Small patch to enable use of gpg-agent with pgg

Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

[-- Attachment #1.1.1: Type: text/plain, Size: 387 bytes --]

Hi,

I wrote a small patch, which makes it possible to use the GnuPG agent
(which is part of gpg 1.9 and considered ready to use by Werner) with
the GnuPG backend of pgg.

I have done very little testing yet, but it seems to work fine.[0]

To test it: 
set up your gpg-agent as usual and set pgg-gpg-use-agent to t.

cheers
sascha

[0] I signed this Mail using it...  ;-)

[-- Attachment #1.1.2: pgg-gpg-agent.patch --]
[-- Type: text/x-patch, Size: 4943 bytes --]

*** pgg-gpg.el	11 Feb 2006 17:01:56 +0100	1.4
--- pgg-gpg.el	18 Mär 2006 21:57:00 +0100	
***************
*** 51,56 ****
--- 51,61 ----
    :type '(choice (const :tag "New `--recipient' option" "--recipient")
  		 (const :tag "Old `--remote-user' option" "--remote-user")))
  
+ (defcustom pgg-gpg-use-agent nil
+   "Whether to use gnupg agent for key caching."
+   :group 'pgg-gpg
+   :type 'boolean)
+ 
  (defvar pgg-gpg-user-id nil
    "GnuPG ID of your default identity.")
  
***************
*** 58,64 ****
    (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
  	 (args
  	  `("--status-fd" "2"
! 	    ,@(if passphrase '("--passphrase-fd" "0"))
  	    "--yes" ; overwrite
  	    "--output" ,output-file-name
  	    ,@pgg-gpg-extra-args ,@args))
--- 63,71 ----
    (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
  	 (args
  	  `("--status-fd" "2"
! 	    ,@(if (and passphrase (not pgg-gpg-use-agent)) 
! 		  '("--passphrase-fd" "0"))
! 	    ,(if pgg-gpg-use-agent "--use-agent")
  	    "--yes" ; overwrite
  	    "--output" ,output-file-name
  	    ,@pgg-gpg-extra-args ,@args))
***************
*** 77,83 ****
  		(input (buffer-substring-no-properties start end))
  		(default-enable-multibyte-characters nil))
  	    (with-temp-buffer
! 	      (when passphrase
  		(insert passphrase "\n"))
  	      (insert input)
  	      (setq exit-status
--- 84,90 ----
  		(input (buffer-substring-no-properties start end))
  		(default-enable-multibyte-characters nil))
  	    (with-temp-buffer
! 	      (when (and passphrase (not pgg-gpg-use-agent))
  		(insert passphrase "\n"))
  	      (insert input)
  	      (setq exit-status
***************
*** 181,187 ****
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (when sign
                             (pgg-read-passphrase
                              (format "GnuPG passphrase for %s: "
--- 188,195 ----
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or pgg-gpg-use-agent
! 			 passphrase
                           (when sign
                             (pgg-read-passphrase
                              (format "GnuPG passphrase for %s: "
***************
*** 213,219 ****
  
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
!   (let* ((passphrase (or passphrase
                           (pgg-read-passphrase
                            "GnuPG passphrase for symmetric encryption: ")))
  	 (args
--- 221,228 ----
  
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
!   (let* ((passphrase (or pgg-gpg-use-agent
! 			 passphrase
                           (pgg-read-passphrase
                            "GnuPG passphrase for symmetric encryption: ")))
  	 (args
***************
*** 241,247 ****
  	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
  	 (pgg-gpg-user-id (or key-id key
  	                      pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (pgg-read-passphrase
                            (format (if (pgg-gpg-symmetric-key-p message-keys)
                                        "Passphrase for symmetric decryption: "
--- 250,257 ----
  	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
  	 (pgg-gpg-user-id (or key-id key
  	                      pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or pgg-gpg-use-agent
! 			 passphrase
                           (pgg-read-passphrase
                            (format (if (pgg-gpg-symmetric-key-p message-keys)
                                        "Passphrase for symmetric decryption: "
***************
*** 276,282 ****
  (defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
    "Make detached signature from text between START and END."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
                            pgg-gpg-user-id)))
--- 286,293 ----
  (defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
    "Make detached signature from text between START and END."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or pgg-gpg-use-agent
! 			 passphrase
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
                            pgg-gpg-user-id)))

[-- Attachment #1.1.3: Type: text/plain, Size: 101 bytes --]

-- 
Sascha Wilde 
Hi! I'm a .signature *virus*! Copy me into your ~/.signature to help me spread!

[-- Attachment #1.2: Type: application/pgp-signature, Size: 190 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Daniel Pittman]

[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]

Sascha Wilde <wilde@sha-bang.de> writes:

> I wrote a small patch, which makes it possible to use the GnuPG agent
> (which is part of gpg 1.9 and considered ready to use by Werner) with
> the GnuPG backend of pgg.
>
> I have done very little testing yet, but it seems to work fine.[0]
>
> To test it: 
> set up your gpg-agent as usual and set pgg-gpg-use-agent to t.

I am not convinced that this is the best idea -- so far as I can see, if
I were to set `pgg-gpg-use-agent' to `t' then I *must* use the agent.

Is it not possible to enable gpg to try the agent first, then to prompt
for a passphrase?

Also, is it possible to automatically detect support for using the agent
so that it isn't necessary to manually enable this -- once a new enough
version is available, support is enabled?

Obviously, automatically enabling this is only useful if the first issue
is resolved. :)

   Daniel
-- 
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707	   email: contact@digital-infrastructure.com.au

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: Small patch to enable use of gpg-agent with pgg

[Miles Bader]

Daniel Pittman <daniel@rimspace.net> writes:
> Is it not possible to enable gpg to try the agent first, then to prompt
> for a passphrase?

In my experience (trying to do the same thing outside of gnus), gpg is
generally kind of stupid in this respect ... if you find a way to do it,
let me know!

-miles
-- 
"I distrust a research person who is always obviously busy on a task."
   --Robert Frosch, VP, GM Research

Re: Small patch to enable use of gpg-agent with pgg

[Daniel Pittman]

Miles Bader <miles@gnu.org> writes:
> Daniel Pittman <daniel@rimspace.net> writes:
>> Is it not possible to enable gpg to try the agent first, then to prompt
>> for a passphrase?
>
> In my experience (trying to do the same thing outside of gnus), gpg is
> generally kind of stupid in this respect ... if you find a way to do
> it, let me know!

Hrm.  According to the documentation I have here, '--use-agent' will
first try to contact the agent, and will then ask for a passphrase if
that fails.

I don't have access to the agent to test, but it seems that it may be
possible to have this accept a passphrase from Gnus as well as trying
the agent.   Just a simple matter of programming -- which is, of course,
easy for me to volunteer the original poster. ;)

     Daniel
-- 
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707	   email: contact@digital-infrastructure.com.au

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

[-- Attachment #1.1: Type: text/plain, Size: 1364 bytes --]

Daniel Pittman <daniel@rimspace.net> wrote:

> Sascha Wilde <wilde@sha-bang.de> writes:
>
>> I wrote a small patch, which makes it possible to use the GnuPG agent
>> (which is part of gpg 1.9 and considered ready to use by Werner) with
>> the GnuPG backend of pgg.
[...]
> I am not convinced that this is the best idea -- so far as I can see, if
> I were to set `pgg-gpg-use-agent' to `t' then I *must* use the agent.
>
> Is it not possible to enable gpg to try the agent first, then to prompt
> for a passphrase?

Yes, that would be good.  I'll try to implement it.

> Also, is it possible to automatically detect support for using the agent
> so that it isn't necessary to manually enable this -- once a new enough
> version is available, support is enabled?

This would be very error prone.  Even if a running gpg-agent is
available there are certain conditions which could make using it
impossible.  For example: on an text console running the standard
pin-entry program (which uses curses) from within emacs won't work.

That's why I think that using an available agent should be enabled
explicitly. 

cheers
sascha
-- 
Sascha Wilde
Real programmers don't want "what you see is what you get", they want
"you asked for it, you got it".  They want editors that are terse,
powerful, cryptic, and unforgiving.  In a word, Teco.

[-- Attachment #1.2: Type: application/pgp-signature, Size: 190 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

[-- Attachment #1.1.1: Type: text/plain, Size: 869 bytes --]

Sascha Wilde <wilde@sha-bang.de> wrote:
> Daniel Pittman <daniel@rimspace.net> wrote:
>>> Sascha Wilde <wilde@sha-bang.de> writes:
>>
>>> I wrote a small patch, which makes it possible to use the GnuPG agent
>>> (which is part of gpg 1.9 and considered ready to use by Werner) with
>>> the GnuPG backend of pgg.
> [...]
>> I am not convinced that this is the best idea -- so far as I can see, if
>> I were to set `pgg-gpg-use-agent' to `t' then I *must* use the agent.
>>
>> Is it not possible to enable gpg to try the agent first, then to prompt
>> for a passphrase?
>
> Yes, that would be good.  I'll try to implement it.

I attached a patch which performs a test if gpg-agent is really
available when pgg-gpg-use-agent is set to t.

Please note, this new patch also fixees a bug, which was introduced
by the original patch and broke non agent use...

cheers
sascha


[-- Attachment #1.1.2: pgg-gpg-agent.patch --]
[-- Type: text/x-patch, Size: 6832 bytes --]

*** pgg-gpg.el	11 Feb 2006 17:01:56 +0100	1.4
--- pgg-gpg.el	19 Mär 2006 17:05:38 +0100	
***************
*** 4,10 ****
  ;;   2005, 2006 Free Software Foundation, Inc.
  
  ;; Author: Daiki Ueno <ueno@unixuser.org>
! ;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
  ;; Created: 1999/10/28
  ;; Keywords: PGP, OpenPGP, GnuPG
  
--- 4,11 ----
  ;;   2005, 2006 Free Software Foundation, Inc.
  
  ;; Author: Daiki Ueno <ueno@unixuser.org>
! ;; Symmetric encryption and gpg-agent support added by: 
! ;;   Sascha Wilde <wilde@sha-bang.de>
  ;; Created: 1999/10/28
  ;; Keywords: PGP, OpenPGP, GnuPG
  
***************
*** 51,64 ****
    :type '(choice (const :tag "New `--recipient' option" "--recipient")
  		 (const :tag "Old `--remote-user' option" "--remote-user")))
  
  (defvar pgg-gpg-user-id nil
    "GnuPG ID of your default identity.")
  
  (defun pgg-gpg-process-region (start end passphrase program args)
!   (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
  	 (args
  	  `("--status-fd" "2"
! 	    ,@(if passphrase '("--passphrase-fd" "0"))
  	    "--yes" ; overwrite
  	    "--output" ,output-file-name
  	    ,@pgg-gpg-extra-args ,@args))
--- 52,73 ----
    :type '(choice (const :tag "New `--recipient' option" "--recipient")
  		 (const :tag "Old `--remote-user' option" "--remote-user")))
  
+ (defcustom pgg-gpg-use-agent nil
+   "Whether to use gnupg agent for key caching."
+   :group 'pgg-gpg
+   :type 'boolean)
+ 
  (defvar pgg-gpg-user-id nil
    "GnuPG ID of your default identity.")
  
