Re: PGG with multiple GnuPG keys

[Simon Josefsson <jas@extundo.com>]

"Satyaki Das" <satyakid@stanford.edu> writes:

> I have discovered another minor problem. With current CVS and no
> customization, pgg asks for the passphrase of "satyaki" when I
> try to sign  a message. Then when I receive encrypted mail, it
> asks me for the passphrase of 7C06BDD9, which is the same key as
> "satyaki".

Right.  The problem is that pgg-gpg.el doesn't know, during
decryption, that 7C06BDD9 is the same key as the key that eventually
gets used by the OpenPGP implementation when you request the "satyaki"
key when signing a message.  So it can't use the cached passphrase for
"satyaki" that it knows for the 7C06BDD9 key.

I think the best solution would be to change `pgg-gpg-sign-region' to
parse gpg's output (GOOD_PASSPHRASE) and find out what the key id was,
and then cache your passphrase under that hex key id (and under the
"satyaki" name).  Then the cache will work if you receive a message
for the 7C06BDD9 key id.  I have installed the patch below.  Does it
work?

> So I have now customized pgg-default-user-id to 7C06BDD9 and that
> avoids the repeated queries for my passphrase. Is this the right
> solution?

It is "right" in the sense that it may work for you.  My goal is that
only very few people will need to configure PGG; the default behaviour
should be Right.

2003-11-09  Simon Josefsson  <jas@extundo.com>

	* pgg-gpg.el (pgg-gpg-encrypt-region): Cache passphrase under hex
	key id too (for decryption).
	(pgg-gpg-sign-region): Likewise.

Index: pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 6.20
retrieving revision 6.21
diff -u -p -r6.20 -r6.21
--- pgg-gpg.el	9 Nov 2003 04:02:36 -0000	6.20
+++ pgg-gpg.el	9 Nov 2003 21:40:30 -0000	6.21
@@ -162,7 +162,10 @@ If optional argument SIGN is non-nil, do
       (pgg-gpg-process-region start end passphrase pgg-gpg-program args))
     (when sign
       (with-current-buffer pgg-errors-buffer
-	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)))
+	;; Possibly cache passphrase under, e.g. "jas", for future sign.
+	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
+	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
+	(pgg-gpg-possibly-cache-passphrase passphrase)))
     (pgg-process-when-success)))
 
 (defun pgg-gpg-decrypt-region (start end)
@@ -209,7 +212,10 @@ If optional argument SIGN is non-nil, do
     (pgg-as-lbt start end 'CRLF
       (pgg-gpg-process-region start end passphrase pgg-gpg-program args))
     (with-current-buffer pgg-errors-buffer
-      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id))
+      ;; Possibly cache passphrase under, e.g. "jas", for future sign.
+      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
+      ;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
+      (pgg-gpg-possibly-cache-passphrase passphrase))
     (pgg-process-when-success)))
 
 (defun pgg-gpg-verify-region (start end &optional signature)