From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/53955 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: Entering passphrase twice when sending PGP signed message Date: Sun, 14 Sep 2003 14:05:23 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1063541181 5703 80.91.224.253 (14 Sep 2003 12:06:21 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 14 Sep 2003 12:06:21 +0000 (UTC) Cc: ding@gnus.org Original-X-From: ding-owner+M2495@lists.math.uh.edu Sun Sep 14 14:06:20 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19yVdz-0007ZG-00 for ; Sun, 14 Sep 2003 14:06:19 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19yVdI-0003yk-00; Sun, 14 Sep 2003 07:05:36 -0500 Original-Received: from sclp3.sclp.com ([64.157.176.121]) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19yVdA-0003ye-00 for ding@lists.math.uh.edu; Sun, 14 Sep 2003 07:05:28 -0500 Original-Received: (qmail 8247 invoked by alias); 14 Sep 2003 12:05:28 -0000 Original-Received: (qmail 8242 invoked from network); 14 Sep 2003 12:05:28 -0000 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net (HELO yxa.extundo.com) (217.13.230.178) by sclp3.sclp.com with SMTP; 14 Sep 2003 12:05:28 -0000 Original-Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.9/8.12.9) with ESMTP id h8EC5Ndk025731 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL); Sun, 14 Sep 2003 14:05:24 +0200 Original-To: Hrvoje Niksic Mail-Copies-To: nobody X-Payment: hashcash 1.2 0:030914:hniksic@xemacs.org:1ca128fe1703eae7 X-Hashcash: 0:030914:hniksic@xemacs.org:1ca128fe1703eae7 X-Payment: hashcash 1.2 0:030914:ding@gnus.org:c88bd3b052d24cbc X-Hashcash: 0:030914:ding@gnus.org:c88bd3b052d24cbc In-Reply-To: (Hrvoje Niksic's message of "Sun, 14 Sep 2003 03:22:27 +0200") User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:53955 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:53955 Hrvoje Niksic writes: > Simon Josefsson writes: > >> Hrvoje Niksic writes: >> >>> How about remembering the passphrase and reusing it the second time? >>> The passphrase would be forgotten the moment the mail sending process >>> is finished. At first that sounds like a violation of passphrase >>> privacy, but think about it: as long as the string is not copied >>> around, it's no more dangerous to use it twice and delete it than to >>> prompt for it twice, deleting it each time around. >> >> This is supposed to work by default, > > Now I'm somewhat confused because your previous mail sounded exactly > the opposite -- like it's not supposed to work by default. But then > again, I haven't studied the code, it might be a much more complex > issue than I'm aware of. Sorry if I gave the wrong impression, I (incorrectly) jumped to the assumption that you wanted GPG to only be run once, thus removing the need for two passphrase inputs. I argued that running GPG twice was a feature, but I wasn't very clear. The passphrase cache should work by default, both for signing and encrypting IMHO, so if this was your only concern, it is only a Small Matter Of Bugfixing. On further thought, one could argue that it should be possible to customize the passphrase cache to a mode where decryption happens automatically using the passphrase cache, but signing do require password input every time, or at least a yes-or-no-p. Since I use an infinite passphrase cache lifetime, to be able to read encrypted messages easily, I'd want this to make sure I don't sign something I wasn't aware of. >> but if you have multiple PGP identities, there is a known problem. > > But I don't have multiple PGP identities, at least not for now. Hm, perhaps that wasn't the only criteria. The passphrase seem to work only for some people. >> For me, the passphrase is cached so everything is decrypted >> automatically, but for signing I have to enter it (twice). > > I haven't tried encryption/decryption yet. I wanted to start with > something simple, such as signing, and stumbled on the > type-the-passphrase-twice thing which makes (to me) the whole > experience a rather unpleasant one. I agree.