  (defun pgg-gpg-process-region (start end passphrase program args)
!   (let* ((use-agent (pgg-gpg-use-agent-p)) 
! 	 (output-file-name (pgg-make-temp-file "pgg-output"))
  	 (args
  	  `("--status-fd" "2"
! 	    ,@(if (and passphrase (not use-agent)) 
! 		  '("--passphrase-fd" "0"))
! 	    ,@(if use-agent '("--use-agent"))
  	    "--yes" ; overwrite
  	    "--output" ,output-file-name
  	    ,@pgg-gpg-extra-args ,@args))
***************
*** 77,83 ****
  		(input (buffer-substring-no-properties start end))
  		(default-enable-multibyte-characters nil))
  	    (with-temp-buffer
! 	      (when passphrase
  		(insert passphrase "\n"))
  	      (insert input)
  	      (setq exit-status
--- 86,92 ----
  		(input (buffer-substring-no-properties start end))
  		(default-enable-multibyte-characters nil))
  	    (with-temp-buffer
! 	      (when (and passphrase (not (pgg-gpg-use-agent-p)))
  		(insert passphrase "\n"))
  	      (insert input)
  	      (setq exit-status
***************
*** 181,187 ****
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (when sign
                             (pgg-read-passphrase
                              (format "GnuPG passphrase for %s: "
--- 190,197 ----
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or (pgg-gpg-use-agent-p)
! 			 passphrase
                           (when sign
                             (pgg-read-passphrase
                              (format "GnuPG passphrase for %s: "
***************
*** 213,219 ****
  
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
!   (let* ((passphrase (or passphrase
                           (pgg-read-passphrase
                            "GnuPG passphrase for symmetric encryption: ")))
  	 (args
--- 223,230 ----
  
  If optional PASSPHRASE is not specified, it will be obtained from the
  passphrase cache or user."
!   (let* ((passphrase (or (pgg-gpg-use-agent-p)
! 			 passphrase
                           (pgg-read-passphrase
                            "GnuPG passphrase for symmetric encryption: ")))
  	 (args
***************
*** 241,247 ****
  	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
  	 (pgg-gpg-user-id (or key-id key
  	                      pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (pgg-read-passphrase
                            (format (if (pgg-gpg-symmetric-key-p message-keys)
                                        "Passphrase for symmetric decryption: "
--- 252,259 ----
  	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
  	 (pgg-gpg-user-id (or key-id key
  	                      pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or (pgg-gpg-use-agent-p)
! 			 passphrase
                           (pgg-read-passphrase
                            (format (if (pgg-gpg-symmetric-key-p message-keys)
                                        "Passphrase for symmetric decryption: "
***************
*** 276,282 ****
  (defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
    "Make detached signature from text between START and END."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or passphrase
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
                            pgg-gpg-user-id)))
--- 288,295 ----
  (defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
    "Make detached signature from text between START and END."
    (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
! 	 (passphrase (or (pgg-gpg-use-agent-p)
! 			 passphrase
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
                            pgg-gpg-user-id)))
***************
*** 345,350 ****
--- 358,382 ----
      (append-to-buffer pgg-output-buffer (point-min)(point-max))
      (pgg-process-when-success)))
  
+ (defun pgg-gpg-update-agent ()
+   "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
+   (let* ((agent-info (getenv "GPG_AGENT_INFO")) 
+ 	 (socket (and agent-info
+ 		      (string-match "^\\([^:]*\\)" agent-info)
+ 		      (match-string 1 agent-info)))
+ 	 (conn (and socket
+ 		    (make-network-process :name "gpg-agent-process"
+ 					  :host 'local :family 'local
+ 					  :service socket))))
+     (when (and conn (eq (process-status conn) 'open))
+       (process-send-string conn "UPDATESTARTUPTTY\n")
+       (delete-process conn)
+       t)))
+ 
+ (defun pgg-gpg-use-agent-p ()
+   "Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
+   (and pgg-gpg-use-agent (pgg-gpg-update-agent)))
+ 
  (provide 'pgg-gpg)
  
  ;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000

[-- Attachment #1.1.3: Type: text/plain, Size: 174 bytes --]


-- 
Sascha Wilde : VI is to EMACS as masturbation is to making love:
             : effective and always available but probably not your
             : first choice...

[-- Attachment #1.2: Type: application/pgp-signature, Size: 190 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Miles Bader]

Daniel Pittman <daniel@rimspace.net> writes:
> Hrm.  According to the documentation I have here, '--use-agent' will
> first try to contact the agent, and will then ask for a passphrase if
> that fails.

It does, but it doesn't really work very well -- it must use some
different mechanism than the ordinary (no agent specified at all) case
because it only prompts once (doesn't re-prompt if you give a wrong
password) and seems generally seems more flaky (fails in more cases,
e.g., given other options that ordinarily don't preclude password entry).

-Miles
-- 
Love is a snowmobile racing across the tundra.  Suddenly it flips over,
pinning you underneath.  At night the ice weasels come.  --Nietzsche

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Hi,
>
> I wrote a small patch, which makes it possible to use the GnuPG agent
> (which is part of gpg 1.9 and considered ready to use by Werner) with
> the GnuPG backend of pgg.
>
> I have done very little testing yet, but it seems to work fine.[0]
>
> To test it: 
> set up your gpg-agent as usual and set pgg-gpg-use-agent to t.

Your patch didn't work well for me:

1) Non-agent mode didn't work at all (the args list contained 'nil' so
   invoking gpg failed with a lisp error).

2) After fixing the above, the patch made the passphrase be 't', which
   broke the passphrase cache, causing a lisp error.

How about this patch instead?  It works for me.  I've also improved
the pgg-use-agent default value.  I've installed this on Emacs CVS
trunk, Gnus v5-10 and Gnus CVS.

Thanks for working on this, it is quite useful.

--- pgg-gpg.el	21 Mar 2006 14:53:00 +0100	1.4
+++ pgg-gpg.el	21 Mar 2006 15:22:38 +0100	
@@ -51,6 +51,13 @@
   :type '(choice (const :tag "New `--recipient' option" "--recipient")
 		 (const :tag "Old `--remote-user' option" "--remote-user")))
 
+(defcustom pgg-gpg-use-agent (if (getenv "GPG_AGENT_INFO") t nil)
+  "Whether to use gnupg agent for key caching.
+By default, it will be enabled iff the environment variable
+\"GPG_AGENT_INFO\" is set."
+  :group 'pgg-gpg
+  :type 'boolean)
+
 (defvar pgg-gpg-user-id nil
   "GnuPG ID of your default identity.")
 
@@ -58,7 +65,8 @@
   (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
 	 (args
 	  `("--status-fd" "2"
-	    ,@(if passphrase '("--passphrase-fd" "0"))
+	    ,@(if pgg-gpg-use-agent '("--use-agent")
+		(if passphrase '("--passphrase-fd" "0")))
 	    "--yes" ; overwrite
 	    "--output" ,output-file-name
 	    ,@pgg-gpg-extra-args ,@args))
@@ -100,7 +108,8 @@
       (set-default-file-modes orig-mode))))
 
 (defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
-  (if (and pgg-cache-passphrase
+  (if (and passphrase
+	   pgg-cache-passphrase
 	   (progn
 	     (goto-char (point-min))
 	     (re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t)))
@@ -182,7 +191,7 @@
 passphrase cache or user."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
-                         (when sign
+			 (when (and sign (not pgg-gpg-use-agent))
                            (pgg-read-passphrase
                             (format "GnuPG passphrase for %s: "
                                     pgg-gpg-user-id)
@@ -214,8 +223,9 @@
 If optional PASSPHRASE is not specified, it will be obtained from the
 passphrase cache or user."
   (let* ((passphrase (or passphrase
+			 (when (not pgg-gpg-use-agent)
                          (pgg-read-passphrase
-                          "GnuPG passphrase for symmetric encryption: ")))
+			    "GnuPG passphrase for symmetric encryption: "))))
 	 (args
 	  (append (list "--batch" "--armor" "--symmetric" )
 		  (if pgg-text-mode (list "--textmode")))))
@@ -242,12 +252,13 @@
 	 (pgg-gpg-user-id (or key-id key
 	                      pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
+			 (when (not pgg-gpg-use-agent)
                          (pgg-read-passphrase
                           (format (if (pgg-gpg-symmetric-key-p message-keys)
                                       "Passphrase for symmetric decryption: "
                                     "GnuPG passphrase for %s: ")
                                   (or key-owner "??"))
-                          pgg-gpg-user-id)))
+			    pgg-gpg-user-id))))
 	 (args '("--batch" "--decrypt")))
     (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
     (with-current-buffer pgg-errors-buffer
@@ -277,9 +288,11 @@
   "Make detached signature from text between START and END."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
+			 (when (not pgg-gpg-use-agent)
                          (pgg-read-passphrase
-                          (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
-                          pgg-gpg-user-id)))
+			    (format "GnuPG passphrase for %s: "
+				    pgg-gpg-user-id)
+			    pgg-gpg-user-id))))
 	 (args
 	  (append (list (if cleartext "--clearsign" "--detach-sign")
 			"--armor" "--batch" "--verbose"

Re: Small patch to enable use of gpg-agent with pgg

[Reiner Steib]

On Tue, Mar 21 2006, Simon Josefsson wrote:

> I've installed this on Emacs CVS trunk, Gnus v5-10 and Gnus CVS.

The versions differed in whitespace.  I've synced them now.

I also removed the bogus pgg-gpg.el entry in lisp/gnus/ChangeLog
(added by Miles' sync script).  pgg-gpg.el is in lisp, where Simon
already added a ChangeLog entry.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

[-- Attachment #1: Type: text/plain, Size: 1519 bytes --]

Simon Josefsson <jas@extundo.com> wrote:

Hi Simon,

first of all, fore some reasons you got lost from the list of CC's so
you missed some important messages in this thread, including a more
elaborated version of my patch...

> 1) Non-agent mode didn't work at all (the args list contained 'nil' so
>    invoking gpg failed with a lisp error).

Yes.  This was fixed in my second patch.  (and in the attached, of cause)

> 2) After fixing the above, the patch made the passphrase be 't', which
>    broke the passphrase cache, causing a lisp error.

Thanks, I used your strategy to fix this issue in my new patch (which
I attached).

> How about this patch instead?  It works for me.  I've also improved
> the pgg-use-agent default value.

This is very error prone.  As I wrote before on emacs-devel: there are
certain situations in which using the agent will fail -- even if it is
available: for example: on an text console running the standard
pin-entry program (which uses curses) from within emacs won't work.
That's why I think this option should be explicitly enabled by the user.

Another problem is, that checking for $GPG_AGENT_INFO is not
sufficient, the environment variable will stay set, even is the agent
was killed.

Could you please consider committing the attached patch, which
reverses the default of pgg-gpg-use-agent to nil, and adds an check if
the agent is _really_ available, when pgg-gpg-use-agent is set to t?

(The patch is against the latest CVS, including your patch that is)

cheers
sascha


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: pgg-gpg-agent.patch --]
[-- Type: text/x-patch, Size: 3869 bytes --]

Index: pgg-gpg.el
===================================================================
RCS file: /sources/emacs/emacs/lisp/pgg-gpg.el,v
retrieving revision 1.6
diff -c -r1.6 pgg-gpg.el
--- pgg-gpg.el	21 Mar 2006 21:24:27 -0000	1.6
+++ pgg-gpg.el	22 Mar 2006 08:14:59 -0000
@@ -4,7 +4,8 @@
 ;;   2005, 2006 Free Software Foundation, Inc.
 
 ;; Author: Daiki Ueno <ueno@unixuser.org>
-;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
+;; Symmetric encryption and gpg-agent support added by: 
+;;   Sascha Wilde <wilde@sha-bang.de>
 ;; Created: 1999/10/28
 ;; Keywords: PGP, OpenPGP, GnuPG
 
@@ -51,10 +52,8 @@
   :type '(choice (const :tag "New `--recipient' option" "--recipient")
 		 (const :tag "Old `--remote-user' option" "--remote-user")))
 
-(defcustom pgg-gpg-use-agent (if (getenv "GPG_AGENT_INFO") t nil)
-  "Whether to use gnupg agent for key caching.
-By default, it will be enabled iff the environment variable
-\"GPG_AGENT_INFO\" is set."
+(defcustom pgg-gpg-use-agent nil
+  "Whether to use gnupg agent for key caching."
   :group 'pgg-gpg
   :type 'boolean)
 
@@ -62,10 +61,11 @@
   "GnuPG ID of your default identity.")
 
 (defun pgg-gpg-process-region (start end passphrase program args)
-  (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
+  (let* ((use-agent (pgg-gpg-use-agent-p)) 
+	 (output-file-name (pgg-make-temp-file "pgg-output"))
 	 (args
 	  `("--status-fd" "2"
-	    ,@(if pgg-gpg-use-agent '("--use-agent")
+	    ,@(if use-agent '("--use-agent")
 		(if passphrase '("--passphrase-fd" "0")))
 	    "--yes" ; overwrite
 	    "--output" ,output-file-name
@@ -189,7 +189,7 @@
 passphrase cache or user."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
-			 (when (and sign (not pgg-gpg-use-agent))
+			 (when (and sign (not (pgg-gpg-use-agent-p)))
 			   (pgg-read-passphrase
 			    (format "GnuPG passphrase for %s: "
 				    pgg-gpg-user-id)
@@ -221,7 +221,7 @@
 If optional PASSPHRASE is not specified, it will be obtained from the
 passphrase cache or user."
   (let* ((passphrase (or passphrase
-			 (when (not pgg-gpg-use-agent)
+			 (when (not (pgg-gpg-use-agent-p))
 			   (pgg-read-passphrase
 			    "GnuPG passphrase for symmetric encryption: "))))
 	 (args
@@ -250,7 +250,7 @@
 	 (pgg-gpg-user-id (or key-id key
 			      pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
-			 (when (not pgg-gpg-use-agent)
+			 (when (not (pgg-gpg-use-agent-p))
 			   (pgg-read-passphrase
 			    (format (if (pgg-gpg-symmetric-key-p message-keys)
 					"Passphrase for symmetric decryption: "
@@ -286,7 +286,7 @@
   "Make detached signature from text between START and END."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
 	 (passphrase (or passphrase
-			 (when (not pgg-gpg-use-agent)
+			 (when (not (pgg-gpg-use-agent-p))
 			   (pgg-read-passphrase
 			    (format "GnuPG passphrase for %s: "
 				    pgg-gpg-user-id)
@@ -356,6 +356,25 @@
     (append-to-buffer pgg-output-buffer (point-min)(point-max))
     (pgg-process-when-success)))
 
+(defun pgg-gpg-update-agent ()
+  "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
+  (let* ((agent-info (getenv "GPG_AGENT_INFO")) 
+	 (socket (and agent-info
+		      (string-match "^\\([^:]*\\)" agent-info)
+		      (match-string 1 agent-info)))
+	 (conn (and socket
+		    (make-network-process :name "gpg-agent-process"
+					  :host 'local :family 'local
+					  :service socket))))
+    (when (and conn (eq (process-status conn) 'open))
+      (process-send-string conn "UPDATESTARTUPTTY\n")
+      (delete-process conn)
+      t)))
+
+(defun pgg-gpg-use-agent-p ()
+  "Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
+  (and pgg-gpg-use-agent (pgg-gpg-update-agent)))
+
 (provide 'pgg-gpg)
 
 ;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000

[-- Attachment #3: Type: text/plain, Size: 149 bytes --]


-- 
Sascha Wilde

"Unix was the first OS where you could carry the media and system
documentation around in a briefcase. This was fixed in BSD4.2."

