simon Josefsson
2003-09-15 0:10 ` Matthias Andree
2003-09-13 23:30 ` Jesper Harder
2003-09-14 1:17 ` Hrvoje Niksic
2003-09-14 1:45 ` Jesper Harder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ilupti3zibg.fsf@latte.josefsson.org \
--to=jas@extundo.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).