Re: Entering passphrase twice when sending PGP signed message

Gnus development mailing list
 help / color / mirror / Atom feed

From: Simon Josefsson <jas@extundo.com>
Cc: ding@gnus.org
Subject: Re: Entering passphrase twice when sending PGP signed message
Date: Sun, 14 Sep 2003 14:05:23 +0200	[thread overview]
Message-ID: <ilupti3zibg.fsf@latte.josefsson.org> (raw)
In-Reply-To: <m3smn0yxik.fsf@hniksic.iskon.hr> (Hrvoje Niksic's message of "Sun, 14 Sep 2003 03:22:27 +0200")

Hrvoje Niksic <hniksic@xemacs.org> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> Hrvoje Niksic <hniksic@xemacs.org> writes:
>>
>>> How about remembering the passphrase and reusing it the second time?
>>> The passphrase would be forgotten the moment the mail sending process
>>> is finished.  At first that sounds like a violation of passphrase
>>> privacy, but think about it: as long as the string is not copied
>>> around, it's no more dangerous to use it twice and delete it than to
>>> prompt for it twice, deleting it each time around.
>>
>> This is supposed to work by default,
>
> Now I'm somewhat confused because your previous mail sounded exactly
> the opposite -- like it's not supposed to work by default.  But then
> again, I haven't studied the code, it might be a much more complex
> issue than I'm aware of.

Sorry if I gave the wrong impression, I (incorrectly) jumped to the
assumption that you wanted GPG to only be run once, thus removing the
need for two passphrase inputs.  I argued that running GPG twice was a
feature, but I wasn't very clear.  The passphrase cache should work by
default, both for signing and encrypting IMHO, so if this was your
only concern, it is only a Small Matter Of Bugfixing.

On further thought, one could argue that it should be possible to
customize the passphrase cache to a mode where decryption happens
automatically using the passphrase cache, but signing do require
password input every time, or at least a yes-or-no-p.  Since I use an
infinite passphrase cache lifetime, to be able to read encrypted
messages easily, I'd want this to make sure I don't sign something I
wasn't aware of.

>> but if you have multiple PGP identities, there is a known problem.
>
> But I don't have multiple PGP identities, at least not for now.

Hm, perhaps that wasn't the only criteria.  The passphrase seem to
work only for some people.

>> For me, the passphrase is cached so everything is decrypted
>> automatically, but for signing I have to enter it (twice).
>
> I haven't tried encryption/decryption yet.  I wanted to start with
> something simple, such as signing, and stumbled on the
> type-the-passphrase-twice thing which makes (to me) the whole
> experience a rather unpleasant one.

I agree.

next prev parent reply	other threads:[~2003-09-14 12:05 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-13 13:27 Hrvoje Niksic
2003-09-13 21:24 ` Simon Josefsson
2003-09-13 23:20   ` Hrvoje Niksic
2003-09-14  0:41     ` Simon Josefsson
2003-09-14  1:22       ` Hrvoje Niksic
2003-09-14 12:05         ` Simon Josefsson [this message]
2003-09-14 15:06           ` Hrvoje Niksic
2003-09-14 15:18             ` Simon Josefsson
2003-09-14 17:17               ` Hrvoje Niksic
2003-09-14 21:48                 ` Simon Josefsson
2003-09-14 23:03                   ` Jesper Harder
2003-09-14 23:15                     ` Simon Josefsson
2003-09-15  0:52                       ` Jesper Harder
2003-09-15 11:18                         ` Simon Josefsson
2003-10-17 18:03                         ` Lars Magne Ingebrigtsen
2003-10-17 21:44                           ` Simon Josefsson
2003-10-17 22:39                             ` Lars Magne Ingebrigtsen
2003-10-18  0:04                               ` Simon Josefsson
2003-10-18 15:49                           ` Jesper Harder
2003-10-18 16:26                             ` Lars Magne Ingebrigtsen
2005-10-13 19:48                             ` Attachments and security menu (was: Entering passphrase twice when sending PGP signed message) Reiner Steib
2006-04-26 20:30                               ` Attachments and security menu Reiner Steib
2003-09-14 21:02   ` Entering passphrase twice when sending PGP signed message Matthias Andree
2003-09-14 21:38     ` Simon Josefsson
2003-09-14 23:12       ` Matthias Andree
2003-09-14 23:49         ` Simon Josefsson
2003-09-15  0:10           ` Matthias Andree
2003-09-13 23:30 ` Jesper Harder
2003-09-14  1:17   ` Hrvoje Niksic
2003-09-14  1:45     ` Jesper Harder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ilupti3zibg.fsf@latte.josefsson.org \
    --to=jas@extundo.com \
    --cc=ding@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).