[-- Attachment #4: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

Hello,

>>>>> In <m2slpadgf0.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> This is very error prone.  As I wrote before on emacs-devel: there are
> certain situations in which using the agent will fail -- even if it is
> available: for example: on an text console running the standard
> pin-entry program (which uses curses) from within emacs won't work.
> That's why I think this option should be explicitly enabled by the user.

> Another problem is, that checking for $GPG_AGENT_INFO is not
> sufficient, the environment variable will stay set, even is the agent
> was killed.

That looks a bit complicated for me.  Is there a choice of utilizing
--status-fd output?  That is, query a user for his passphrase only when
gpg requested (i.e. we see NEED_PASSPHRASE)

Though I know that this solution involves some coding to make use of
asynchronous process, I expect that it is not so hard to implement.

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Simon Josefsson <jas@extundo.com> wrote:
>
> Hi Simon,
>
> first of all, fore some reasons you got lost from the list of CC's so
> you missed some important messages in this thread, including a more
> elaborated version of my patch...

Hi Sascha.  Oops!

>> 1) Non-agent mode didn't work at all (the args list contained 'nil' so
>>    invoking gpg failed with a lisp error).
>
> Yes.  This was fixed in my second patch.  (and in the attached, of cause)
>
>> 2) After fixing the above, the patch made the passphrase be 't', which
>>    broke the passphrase cache, causing a lisp error.
>
> Thanks, I used your strategy to fix this issue in my new patch (which
> I attached).

Your patch look good, although Daiki's idea of querying for the
passphrase only when it is needed seem better.  I don't have time to
implement that though.  If you or Daiki have time, I'd prefer that
solution, but if there isn't a patch to commit within a few days, I'll
install your patch so we don't get stuck.  What do you think?

>> How about this patch instead?  It works for me.  I've also improved
>> the pgg-use-agent default value.
>
> This is very error prone.  As I wrote before on emacs-devel: there are
> certain situations in which using the agent will fail -- even if it is
> available: for example: on an text console running the standard
> pin-entry program (which uses curses) from within emacs won't work.
> That's why I think this option should be explicitly enabled by the user.
>
> Another problem is, that checking for $GPG_AGENT_INFO is not
> sufficient, the environment variable will stay set, even is the agent
> was killed.

Ah, I see.

> Could you please consider committing the attached patch, which
> reverses the default of pgg-gpg-use-agent to nil, and adds an check if
> the agent is _really_ available, when pgg-gpg-use-agent is set to t?
>
> (The patch is against the latest CVS, including your patch that is)

Seems fine, although I'll wait a day or so until I see if we can get
Daiki's idea implemented.

Thanks!

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

> Hello,
>
>>>>>> In <m2slpadgf0.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> This is very error prone.  As I wrote before on emacs-devel: there are
>> certain situations in which using the agent will fail -- even if it is
>> available: for example: on an text console running the standard
>> pin-entry program (which uses curses) from within emacs won't work.
>> That's why I think this option should be explicitly enabled by the user.
>
>> Another problem is, that checking for $GPG_AGENT_INFO is not
>> sufficient, the environment variable will stay set, even is the agent
>> was killed.
>
> That looks a bit complicated for me.  Is there a choice of utilizing
> --status-fd output?  That is, query a user for his passphrase only when
> gpg requested (i.e. we see NEED_PASSPHRASE)
>
> Though I know that this solution involves some coding to make use of
> asynchronous process, I expect that it is not so hard to implement.

Hi Daiki!  I like this.  Would you like to implement it?

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Tue, Mar 21 2006, Simon Josefsson wrote:
>
>> I've installed this on Emacs CVS trunk, Gnus v5-10 and Gnus CVS.
>
> The versions differed in whitespace.  I've synced them now.
>
> I also removed the bogus pgg-gpg.el entry in lisp/gnus/ChangeLog
> (added by Miles' sync script).  pgg-gpg.el is in lisp, where Simon
> already added a ChangeLog entry.

Thanks!

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Hello Daiki,

I'm afraid I don't understand your suggestion...

Daiki Ueno <ueno@unixuser.org> wrote:
>>>>>> In <m2slpadgf0.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> This is very error prone.  As I wrote before on emacs-devel: there are
>> certain situations in which using the agent will fail -- even if it is
>> available: for example: on an text console running the standard
>> pin-entry program (which uses curses) from within emacs won't work.
>> That's why I think this option should be explicitly enabled by the user.
>
>> Another problem is, that checking for $GPG_AGENT_INFO is not
>> sufficient, the environment variable will stay set, even is the agent
>> was killed.
>
> That looks a bit complicated for me.

What exactly looks complicated to you?

> Is there a choice of utilizing --status-fd output?  That is, query a
> user for his passphrase only when gpg requested (i.e. we see
> NEED_PASSPHRASE)

I don't understand this point -- with the proposed patch the user
already only gets queried for the passphrase when gpg needs it -- or
am I missing something?

While I can imagine that a solution utilizing --status-fd might be
more elegant, I don't see how this could improve usability (and I
would expect it to be rather more than less complicated).

Can you please explain what behavior you would expect from pgg, maybe
with an example?

Thanks
sascha
-- 
Sascha Wilde
Nota bene: wenn Word für Längeres geeignet wäre, würde es schließlich
nicht Word, sondern Sentence, Page oder Article heißen
 	-- Matthias Mühlich in dctt

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

>> Is there a choice of utilizing --status-fd output?  That is, query a
>> user for his passphrase only when gpg requested (i.e. we see
>> NEED_PASSPHRASE)
>
> I don't understand this point -- with the proposed patch the user
> already only gets queried for the passphrase when gpg needs it -- or
> am I missing something?

Right now, pgg assume that gpg will need a passphrase so it asks the
user for one.  It may be better if pgg postpone the passphrase query
until gpg tell pgg that it needs a passphrase.  Then it is only
queried for when it is needed.  This should be more reliable, but
slightly more complicated to implement (asynchronous code).

Gpg doesn't need a passphrase if the agent is used, or (I guess) if
the key isn't protected with a password.  If a smartcard is used, gpg
need a pin code and not a passphrase, I'm not sure pgg can handle this
at all now.  (This last point is separate, and wouldn't be solved if
we implement Daiki's idea.)

I may have misunderstood Daiki though...

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

>>>>> In <877j6mg2af.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> Sascha Wilde <wilde@sha-bang.de> writes:

> >> Is there a choice of utilizing --status-fd output?  That is, query a
> >> user for his passphrase only when gpg requested (i.e. we see
> >> NEED_PASSPHRASE)
> >
> > I don't understand this point -- with the proposed patch the user
> > already only gets queried for the passphrase when gpg needs it -- or
> > am I missing something?

> Right now, pgg assume that gpg will need a passphrase so it asks the
> user for one.  It may be better if pgg postpone the passphrase query
> until gpg tell pgg that it needs a passphrase.  Then it is only
> queried for when it is needed.  This should be more reliable, but
> slightly more complicated to implement (asynchronous code).

Thanks for your explanation.  This is what I wanted to say.
We may need some experiments to see gpg use status fd as expected,
though.

Anyway, I'll try to implement this.

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Could you please consider committing the attached patch, which
> reverses the default of pgg-gpg-use-agent to nil, and adds an check if
> the agent is _really_ available, when pgg-gpg-use-agent is set to t?
>
> (The patch is against the latest CVS, including your patch that is)

Given the pending 5.10.x release, I installed it.  Installing Daiki's
work would come later, and would slightly improve the user experience
here (i.e., not having to set pgg-gpg-use-agent manually).

Re: Small patch to enable use of gpg-agent with pgg

[Katsumi Yamaoka]

>>>>> In <87zmjicv9d.fsf@latte.josefsson.org> Simon Josefsson wrote:

> Given the pending 5.10.x release, I installed it.

Emacs 20, 21 and XEmacs complain to use of make-network-process
which isn't available.  To solve the problem, we may want to
introduce it as dns.el does.

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Katsumi Yamaoka <yamaoka@jpl.org> writes:

>>>>>> In <87zmjicv9d.fsf@latte.josefsson.org> Simon Josefsson wrote:
>
>> Given the pending 5.10.x release, I installed it.
>
> Emacs 20, 21 and XEmacs complain to use of make-network-process
> which isn't available.  To solve the problem, we may want to
> introduce it as dns.el does.

Do those emacsen support socket processes?  If not, maybe we should
remove pgg-gpg-update-agent.

Re: Small patch to enable use of gpg-agent with pgg

[Katsumi Yamaoka]

>>>>> In <87irq6yrfo.fsf@latte.josefsson.org> Simon Josefsson wrote:

> Katsumi Yamaoka <yamaoka@jpl.org> writes:

>> Emacs 20, 21 and XEmacs complain to use of make-network-process
>> which isn't available.  To solve the problem, we may want to
>> introduce it as dns.el does.

> Do those emacsen support socket processes?  If not, maybe we should
> remove pgg-gpg-update-agent.

Oops.  ISHIKAWA Mutsumi wrote (in Japanese) in

http://lists.debian.or.jp/debian-devel/200502/msg00007.html

that Emacs 21 doesn't support the communication passing the UNIX
domain socket.  If we need to use it at all costs, we will have
to use an external program which communicates with the agent
process by way of the socket.

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Katsumi Yamaoka <yamaoka@jpl.org> writes:

>>>>>> In <87irq6yrfo.fsf@latte.josefsson.org> Simon Josefsson wrote:
>
>> Katsumi Yamaoka <yamaoka@jpl.org> writes:
>
>>> Emacs 20, 21 and XEmacs complain to use of make-network-process
>>> which isn't available.  To solve the problem, we may want to
>>> introduce it as dns.el does.
>
>> Do those emacsen support socket processes?  If not, maybe we should
>> remove pgg-gpg-update-agent.
>
> Oops.  ISHIKAWA Mutsumi wrote (in Japanese) in
>
> http://lists.debian.or.jp/debian-devel/200502/msg00007.html
>
> that Emacs 21 doesn't support the communication passing the UNIX
> domain socket.  If we need to use it at all costs, we will have
> to use an external program which communicates with the agent
> process by way of the socket.

I think it is too complicated.  It is simpler to remove the function.
Sascha, what do you think?  People who enable pgg-gpg-use-agent
manually might be expected to make sure the agent really is running.

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <jas@extundo.com> wrote:

> Katsumi Yamaoka <yamaoka@jpl.org> writes:
>
>>>>>>> In <87irq6yrfo.fsf@latte.josefsson.org> Simon Josefsson wrote:
>>
>>> Katsumi Yamaoka <yamaoka@jpl.org> writes:
>>
>>>> Emacs 20, 21 and XEmacs complain to use of make-network-process
>>>> which isn't available.  To solve the problem, we may want to
>>>> introduce it as dns.el does.
>>
>>> Do those emacsen support socket processes?  If not, maybe we should
>>> remove pgg-gpg-update-agent.
>>
>> Oops.  ISHIKAWA Mutsumi wrote (in Japanese) in
>>
>> http://lists.debian.or.jp/debian-devel/200502/msg00007.html
>>
>> that Emacs 21 doesn't support the communication passing the UNIX
>> domain socket.  If we need to use it at all costs, we will have
>> to use an external program which communicates with the agent
>> process by way of the socket.
>
> I think it is too complicated.  It is simpler to remove the function.
> Sascha, what do you think?  People who enable pgg-gpg-use-agent
> manually might be expected to make sure the agent really is running.

I would like to see pgg do the right think when ever it can -- could
we keep it for emacs 22 and just not use it if its not available?  

How about testing for the emacs version, or availability of
make-network-process?

I'll purpose a more compatible patch later -- but I don't have the
time right now, sorry.

cheers
sascha
-- 
Sascha Wilde

A conclusion is simply the place where someone got tired of thinking.

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 632 bytes --]

Hello,

>>>>> In <e8632056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> 
>>>>>	Daiki Ueno <ueno@unixuser.org> wrote:
> > Right now, pgg assume that gpg will need a passphrase so it asks the
> > user for one.  It may be better if pgg postpone the passphrase query
> > until gpg tell pgg that it needs a passphrase.  Then it is only
> > queried for when it is needed.  This should be more reliable, but
> > slightly more complicated to implement (asynchronous code).

> Anyway, I'll try to implement this.

Could you please try the attached pgg-gpg.el?

Please note, this patch is only for review, not meant to be committed now.

[-- Attachment #2: pgg-gpg.el --]
[-- Type: application/octet-stream, Size: 12450 bytes --]

;;; pgg-gpg.el --- GnuPG support for PGG.

;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
;;   2005, 2006 Free Software Foundation, Inc.

;; Author: Daiki Ueno <ueno@unixuser.org>
;; Symmetric encryption and gpg-agent support added by: 
;;   Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 2, or (at your option)
;; any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Code:

(eval-when-compile
  (require 'pgg))

(defgroup pgg-gpg ()
  "GnuPG interface."
  :group 'pgg)

(defcustom pgg-gpg-program "gpg"
  "The GnuPG executable."
  :group 'pgg-gpg
  :type 'string)

(defcustom pgg-gpg-extra-args nil
  "Extra arguments for every GnuPG invocation."
  :group 'pgg-gpg
  :type '(repeat (string :tag "Argument")))

(defcustom pgg-gpg-recipient-argument "--recipient"
  "GnuPG option to specify recipient."
  :group 'pgg-gpg
  :type '(choice (const :tag "New `--recipient' option" "--recipient")
		 (const :tag "Old `--remote-user' option" "--remote-user")))

(defcustom pgg-gpg-use-agent nil
  "Whether to use gnupg agent for key caching."
  :group 'pgg-gpg
  :type 'boolean)

(defcustom pgg-gpg-timeout 60
  "Timeout of GnuPG command execution."
  :group 'pgg-gpg
  :type 'integer)

(defvar pgg-gpg-user-id nil
  "GnuPG ID of your default identity.")

(defvar pgg-gpg-user-id-alist nil
  "An alist mapping from key ID to user ID.")

(defvar pgg-gpg-read-point nil)
(defvar pgg-gpg-output-file-name nil)
(defvar pgg-gpg-pending-status-list nil)
(defvar pgg-gpg-key-id nil)
(defvar pgg-gpg-debug-buffer " *pgg-gpg-debug*")

(defun pgg-gpg-start-process (args)
  (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
	 (args
	  (append (list "--no-tty"
			"--status-fd" "1"
			"--command-fd" "0"
			"--yes" ; overwrite
			"--output" output-file-name)
		  (if pgg-gpg-use-agent '("--use-agent"))
		  pgg-gpg-extra-args
		  args))
	 (coding-system-for-write 'binary)
	 (process-connection-type nil)
	 (orig-mode (default-file-modes))
	 default-enable-multibyte-characters
	 (buffer (if pgg-gpg-debug-buffer
		     pgg-gpg-debug-buffer
		   (generate-new-buffer " *pgg-gpg*")))
	 process)
    (if pgg-gpg-debug-buffer
	(save-excursion
	  (set-buffer (get-buffer-create pgg-gpg-debug-buffer))
	  (erase-buffer)))
    (with-current-buffer buffer
      (make-local-variable 'pgg-gpg-read-point)
      (setq pgg-gpg-read-point (point-min))
      (make-local-variable 'pgg-gpg-output-file-name)
      (setq pgg-gpg-output-file-name output-file-name)
      (make-local-variable 'pgg-gpg-pending-status-list)
      (setq pgg-gpg-pending-status-list nil)
      (make-local-variable 'pgg-gpg-key-id)
      (setq pgg-gpg-key-id nil))
    (unwind-protect
	(progn
	  (set-default-file-modes 448)
	  (setq process
		(apply #'start-process "pgg-gpg" buffer pgg-gpg-program args))
	  (set-process-filter process #'pgg-gpg-process-filter)
	  (set-process-sentinel process #'pgg-gpg-process-sentinel))
      (set-default-file-modes orig-mode))
    process))

(defun pgg-gpg-process-filter (process input)
  (save-excursion
    (set-buffer (process-buffer process))
    (goto-char (point-max))
    (insert input)
    (goto-char pgg-gpg-read-point)
    (beginning-of-line)
    (while (looking-at ".*\n")		;the input line is finished
      (save-excursion
	(if (looking-at "\\[GNUPG:] \\([A-Z_]+\\)\\>.*")
	    (let* ((status (match-string 1))
		   (symbol (intern-soft (concat "pgg-gpg-handle-" status)))
		   (entry (member status pgg-gpg-pending-status-list)))
	      (if entry
		  (setq pgg-gpg-pending-status-list
			(delq (car entry)
			      pgg-gpg-pending-status-list)))
	      (if (and symbol
		       (fboundp symbol))
		  (funcall symbol process (buffer-substring (match-beginning 1)
							    (match-end 0)))))))
      (forward-line))
    (setq pgg-gpg-read-point (point))))

(defun pgg-gpg-process-sentinel (process status)
  (save-excursion
    ;; Copy the contents of process-buffer to pgg-errors-buffer.
    (set-buffer (get-buffer-create pgg-errors-buffer))
    (buffer-disable-undo)
    (erase-buffer)
    (when (buffer-live-p (process-buffer process))
      (insert-buffer-substring (process-buffer process))
      (goto-char (point-min))
      (delete-matching-lines "^\\[GNUPG:] ")
      (goto-char (point-min))
      (while (re-search-forward "^gpg: " nil t)
	(replace-match "")))
    ;; Read the contents of the output file to pgg-output-buffer.
    (set-buffer (get-buffer-create pgg-output-buffer))
    (buffer-disable-undo)
    (erase-buffer)
    (if (and (equal status "finished\n")
	     (buffer-live-p (process-buffer process)))
	(let ((output-file-name (with-current-buffer (process-buffer process)
				  pgg-gpg-output-file-name)))
	  (when (file-exists-p output-file-name)
	    (let ((coding-system-for-read (if pgg-text-mode
					      'raw-text
					    'binary)))
	      (insert-file-contents output-file-name))
	    (delete-file output-file-name))))
    (if (buffer-live-p (process-buffer process))
	(kill-buffer (process-buffer process)))))

(defun pgg-gpg-wait-for-status (process status-list)
  (with-current-buffer (process-buffer process)
    (setq pgg-gpg-pending-status-list status-list)
    (while (and (eq (process-status process) 'run)
		pgg-gpg-pending-status-list)
      (accept-process-output process 1))))

(defun pgg-gpg-wait-for-process (process)
  (while (eq (process-status process) 'run)
    (accept-process-output process 1))
  (sit-for 1))

(defun pgg-gpg-handle-USERID_HINT (process line)
  (if (string-match "^USERID_HINT \\([^ ]+\\) \\(.*\\)" line)
      (let* ((key-id (match-string 1 line))
	     (user-id (match-string 2 line))
	     (entry (assoc key-id pgg-gpg-user-id-alist)))
	(if entry
	    (setcdr entry user-id)
	  (setq pgg-gpg-user-id-alist (cons (cons key-id user-id)
					    pgg-gpg-user-id-alist))))))
						  
(defun pgg-gpg-handle-NEED_PASSPHRASE (process line)
  (if (string-match "^NEED_PASSPHRASE \\([^ ]+\\)" line)
      (setq pgg-gpg-key-id (match-string 1 line))))

(defun pgg-gpg-handle-NEED_PASSPHRASE_SYM (process line)
  (setq pgg-gpg-key-id 'symmetric))

(defun pgg-gpg-handle-GET_HIDDEN (process line)
  (let* ((entry (assoc pgg-gpg-key-id pgg-gpg-user-id-alist))
	 (passphrase (pgg-read-passphrase
		      (if (eq pgg-gpg-key-id 'symmetric)
			  "GnuPG passphrase for symmetric encryption: "
			(format "GnuPG passphrase for %s: " (if entry
								(cdr entry)
							      pgg-gpg-key-id)))
		      pgg-gpg-key-id)))
    (if passphrase
	(process-send-string process (concat passphrase "\n")))))

(defun pgg-gpg-lookup-key (string &optional type)
  "Search keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if type "--list-secret-keys" "--list-keys")
		    string)))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)"
			     nil t)
	  (substring (match-string 2) 8)))))

(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
  "Encrypt the current region between START and END.

If optional argument SIGN is non-nil, do a combined sign and encrypt."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args
	  (append
	   '("--armor" "--always-trust" "--encrypt")
	   (if pgg-text-mode '("--textmode"))
	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
	   (if recipients
	       (apply #'nconc
		      (mapcar (lambda (rcpt)
				(list pgg-gpg-recipient-argument rcpt))
			      (append recipients
				      (if pgg-encrypt-for-me
					  (list pgg-gpg-user-id))))))))
	 (process (pgg-gpg-start-process args)))
    (if sign
	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
    (process-send-region process start end)
    (process-send-eof process)
    (pgg-gpg-wait-for-process process)
    (pgg-process-when-success)))

(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
  "Encrypt the current region between START and END with symmetric cipher."
  (let* ((args
	  (append '("--armor" "--symmetric")
		  (if pgg-text-mode '("--textmode"))))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-status process '("GOT_IT"))
    (process-send-region process start end)
    (process-send-eof process)
    (pgg-gpg-wait-for-process process)
    (pgg-process-when-success)))

(defun pgg-gpg-decrypt-region (start end &optional passphrase)
  "Decrypt the current region between START and END."
  (let* ((args '("--decrypt"))
	 (process (pgg-gpg-start-process args)))
    (process-send-region process start end)
    (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE"))
    (process-send-eof process)
    (pgg-gpg-wait-for-process process)
    (save-excursion
      (set-buffer pgg-errors-buffer)
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))

(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
  "Make detached signature from text between START and END."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args
	  (append (list (if cleartext "--clearsign" "--detach-sign")
			"--armor" "--verbose"
			"--local-user" pgg-gpg-user-id)
		  (if pgg-text-mode '("--textmode"))))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE"))
    (process-send-region process start end)
    (process-send-eof process)
    (pgg-gpg-wait-for-process process)
    (pgg-process-when-success)))

(defun pgg-gpg-verify-region (start end &optional signature)
  "Verify region between START and END as the detached signature SIGNATURE."
  (let ((args '("--verify"))
	process)
    (when (stringp signature)
      (setq args (append args (list signature))))
    (setq process (pgg-gpg-start-process (append args '("-"))))
    (process-send-region process start end)
    (pgg-gpg-wait-for-process process)
    (with-current-buffer pgg-errors-buffer
      (goto-char (point-min))
      (while (re-search-forward "^gpg: \\(.*\\)\n" nil t)
	(with-current-buffer pgg-output-buffer
	  (insert-buffer-substring pgg-errors-buffer
				   (match-beginning 1) (match-end 0)))
	(delete-region (match-beginning 0) (match-end 0)))
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))

(defun pgg-gpg-insert-key ()
  "Insert public key at point."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args (list "--export" "--armor"
		     pgg-gpg-user-id))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-process process)
    (insert-buffer-substring pgg-output-buffer)))

(defun pgg-gpg-snarf-keys-region (start end)
  "Add all public keys in region between START and END to the keyring."
  (let* ((args '("--import" "-"))
	 (process (pgg-gpg-start-process args))
	 status)
    (process-send-region process start end)
    (process-send-eof process)
    (pgg-gpg-wait-for-process process)
    (set-buffer pgg-errors-buffer)
    (goto-char (point-min))
    (when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
      (setq status (buffer-substring (match-end 0)
				     (progn (end-of-line)(point)))
	    status (vconcat (mapcar #'string-to-number (split-string status))))
      (erase-buffer)
      (insert (format "Imported %d key(s).
\tArmor contains %d key(s) [%d bad, %d old].\n"
		      (+ (aref status 2)
			 (aref status 10))
		      (aref status 0)
		      (aref status 1)
		      (+ (aref status 4)
			 (aref status 11)))
	      (if (zerop (aref status 9))
		  ""
		"\tSecret keys are imported.\n")))
    (append-to-buffer pgg-output-buffer (point-min)(point-max))
    (pgg-process-when-success)))

(provide 'pgg-gpg)

;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
;;; pgg-gpg.el ends here

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

[-- Attachment #4: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Simon Josefsson <jas@extundo.com> wrote:
>
>> Katsumi Yamaoka <yamaoka@jpl.org> writes:
>>
>>>>>>>> In <87irq6yrfo.fsf@latte.josefsson.org> Simon Josefsson wrote:
>>>
>>>> Katsumi Yamaoka <yamaoka@jpl.org> writes:
>>>
>>>>> Emacs 20, 21 and XEmacs complain to use of make-network-process
>>>>> which isn't available.  To solve the problem, we may want to
>>>>> introduce it as dns.el does.
>>>
>>>> Do those emacsen support socket processes?  If not, maybe we should
>>>> remove pgg-gpg-update-agent.
>>>
>>> Oops.  ISHIKAWA Mutsumi wrote (in Japanese) in
>>>
>>> http://lists.debian.or.jp/debian-devel/200502/msg00007.html
>>>
>>> that Emacs 21 doesn't support the communication passing the UNIX
>>> domain socket.  If we need to use it at all costs, we will have
>>> to use an external program which communicates with the agent
>>> process by way of the socket.
>>
>> I think it is too complicated.  It is simpler to remove the function.
>> Sascha, what do you think?  People who enable pgg-gpg-use-agent
>> manually might be expected to make sure the agent really is running.
>
> I would like to see pgg do the right think when ever it can -- could
> we keep it for emacs 22 and just not use it if its not available?  
>
> How about testing for the emacs version, or availability of
> make-network-process?
>
> I'll purpose a more compatible patch later -- but I don't have the
> time right now, sorry.

Given that this function probably won't be used at all if Daiki's idea
is implemented, I think we should remove the function for now.
Daiki's approach (if I understand it correctly) of not second-guessing
what parameters gpg will need is more reliable than this approach,
even if this approach would work fine on all emacsen.

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:
Date: Thu, 23 Mar 2006 12:00:22 +0100
In-Reply-To: <c1918aef-cbd3-4019-ba21-92940132533b@well-done.deisui.org>
	(Daiki Ueno's message of "Thu, 23 Mar 2006 19:40:08 +0900")
Message-ID: <87mzfhwhmh.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

> Hello,
>
>>>>>> In <e8632056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org>=20
>>>>>>	Daiki Ueno <ueno@unixuser.org> wrote:
>> > Right now, pgg assume that gpg will need a passphrase so it asks the
>> > user for one.  It may be better if pgg postpone the passphrase query
>> > until gpg tell pgg that it needs a passphrase.  Then it is only
>> > queried for when it is needed.  This should be more reliable, but
>> > slightly more complicated to implement (asynchronous code).
>
>> Anyway, I'll try to implement this.
>
> Could you please try the attached pgg-gpg.el?
>
> Please note, this patch is only for review, not meant to be committed now.

It just hangs, it seems gpg is waiting for input from stdin or
similar.  I don't have time to debug further, sorry.

Debugger entered--Lisp error: (quit)
  accept-process-output(#<process pgg-gpg> 1)
  (while (and (eq ... ...) pgg-gpg-pending-status-list) (accept-process-out=
put process 1))
  (save-current-buffer (set-buffer (process-buffer process)) (setq pgg-gpg-=
pending-status-list status-list) (while (and ... pgg-gpg-pending-status-lis=
t) (accept-process-output process 1)))
  (with-current-buffer (process-buffer process) (setq pgg-gpg-pending-statu=
s-list status-list) (while (and ... pgg-gpg-pending-status-list) (accept-pr=
ocess-output process 1)))
  pgg-gpg-wait-for-status(#<process pgg-gpg> ("GOOD_PASSPHRASE"))
  (let* ((pgg-gpg-user-id ...) (args ...) (process ...)) (pgg-gpg-wait-for-=
status process (quote ...)) (process-send-region process start end) (proces=
s-send-eof process) (pgg-gpg-wait-for-process process) (pgg-process-when-su=
ccess))
  pgg-gpg-sign-region(1 1790 nil nil)
  funcall(pgg-gpg-sign-region 1 1790 nil nil)
  apply(funcall pgg-gpg-sign-region (1 1790 nil nil))
  pgg-invoke("sign-region" gpg 1 1790 nil nil)
  pgg-sign-region(1 1790)
  mml2015-pgg-sign((part (sign . "pgpmime") (tag-location . 1743) (contents=
 . "Daiki Ueno <ueno@unixuser.org> writes:\n\n> Hello,\n>\n>>>>>> In <e8632=
056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> \n>>>>>>	Daiki Ueno <=
ueno@unixuser.org> wrote:\n>> > Right now, pgg assume that gpg will need a =
passphrase so it asks the\n>> > user for one.  It may be better if pgg post=
pone the passphrase query\n>> > until gpg tell pgg that it needs a passphra=
se.  Then it is only\n>> > queried for when it is needed.  This should be m=
ore reliable, but\n>> > slightly more complicated to implement (asynchronou=
s code).\n>\n>> Anyway, I'll try to implement this.\n>\n> Could you please =
try the attached pgg-gpg.el?\n>\n> Please note, this patch is only for revi=
ew, not meant to be committed now.\n\nIt just\n\ngpg: NOTE: signature key 5=
C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 10184339=
46\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: NOTE: signa=
ture key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRE=
D 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: N=
OTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:]=
 KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-inste=
ad\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST=
\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexp=
ired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06=
 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-=
use-keyexpired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 1=
0 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED d=
eprecated-use-keyexpired-instead\ngpg: using subkey AABB1F7B instead of pri=
mary key B565716F\ngpg: writing to `/tmp/pgg-output6523Lpl'\n")))
  mml2015-sign((part (sign . "pgpmime") (tag-location . 1743) (contents . "=
Daiki Ueno <ueno@unixuser.org> writes:\n\n> Hello,\n>\n>>>>>> In <e8632056-=
d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> \n>>>>>>	Daiki Ueno <ueno=
@unixuser.org> wrote:\n>> > Right now, pgg assume that gpg will need a pass=
phrase so it asks the\n>> > user for one.  It may be better if pgg postpone=
 the passphrase query\n>> > until gpg tell pgg that it needs a passphrase. =
 Then it is only\n>> > queried for when it is needed.  This should be more =
reliable, but\n>> > slightly more complicated to implement (asynchronous co=
de).\n>\n>> Anyway, I'll try to implement this.\n>\n> Could you please try =
the attached pgg-gpg.el?\n>\n> Please note, this patch is only for review, =
not meant to be committed now.\n\nIt just\n\ngpg: NOTE: signature key 5C980=
097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n=
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: NOTE: signature=
 key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 10=
18433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: NOTE:=
 signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEY=
EXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\n=
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[G=
NUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired=
-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 200=
2 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-=
keyexpired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12=
:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED depre=
cated-use-keyexpired-instead\ngpg: using subkey AABB1F7B instead of primary=
 key B565716F\ngpg: writing to `/tmp/pgg-output6523Lpl'\n")))
  mml-pgpmime-sign-buffer((part (sign . "pgpmime") (tag-location . 1743) (c=
ontents . "Daiki Ueno <ueno@unixuser.org> writes:\n\n> Hello,\n>\n>>>>>> In=
 <e8632056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> \n>>>>>>	Daiki=
 Ueno <ueno@unixuser.org> wrote:\n>> > Right now, pgg assume that gpg will =
need a passphrase so it asks the\n>> > user for one.  It may be better if p=
gg postpone the passphrase query\n>> > until gpg tell pgg that it needs a p=
assphrase.  Then it is only\n>> > queried for when it is needed.  This shou=
ld be more reliable, but\n>> > slightly more complicated to implement (asyn=
chronous code).\n>\n>> Anyway, I'll try to implement this.\n>\n> Could you =
please try the attached pgg-gpg.el?\n>\n> Please note, this patch is only f=
or review, not meant to be committed now.\n\nIt just\n\ngpg: NOTE: signatur=
e key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1=
018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: NOTE=
: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KE=
YEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\=
ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[=
GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpire=
d-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 20=
02 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use=
-keyexpired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 1=
2:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED depr=
ecated-use-keyexpired-instead\ngpg: NOTE: signature key 5C980097 expired We=
d Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEX=
PIRED deprecated-use-keyexpired-instead\ngpg: using subkey AABB1F7B instead=
 of primary key B565716F\ngpg: writing to `/tmp/pgg-output6523Lpl'\n")))
  mml-generate-mime-1((part (sign . "pgpmime") (tag-location . 1743) (conte=
nts . "Daiki Ueno <ueno@unixuser.org> writes:\n\n> Hello,\n>\n>>>>>> In <e8=
632056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> \n>>>>>>	Daiki Uen=
o <ueno@unixuser.org> wrote:\n>> > Right now, pgg assume that gpg will need=
 a passphrase so it asks the\n>> > user for one.  It may be better if pgg p=
ostpone the passphrase query\n>> > until gpg tell pgg that it needs a passp=
hrase.  Then it is only\n>> > queried for when it is needed.  This should b=
e more reliable, but\n>> > slightly more complicated to implement (asynchro=
nous code).\n>\n>> Anyway, I'll try to implement this.\n>\n> Could you plea=
se try the attached pgg-gpg.el?\n>\n> Please note, this patch is only for r=
eview, not meant to be committed now.\n\nIt just\n\ngpg: NOTE: signature ke=
y 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 10184=
33946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg: NOTE: si=
gnature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXP=
IRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead\ngpg=
: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST\n[GNUP=
G:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-in=
stead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 C=
EST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecated-use-key=
expired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19=
:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRED deprecat=
ed-use-keyexpired-instead\ngpg: NOTE: signature key 5C980097 expired Wed Ap=
r 10 12:19:06 2002 CEST\n[GNUPG:] KEYEXPIRED 1018433946\n[GNUPG:] SIGEXPIRE=
D deprecated-use-keyexpired-instead\ngpg: using subkey AABB1F7B instead of =
primary key B565716F\ngpg: writing to `/tmp/pgg-output6523Lpl'\n")))
  mml-generate-mime()
  message-encode-message-body()
  mml-to-mime()
  mml-preview((4))
  call-interactively(mml-preview)

The *pgg-gpg-debug* buffer contains:

gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
[GNUPG:] KEYEXPIRED 1018433946
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: using subkey AABB1F7B instead of primary key B565716F
gpg: writing to `/tmp/pgg-output6523Lpl'

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Reinar, I think pgg is ready for v5-10 now.  I am sorry for all these
rapid changes.

Simon Josefsson <jas@extundo.com> writes:

>>> I think it is too complicated.  It is simpler to remove the function.
>>> Sascha, what do you think?  People who enable pgg-gpg-use-agent
>>> manually might be expected to make sure the agent really is running.
>>
>> I would like to see pgg do the right think when ever it can -- could
>> we keep it for emacs 22 and just not use it if its not available?  
>>
>> How about testing for the emacs version, or availability of
>> make-network-process?
>>
>> I'll purpose a more compatible patch later -- but I don't have the
>> time right now, sorry.
>
> Given that this function probably won't be used at all if Daiki's idea
> is implemented, I think we should remove the function for now.
> Daiki's approach (if I understand it correctly) of not second-guessing
> what parameters gpg will need is more reliable than this approach,
> even if this approach would work fine on all emacsen.

I removed the function.  The end result is this:

1) People who don't use the agent don't have to do anything, this is
   as before.

2) People who use the agent must enable pgg-gpg-use-agent manually.
   This is better than before, because the agent didn't work at all
   with pgg then.

3) People who use the agent must make sure the agent is still running
   (or disable the variable temporarily, or re-start the agent and
   fixing the environment variable using M-x setenv).

If/when Daiki's idea (as I understand it) is implemented, the end
result will be:

*) Pgg will invoke gpg and then figure out whether a passphrase is
   needed and only at that point query for it.  This will work
   regardless of whether the agent is used, whether a passphrase is
   required or not, or whether a pin code is required.  The user
   doesn't have to fiddle with any variable.

/Simon

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Simon Josefsson <jas@extundo.com> writes:

> I removed the function.  The end result is this:

To clarify: I removed it in v5-10 only.  For Emacs CVS, Sascha's patch
work fine so it can stay (although perhaps should be removed there
too, to simplify syncing?).  For Gnus CVS trunk, I don't know whether
it works or not (does it work on the XEmacs version Gnus CVS
require?).

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <jas@extundo.com> wrote:

[pgg-gpg-update-agent won't work on pre 22 emacsen]

>> Given that this function probably won't be used at all if Daiki's idea
>> is implemented, I think we should remove the function for now.
>> Daiki's approach (if I understand it correctly) of not second-guessing
>> what parameters gpg will need is more reliable than this approach,
>> even if this approach would work fine on all emacsen.
>
> I removed the function.  The end result is this:
>
> 1) People who don't use the agent don't have to do anything, this is
>    as before.
>
> 2) People who use the agent must enable pgg-gpg-use-agent manually.
>    This is better than before, because the agent didn't work at all
>    with pgg then.
>
> 3) People who use the agent must make sure the agent is still running
>    (or disable the variable temporarily, or re-start the agent and
>    fixing the environment variable using M-x setenv).

Could you please leave it in the GNU Emacs CVS, where it actually
works as intended?

> If/when Daiki's idea (as I understand it) is implemented, the end
> result will be:
>
> *) Pgg will invoke gpg and then figure out whether a passphrase is
>    needed and only at that point query for it.  This will work
>    regardless of whether the agent is used, whether a passphrase is
>    required or not, or whether a pin code is required.  The user
>    doesn't have to fiddle with any variable.

I don't think so.  While I'm sure, that Daiki's idea -- once it
works -- will handle certain situations better than mine, there will
still be the need for an variable enabling the user to turn of any use
of the agent.

Here is an example[0] from my own experience:

- A user logs in on machine 'A' and starts the gpg-agent.
- He leaves the machine, but stays logged in...
- Now he uses machine 'B' to log in on machine 'A':
  the environment is setup to use the already running gpg-agent
  (automatically, in an login script)
- He starts Emacs/Gnus and tries to sign, decrypt whatever...
- The agent runs and is working, everything seems fine, but the user
  isn't queried for the passphrase ... what happened?
- The User _is_ actually queried, but the pinentry program is started
  on the X11 Display or tty of machine 'A'.

I think this is a design problem of the gpg-agent.  And yes, there are
several ways to circumvent this problem, but I think it would be very
convenient, if I could tell pgg to just ignore any agent and ask for
the passphrase.

Even gpg itself doesn't use an available agent automatically, but only
when it's asked to (by setting --use-agent) and I think this is a good
decision.

cheers
sascha

[0] actually, the simple example of emacs running an a text console
    which I used before, was totally wrong -- it works just fine as I
    tested a few minutes ago...  :-)
-- 
Sascha Wilde
Wer HTML postet oder gepostetes HTML quotet oder sich gepostetes oder
gequotetes HTML beschafft, um es in Verkehr zu bringen, wird geplonkt.

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

>>>>> In <87lkv1whmh.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> > Could you please try the attached pgg-gpg.el?
> >
> > Please note, this patch is only for review, not meant to be committed now.

> It just hangs, it seems gpg is waiting for input from stdin or
> similar.  I don't have time to debug further, sorry.

Sorry.  Could you tell me what version of GnuPG you are using?
I'm testing against "gnupg" and "gnupg-agent" package in Debian sid,
i.e.

$ gpg --version
gpg (GnuPG) 1.4.2.2
$ gpg-agent --version
gpg-agent (GnuPG) 1.9.20

> The *pgg-gpg-debug* buffer contains:

> gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
> [GNUPG:] KEYEXPIRED 1018433946
> [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead

The *pgg-gpg-debug* buffer looks like this:

[GNUPG:] USERID_HINT A5B6B2D4B15813FE Daiki Ueno <ueno@unixuser.org>
[GNUPG:] NEED_PASSPHRASE A5B6B2D4B15813FE A5B6B2D4B15813FE 17 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
gpg: writing to `/tmp/pgg-output11169j3s'
gpg: DSA/SHA1 signature from: "B15813FE Daiki Ueno <ueno@unixuser.org>"
[GNUPG:] SIG_CREATED D 17 2 00 1143115847 80037CD00F1A940003CA50AAA5B6B2D4B15813FE

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Reiner Steib]

On Thu, Mar 23 2006, Simon Josefsson wrote:

> To clarify: I removed it in v5-10 only.  For Emacs CVS, Sascha's patch
> work fine so it can stay (although perhaps should be removed there
> too, to simplify syncing?).

It would be very much preferable to have the same code at least in
Emacs CVS and Gnus v5-10 branch.  (-> Cc-ing Miles.)

> For Gnus CVS trunk, I don't know whether it works or not (does it
> work on the XEmacs version Gnus CVS require?).

Given that Emacs 21 and XEmacs also complain (see Katsumi's message
<news:b4m3bha6kon.fsf@jpl.org>), we also need a fix for the Gnus
trunk.

Couldn't we let `pgg-gpg-update-agent' simply return `t' if
`make-network-process' isn't available?  (Or check for
`make-network-process' directly in `pgg-gpg-use-agent-p'?)

(defun pgg-gpg-update-agent ()
  "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
  (if (fboundp 'make-network-process)
      (let* ((agent-info (getenv "GPG_AGENT_INFO")) 
	     (socket (and agent-info
			  (string-match "^\\([^:]*\\)" agent-info)
			  (match-string 1 agent-info)))
	     (conn (and socket
			(make-network-process :name "gpg-agent-process"
					      :host 'local :family 'local
					      :service socket))))
	(when (and conn (eq (process-status conn) 'open))
	  (process-send-string conn "UPDATESTARTUPTTY\n")
	  (delete-process conn)
	  t))
    ;; We can't check, so assume gpg-agent is up.
    t))

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:
>>>>>> In <e8632056-d7b7-4ed6-91d6-7d9089c82f94@well-done.deisui.org> 
>>>>>>	Daiki Ueno <ueno@unixuser.org> wrote:
>> > Right now, pgg assume that gpg will need a passphrase so it asks the
>> > user for one.  It may be better if pgg postpone the passphrase query
>> > until gpg tell pgg that it needs a passphrase.  Then it is only
>> > queried for when it is needed.  This should be more reliable, but
>> > slightly more complicated to implement (asynchronous code).
>
>> Anyway, I'll try to implement this.

Hello Daiki,

In a first, very quick test your code doesn't work for me (the agent
asks for the passphrase but decryption fails.

But after having a look at the status output from --status-fd with
--use-agent and --no-use-agent I'm starting to doubt that your idea
can work at all.  The status output is in both cases identical...  :-(

Hopefully I'm missing something.

I'm using 
gpg (GnuPG) 1.4.2.2
and
gpg-agent (GnuPG) 1.9.20

cheers 
sascha
-- 
Sascha Wilde : VI is to EMACS as masturbation is to making love:
             : effective and always available but probably not your
             : first choice...

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Could you please leave it in the GNU Emacs CVS, where it actually
> works as intended?

Yep, done.  It complicate syncing a bit, though.

>> If/when Daiki's idea (as I understand it) is implemented, the end
>> result will be:
>>
>> *) Pgg will invoke gpg and then figure out whether a passphrase is
>>    needed and only at that point query for it.  This will work
>>    regardless of whether the agent is used, whether a passphrase is
>>    required or not, or whether a pin code is required.  The user
>>    doesn't have to fiddle with any variable.
>
> I don't think so.  While I'm sure, that Daiki's idea -- once it
> works -- will handle certain situations better than mine, there will
> still be the need for an variable enabling the user to turn of any use
> of the agent.
>
> Here is an example[0] from my own experience:
>
> - A user logs in on machine 'A' and starts the gpg-agent.
> - He leaves the machine, but stays logged in...
> - Now he uses machine 'B' to log in on machine 'A':
>   the environment is setup to use the already running gpg-agent
>   (automatically, in an login script)
> - He starts Emacs/Gnus and tries to sign, decrypt whatever...
> - The agent runs and is working, everything seems fine, but the user
>   isn't queried for the passphrase ... what happened?
> - The User _is_ actually queried, but the pinentry program is started
>   on the X11 Display or tty of machine 'A'.
>
> I think this is a design problem of the gpg-agent.  And yes, there are
> several ways to circumvent this problem, but I think it would be very
> convenient, if I could tell pgg to just ignore any agent and ask for
> the passphrase.

This example seems strange.  How would the user's second session get
the GPG_AGENT_INFO environment variable that points to the gpg-agent
running in the user's first session?  Without that, I don't think it
will work as you describe.  I think the user should start another
gpg-agent for his new session.

I'm not sure I see any disadvantage (except code complexity) with
Daiki's approach.  Maybe you can expand on the above, or think of more
problems, and we can see whether maybe we should use some other
approach.  Perhaps move that discussion to the ding list only.

Daiki's approach is also arguable more correct if you don't have a
passphrase at all.  The Gnus query for a passphrase would be quite
confusing in that case.

> Even gpg itself doesn't use an available agent automatically, but only
> when it's asked to (by setting --use-agent) and I think this is a good
> decision.

I have 'use-agent' in my gpg.conf.  If the agent isn't available, gpg
will fall back to querying to user interactively.  That seem to give
the best user experience for gpg, so I think we should support it.

Further, if you use a smartcard (like an OpenPGP card), it seems you
_must_ use the agent for things to work at all.  (I can't get gpg to
sign anything using my smartcard if I disable the agent.)

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Reiner Steib <reinersteib+gmane@imap.cc> wrote:

> Couldn't we let `pgg-gpg-update-agent' simply return `t' if
> `make-network-process' isn't available?  (Or check for
> `make-network-process' directly in `pgg-gpg-use-agent-p'?)

That's what I had in mind, so I like it...  ;-)

cheers
sascha
-- 
Sascha Wilde
To become a Jedi, use Emacs you have to.

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

> $ gpg --version
> gpg (GnuPG) 1.4.2.2
> $ gpg-agent --version
> gpg-agent (GnuPG) 1.9.20

Same here, from Debian testing.

>> The *pgg-gpg-debug* buffer contains:
>
>> gpg: NOTE: signature key 5C980097 expired Wed Apr 10 12:19:06 2002 CEST
>> [GNUPG:] KEYEXPIRED 1018433946
>> [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
>
> The *pgg-gpg-debug* buffer looks like this:
>
> [GNUPG:] USERID_HINT A5B6B2D4B15813FE Daiki Ueno <ueno@unixuser.org>
> [GNUPG:] NEED_PASSPHRASE A5B6B2D4B15813FE A5B6B2D4B15813FE 17 0
> [GNUPG:] GET_HIDDEN passphrase.enter
> [GNUPG:] GOT_IT
> [GNUPG:] GOOD_PASSPHRASE
> gpg: writing to `/tmp/pgg-output11169j3s'
> gpg: DSA/SHA1 signature from: "B15813FE Daiki Ueno <ueno@unixuser.org>"
> [GNUPG:] SIG_CREATED D 17 2 00 1143115847 80037CD00F1A940003CA50AAA5B6B2D4B15813FE

Ok, I got your file to work for two cases:

1) gpg-agent with normal secret key

2) no gpg-agent with normal secret key

but not with

3) gpg-agent with secret on smart card

With the stuff in CVS, all three work, but I have to toggle
pgg-gpg-use-agent manually.

Your code has a better query too (since it know which key gpg actually
wants), and it may improve passphrase caching too.  Very nice!

Maybe you can finish this code, and I can debug why it doesn't work
for a smartcard separately.  It is probably not an important feature.

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>
>> Couldn't we let `pgg-gpg-update-agent' simply return `t' if
>> `make-network-process' isn't available?  (Or check for
>> `make-network-process' directly in `pgg-gpg-use-agent-p'?)
>
> That's what I had in mind, so I like it...  ;-)

Yes, this sounds like a good idea, and then we can have all code in
sync again (except the password.el stuff of course...).

I'll install this modification now.

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

Hello,

>>>>> In <m2pskds4q7.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> Daiki Ueno <ueno@unixuser.org> wrote:
> But after having a look at the status output from --status-fd with
> --use-agent and --no-use-agent I'm starting to doubt that your idea
> can work at all.  The status output is in both cases identical...  :-(

> Hopefully I'm missing something.

I guess that you missed to specify --command-fd 0.  If it is specified,
you will get "GET_HIDDEN passphrase.enter" in the latter case:

$ gpg --decrypt --armor --status-fd 1 --command-fd 0 --use-agent test.txt.asc
gpg: CAST5 encrypted data
[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
(gpg spawns pinentry)

$ gpg --decrypt --armor --status-fd 1 --command-fd 0 --no-use-agent test.txt.asc
gpg: CAST5 encrypted data
[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
[GNUPG:] GET_HIDDEN passphrase.enter

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

> Hello,
>
>>>>>> In <m2pskds4q7.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> Daiki Ueno <ueno@unixuser.org> wrote:
>> But after having a look at the status output from --status-fd with
>> --use-agent and --no-use-agent I'm starting to doubt that your idea
>> can work at all.  The status output is in both cases identical...  :-(
>
>> Hopefully I'm missing something.
>
> I guess that you missed to specify --command-fd 0.  If it is specified,
> you will get "GET_HIDDEN passphrase.enter" in the latter case:

Ah, I see.  Thanks for the explaining.

sascha
-- 
Sascha Wilde
begin  LOVE-OUTLOOK-LETTER.txt.vbs
I am a beasty signature virus. Distribute me!
end

Re: Small patch to enable use of gpg-agent with pgg

[Miles Bader]

Sascha Wilde <wilde@sha-bang.de> writes:
> Even gpg itself doesn't use an available agent automatically, but only
> when it's asked to (by setting --use-agent) and I think this is a good
> decision.

You can enable it globally with the "use-agent" option in the
~/.gnupg/gpg.conf file -- and I expect many people do this, as it's just
too huge a pain in the ass otherwise.

-miles
-- 
Any man who is a triangle, has thee right, when in Cartesian Space, to
have angles, which when summed, come to know more, nor no less, than
nine score degrees, should he so wish.  [TEMPLE OV THEE LEMUR]

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

>>>>> In <87d5gd2ts1.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> Ok, I got your file to work for two cases:

> 1) gpg-agent with normal secret key

> 2) no gpg-agent with normal secret key

> but not with

> 3) gpg-agent with secret on smart card

Thanks for testing.

> Maybe you can finish this code, and I can debug why it doesn't work
> for a smartcard separately.  It is probably not an important feature.

The new code mostly finished.  Could you send me some examples of status
fd output in case 3?

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 642 bytes --]

>>>>> In <b4edf9b5-2663-4d5c-981e-ddabca619ad6@well-done.deisui.org> 
>>>>>	Daiki Ueno <ueno@unixuser.org> wrote:
> > Maybe you can finish this code, and I can debug why it doesn't work
> > for a smartcard separately.  It is probably not an important feature.

> The new code mostly finished.

Ok, the attached file is (hopefully) the final version of the new code.
Differences from the previous one are:

- Passphrase caching now works again.
- pgg-gpg-use-agent is abolished.  Add "use-agent" to ~/.gnupg/gpg.conf
  if you want to enable use of gpg-agent, as Miles said.
- Tested with typical cases.  I also attach some test cases I used.


[-- Attachment #2: pgg-gpg.el --]
[-- Type: application/octet-stream, Size: 11785 bytes --]

;;; pgg-gpg.el --- GnuPG support for PGG.

;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
;;   2005, 2006 Free Software Foundation, Inc.

;; Author: Daiki Ueno <ueno@unixuser.org>
;; Symmetric encryption and gpg-agent support added by: 
;;   Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 2, or (at your option)
;; any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Code:

(eval-when-compile
  (require 'pgg))

(defgroup pgg-gpg ()
  "GnuPG interface."
  :group 'pgg)

(defcustom pgg-gpg-program "gpg"
  "The GnuPG executable."
  :group 'pgg-gpg
  :type 'string)

(defcustom pgg-gpg-extra-args nil
  "Extra arguments for every GnuPG invocation."
  :group 'pgg-gpg
  :type '(repeat (string :tag "Argument")))

(defcustom pgg-gpg-recipient-argument "--recipient"
  "GnuPG option to specify recipient."
  :group 'pgg-gpg
  :type '(choice (const :tag "New `--recipient' option" "--recipient")
		 (const :tag "Old `--remote-user' option" "--remote-user")))

(defvar pgg-gpg-user-id nil
  "GnuPG ID of your default identity.")

(defvar pgg-gpg-user-id-alist nil
  "An alist mapping from key ID to user ID.")

(defvar pgg-gpg-read-point nil)
(defvar pgg-gpg-output-file-name nil)
(defvar pgg-gpg-pending-status-list nil)
(defvar pgg-gpg-key-id nil)
(defvar pgg-gpg-passphrase nil)
(defvar pgg-gpg-debug nil)

(defun pgg-gpg-start-process (args)
  (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
	 (args
	  (append (list "--no-tty"
			"--status-fd" "1"
			"--command-fd" "0"
			"--yes" ; overwrite
			"--output" output-file-name)
		  pgg-gpg-extra-args
		  args))
	 (coding-system-for-write 'binary)
	 (process-connection-type nil)
	 (orig-mode (default-file-modes))
	 default-enable-multibyte-characters
	 (buffer (generate-new-buffer " *pgg-gpg*"))
	 process)
    (with-current-buffer buffer
      (make-local-variable 'pgg-gpg-read-point)
      (setq pgg-gpg-read-point (point-min))
      (make-local-variable 'pgg-gpg-output-file-name)
      (setq pgg-gpg-output-file-name output-file-name)
      (make-local-variable 'pgg-gpg-pending-status-list)
      (setq pgg-gpg-pending-status-list nil)
      (make-local-variable 'pgg-gpg-key-id)
      (setq pgg-gpg-key-id nil)
      (make-local-variable 'pgg-gpg-passphrase)
      (setq pgg-gpg-passphrase nil))
    (unwind-protect
	(progn
	  (set-default-file-modes 448)
	  (setq process
		(apply #'start-process "pgg-gpg" buffer pgg-gpg-program args)))
      (set-default-file-modes orig-mode))
    (set-process-filter process #'pgg-gpg-process-filter)
    (set-process-sentinel process #'pgg-gpg-process-sentinel)
    process))

(defun pgg-gpg-process-filter (process input)
  (save-excursion
    (if pgg-gpg-debug
	(save-excursion
	  (set-buffer (get-buffer-create  " *pgg-gpg-debug*"))
	  (goto-char (point-max))
	  (insert input)))
    (set-buffer (process-buffer process))
    (goto-char (point-max))
    (insert input)
    (goto-char pgg-gpg-read-point)
    (beginning-of-line)
    (while (looking-at ".*\n")		;the input line is finished
      (save-excursion
	(if (looking-at "\\[GNUPG:] \\([A-Z_]+\\)\\>.*")
	    (let* ((status (match-string 1))
		   (symbol (intern-soft (concat "pgg-gpg-status-" status)))
		   (entry (member status pgg-gpg-pending-status-list)))
	      (if entry
		  (setq pgg-gpg-pending-status-list
			(delq (car entry)
			      pgg-gpg-pending-status-list)))
	      (if (and symbol
		       (fboundp symbol))
		  (funcall symbol process (buffer-substring (match-beginning 1)
							    (match-end 0)))))))
      (forward-line))
    (setq pgg-gpg-read-point (point))))

(defun pgg-gpg-process-sentinel (process status)
  (set-process-filter process nil)
  (save-excursion
    ;; Copy the contents of process-buffer to pgg-errors-buffer.
    (set-buffer (get-buffer-create pgg-errors-buffer))
    (buffer-disable-undo)
    (erase-buffer)
    (when (buffer-live-p (process-buffer process))
      (insert-buffer-substring (process-buffer process))
      (goto-char (point-min))
      (delete-matching-lines "^\\[GNUPG:] ")
      (goto-char (point-min))
      (while (re-search-forward "^gpg: " nil t)
	(replace-match "")))
    ;; Read the contents of the output file to pgg-output-buffer.
    (set-buffer (get-buffer-create pgg-output-buffer))
    (buffer-disable-undo)
    (erase-buffer)
    (if (and (equal status "finished\n")
	     (buffer-live-p (process-buffer process)))
	(let ((output-file-name (with-current-buffer (process-buffer process)
				  pgg-gpg-output-file-name)))
	  (when (file-exists-p output-file-name)
	    (let ((coding-system-for-read (if pgg-text-mode
					      'raw-text
					    'binary)))
	      (insert-file-contents output-file-name))
	    (delete-file output-file-name))))))

(defun pgg-gpg-wait-for-status (process status-list)
  (with-current-buffer (process-buffer process)
    (setq pgg-gpg-pending-status-list status-list)
    (while (and (eq (process-status process) 'run)
		pgg-gpg-pending-status-list)
      (accept-process-output process 1))))

(defun pgg-gpg-wait-for-completion (process &optional status-list)
  (process-send-eof process)
  (while (eq (process-status process) 'run)
    (sit-for 0.1))
  (save-excursion
    (set-buffer (process-buffer process))
    (setq status-list (copy-sequence status-list))
    (let ((pointer status-list))
      (while pointer
	(goto-char (point-min))
	(unless (re-search-forward
		 (concat "^\\[GNUPG:] " (car pointer) "\\>")
		 nil t)
	  (setq status-list (delq (car pointer) status-list)))
	(setq pointer (cdr pointer))))
    (kill-buffer (process-buffer process))
    status-list))

(defun pgg-gpg-status-USERID_HINT (process line)
  (if (string-match "\\`USERID_HINT \\([^ ]+\\) \\(.*\\)" line)
      (let* ((key-id (match-string 1 line))
	     (user-id (match-string 2 line))
	     (entry (assoc key-id pgg-gpg-user-id-alist)))
	(if entry
	    (setcdr entry user-id)
	  (setq pgg-gpg-user-id-alist (cons (cons key-id user-id)
					    pgg-gpg-user-id-alist))))))

(defun pgg-gpg-status-NEED_PASSPHRASE (process line)
  (if (string-match "\\`NEED_PASSPHRASE \\([^ ]+\\)" line)
      (setq pgg-gpg-key-id (match-string 1 line))))

(defun pgg-gpg-status-NEED_PASSPHRASE_SYM (process line)
  (setq pgg-gpg-key-id 'SYM))

(defun pgg-gpg-status-NEED_PASSPHRASE_PIN (process line)
  (setq pgg-gpg-key-id 'PIN))

(defun pgg-gpg-status-GET_HIDDEN (process line)
  (let ((entry (assoc pgg-gpg-key-id pgg-gpg-user-id-alist)))
    (if (setq pgg-gpg-passphrase
	      (if (eq pgg-gpg-key-id 'SYM)
		  (pgg-read-passphrase
		   "GnuPG passphrase for symmetric encryption: ")
		(pgg-read-passphrase
		 (format "GnuPG passphrase for %s: "
			 (if entry
			     (cdr entry)
			   pgg-gpg-key-id))
		 (if (eq pgg-gpg-key-id 'PIN)
		     "PIN"
		   pgg-gpg-key-id))))
	(process-send-string process (concat pgg-gpg-passphrase "\n")))))

(defun pgg-gpg-status-GOOD_PASSPHRASE (process line)
  (when (and pgg-gpg-passphrase
	     (stringp pgg-gpg-key-id))
    (pgg-add-passphrase-to-cache pgg-gpg-key-id pgg-gpg-passphrase)
    (setq pgg-gpg-passphrase nil)))

(defun pgg-gpg-status-BAD_PASSPHRASE (process line)
  (when pgg-gpg-passphrase
    (fillarray pgg-gpg-passphrase 0)
    (setq pgg-gpg-passphrase nil)))

(defun pgg-gpg-lookup-key (string &optional type)
  "Search keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if type "--list-secret-keys" "--list-keys")
		    string)))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)"
			     nil t)
	  (substring (match-string 2) 8)))))

(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
  "Encrypt the current region between START and END.

If optional argument SIGN is non-nil, do a combined sign and encrypt."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args
	  (append
	   '("--armor" "--always-trust" "--encrypt")
	   (if pgg-text-mode '("--textmode"))
	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
	   (if recipients
	       (apply #'nconc
		      (mapcar (lambda (rcpt)
				(list pgg-gpg-recipient-argument rcpt))
			      (append recipients
				      (if pgg-encrypt-for-me
					  (list pgg-gpg-user-id))))))))
	 (process (pgg-gpg-start-process args)))
    (if sign
	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
    (process-send-region process start end)
    (pgg-gpg-wait-for-completion process '("SIG_CREATED" "END_ENCRYPTION"))))

(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
  "Encrypt the current region between START and END with symmetric cipher."
  (let* ((args
	  (append '("--armor" "--symmetric")
		  (if pgg-text-mode '("--textmode"))))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-status process '("BEGIN_ENCRYPTION"))
    (process-send-region process start end)
    (pgg-gpg-wait-for-completion process '("END_ENCRYPTION"))))

(defun pgg-gpg-decrypt-region (start end &optional passphrase)
  "Decrypt the current region between START and END."
  (let* ((args '("--decrypt"))
	 (process (pgg-gpg-start-process args)))
    (process-send-region process start end)
    (pgg-gpg-wait-for-status process '("BEGIN_DECRYPTION"))
    (pgg-gpg-wait-for-completion process '("GOODSIG" "DECRYPTION_OKAY"))))

(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
  "Make detached signature from text between START and END."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args
	  (append (list (if cleartext "--clearsign" "--detach-sign")
			"--armor" "--verbose"
			"--local-user" pgg-gpg-user-id)
		  (if pgg-text-mode '("--textmode"))))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE"))
    (process-send-region process start end)
    (pgg-gpg-wait-for-completion process '("SIG_CREATED"))))

(defun pgg-gpg-verify-region (start end &optional signature)
  "Verify region between START and END as the detached signature SIGNATURE."
  (let ((args '("--verify"))
	process)
    (when (stringp signature)
      (setq args (append args (list signature))))
    (setq process (pgg-gpg-start-process (append args '("-"))))
    (process-send-region process start end)
    (pgg-gpg-wait-for-completion process '("GOODSIG"))))

(defun pgg-gpg-insert-key ()
  "Insert public key at point."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args (list "--export" "--armor"
		     pgg-gpg-user-id))
	 (process (pgg-gpg-start-process args)))
    (pgg-gpg-wait-for-completion process)
    (insert-buffer-substring pgg-output-buffer)))

(defun pgg-gpg-snarf-keys-region (start end)
  "Add all public keys in region between START and END to the keyring."
  (let* ((args '("--import" "-"))
	 (process (pgg-gpg-start-process args))
	 status)
    (process-send-region process start end)
    (pgg-gpg-wait-for-completion process '("IMPORT_RES"))))

(provide 'pgg-gpg)

;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
;;; pgg-gpg.el ends here

[-- Attachment #3: Type: text/plain, Size: 1 bytes --]



[-- Attachment #4: test-pgg-gpg.el --]
[-- Type: application/octet-stream, Size: 972 bytes --]

(require 'pgg)
(require 'pgg-gpg)

(with-temp-buffer
  (insert "00000")
  (pgg-gpg-sign-region (point-min) (point-max) t)
  (save-excursion
    (set-buffer pgg-output-buffer)
    (pgg-gpg-verify-region (point-min) (point-max))))
;; ("GOODSIG")

(with-temp-buffer
  (insert "00000")
  (pgg-gpg-encrypt-region (point-min) (point-max) '("ueno@unixuser.org"))
  (save-excursion
    (set-buffer pgg-output-buffer)
    (pgg-gpg-decrypt-region (point-min) (point-max))))
;; ("DECRYPTION_OKAY")

(with-temp-buffer
  (insert "00000")
  (pgg-gpg-encrypt-region (point-min) (point-max) '("ueno@unixuser.org") t)
  (save-excursion
    (set-buffer pgg-output-buffer)
    (pgg-gpg-decrypt-region (point-min) (point-max))))
;; ("GOODSIG" "DECRYPTION_OKAY")

(with-temp-buffer
  (insert "00000")
  (pgg-gpg-encrypt-symmetric-region (point-min) (point-max))
  (save-excursion
    (set-buffer pgg-output-buffer)
    (pgg-gpg-decrypt-region (point-min) (point-max))))
;; ("DECRYPTION_OKAY")

[-- Attachment #5: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

[-- Attachment #6: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <b4edf9b5-2663-4d5c-981e-ddabca619ad6@well-done.deisui.org> 
>>>>>>	Daiki Ueno <ueno@unixuser.org> wrote:
>> > Maybe you can finish this code, and I can debug why it doesn't work
>> > for a smartcard separately.  It is probably not an important feature.
>
>> The new code mostly finished.
>
> Ok, the attached file is (hopefully) the final version of the new code.
> Differences from the previous one are:
>
> - Passphrase caching now works again.
> - pgg-gpg-use-agent is abolished.  Add "use-agent" to ~/.gnupg/gpg.conf
>   if you want to enable use of gpg-agent, as Miles said.
> - Tested with typical cases.  I also attach some test cases I used.

This works fine except for used with a smartcard.  The current version
works with a smartcard (when you enable pgg-gpg-use-agent), so I think
that should be fixed.

I debugged this, and it seems invoking gpg using the smartcard will
not print any useful [GNUPG:] statements:

/usr/bin/gpg --no-tty --status-fd 1 --command-fd 0 --yes --output /tmp/pgg-output29825FPB --detach-sign --armor --verbose --local-user jas --textmode
...
gpg: using subkey AABB1F7B instead of primary key B565716F
gpg: writing to `/tmp/pgg-output29825FPB'

Then it waits for input.  PGG infloop waiting for GOOD_PASSPHRASE
here.  I think it should wait for 'gpg: writing to' instead, it is the
last printed statement for both smartcard and non-smartcard cases, and
it seem to be printed when gpg is ready to accept input.

For references, here is the non-smartcard case:

jas@latte:~$ /usr/bin/gpg --no-tty --status-fd 1 --command-fd 0 --yes --output /tmp/pgg-output29825FPB --detach-sign --armor --verbose --local-user b565716f! --textmode
[GNUPG:] USERID_HINT EDA21E94B565716F Simon Josefsson <simon@josefsson.org>
[GNUPG:] NEED_PASSPHRASE EDA21E94B565716F EDA21E94B565716F 1 0
<<<hangs here until i type password to the agent>>>
[GNUPG:] GOOD_PASSPHRASE
gpg: writing to `/tmp/pgg-output29825FPB'

Then it hangs waiting for the input to sign.

What do you think?  It might be ugly to depend on the 'gpg: writing'
output instead of the [GNUPG:] stuff, but I see no option here.

I suspect password-less keys may have similar issues.

Re: Small patch to enable use of gpg-agent with pgg

[Miles Bader]

Simon Josefsson <jas@extundo.com> writes:
> What do you think?  It might be ugly to depend on the 'gpg: writing'
> output instead of the [GNUPG:] stuff, but I see no option here.

Of course if such a kludge is used, an important thing is to report the
problem with the "official" interface as a bug...

-miles
-- 
Love is a snowmobile racing across the tundra.  Suddenly it flips over,
pinning you underneath.  At night the ice weasels come.  --Nietzsche

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

>>>>> In <87irq1evdk.fsf@catnip.gol.com> 
>>>>>	Miles Bader <miles@gnu.org> wrote:
> Simon Josefsson <jas@extundo.com> writes:
> > What do you think?  It might be ugly to depend on the 'gpg: writing'
> > output instead of the [GNUPG:] stuff, but I see no option here.

> Of course if such a kludge is used, an important thing is to report the
> problem with the "official" interface as a bug...

Yes.  I think the root of the problem is that gpg does not emit any
trigger of signature creation.  I'll propose a patch to GnuPG so as to
introduce BEGIN_SIGNING and END_SIGNING status.

For the meantime, how about using pgg-gpg-use-agent as a flag to
indicate that GnuPG will _not_ ask a passphrase in signing?  Smartcard
users should have to set pgg-gpg-use-agent explicitly though.

Here is the patch to the previous post:

--- pgg-gpg.el~	2006-03-26 13:48:29.000000000 +0900
+++ pgg-gpg.el	2006-03-26 13:50:43.000000000 +0900
@@ -51,6 +51,11 @@
   :type '(choice (const :tag "New `--recipient' option" "--recipient")
 		 (const :tag "Old `--remote-user' option" "--remote-user")))
 
+(defcustom pgg-gpg-use-agent nil
+  "Whether to use gnupg agent for key caching."
+  :group 'pgg-gpg
+  :type 'boolean)
+
 (defvar pgg-gpg-user-id nil
   "GnuPG ID of your default identity.")
 
@@ -72,6 +77,7 @@
 			"--command-fd" "0"
 			"--yes" ; overwrite
 			"--output" output-file-name)
+		  (if pgg-gpg-use-agent '("--use-agent"))
 		  pgg-gpg-extra-args
 		  args))
 	 (coding-system-for-write 'binary)
@@ -261,7 +267,7 @@
 				      (if pgg-encrypt-for-me
 					  (list pgg-gpg-user-id))))))))
 	 (process (pgg-gpg-start-process args)))
-    (if sign
+    (if (and sign (not pgg-gpg-use-agent))
 	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process '("SIG_CREATED" "END_ENCRYPTION"))))
@@ -293,7 +299,8 @@
 			"--local-user" pgg-gpg-user-id)
 		  (if pgg-text-mode '("--textmode"))))
 	 (process (pgg-gpg-start-process args)))
-    (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE"))
+    (unless pgg-gpg-use-agent
+      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process '("SIG_CREATED"))))

Regards,
-- 
Daiki Ueno

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <87irq1evdk.fsf@catnip.gol.com> 
>>>>>>	Miles Bader <miles@gnu.org> wrote:
>> Simon Josefsson <jas@extundo.com> writes:
>> > What do you think?  It might be ugly to depend on the 'gpg: writing'
>> > output instead of the [GNUPG:] stuff, but I see no option here.
>
>> Of course if such a kludge is used, an important thing is to report the
>> problem with the "official" interface as a bug...
>
> Yes.  I think the root of the problem is that gpg does not emit any
> trigger of signature creation.  I'll propose a patch to GnuPG so as to
> introduce BEGIN_SIGNING and END_SIGNING status.

That sounds like a good idea.

> For the meantime, how about using pgg-gpg-use-agent as a flag to
> indicate that GnuPG will _not_ ask a passphrase in signing?  Smartcard
> users should have to set pgg-gpg-use-agent explicitly though.

This patch now works fine for me, both smart card and non-smartcard.

Has anyone else tested it?  Should we install it?  I think so, so
unless there are objections within a few days, I'll install it on
v5-10 and Emacs CVS.  Ok, Reinar?  We could also wait until after the
new v5-10 release, this is a pretty large change.

There is another nit (I'll fix this once your code has been
installed), which was present earlier too: specifying a --local-user
parameter even when the Gnus user didn't customize pgg-gpg-user-id
seem wrong -- it will override a 'default-key' in the gpg.conf, and
thus the default behaviour of PGG is different from the default
behaviour of gpg.  In my case, I have a default-key of b565716f (local
secret key on disk) but PGG specify --local-user jas which make gpg
select my smart card key instead, and signing in Gnus doesn't work
unless I toggle pgg-gpg-use-agent.  The solution is to only specify
--local-user when the PGG user customized the user name to sign with.

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <jas@extundo.com> wrote:
> Sascha Wilde <wilde@sha-bang.de> writes:
>> Here is an example[0] from my own experience:
>>
>> - A user logs in on machine 'A' and starts the gpg-agent.
>> - He leaves the machine, but stays logged in...
>> - Now he uses machine 'B' to log in on machine 'A':
>>   the environment is setup to use the already running gpg-agent
>>   (automatically, in an login script)
>> - He starts Emacs/Gnus and tries to sign, decrypt whatever...
>> - The agent runs and is working, everything seems fine, but the user
>>   isn't queried for the passphrase ... what happened?
>> - The User _is_ actually queried, but the pinentry program is started
>>   on the X11 Display or tty of machine 'A'.
>>
>> I think this is a design problem of the gpg-agent.  And yes, there are
>> several ways to circumvent this problem, but I think it would be very
>> convenient, if I could tell pgg to just ignore any agent and ask for
>> the passphrase.
>
> This example seems strange.  How would the user's second session get
> the GPG_AGENT_INFO environment variable that points to the gpg-agent
> running in the user's first session?  Without that, I don't think it
> will work as you describe.

You are right, but that is the way things work, when you follow the
official gpg-agent documentation:

| [...]  If you don't use an X server, you can also put this into your
| regular startup file `~/.profile' or `.bash_profile'.  It is best
| not to run multiple instance of the `gpg-agent', so you should make
| sure that only one is running: `gpg-agent' uses an environment
| variable to inform clients about the communication parameters. You
| can write the content of this environment variable to a file so that
| you can test for a running agent.  [...]

> I'm not sure I see any disadvantage (except code complexity) with
> Daiki's approach.

Having a second thought on the subject I agree.

The problem exists (even in simpler use cases: when you login on the
text console and start an X server from there, the pinentry will
always appear on the console) but it is only related to gpg-agent
design and the documented use pattern -- so the place where this
problems should be discussed and solved is gnupg development.

I'll write the gnupg developers on this subject.

cheers
sascha
-- 
Sascha Wilde 
- no sig today... sorry!

Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <jas@extundo.com> wrote:

> This patch now works fine for me, both smart card and non-smartcard.
>
> Has anyone else tested it?

Yes, I just gave it a try -- works great.

> Should we install it? 

I would vote:  yes. 

@daiki: if you like, you could remove "and gpg-agent " from the
header: 
;; Symmetric encryption and gpg-agent support added by: 
;;   Sascha Wilde <wilde@sha-bang.de>
its no longer true.  :-)

sascha
-- 
Sascha Wilde : "GUIs normally make it simple to accomplish simple 
             : actions and impossible to accomplish complex actions."
             : (Doug Gwyn - 22/Jun/91 in comp.unix.wizards)

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Sascha Wilde <wilde@sha-bang.de> writes:

> Simon Josefsson <jas@extundo.com> wrote:
>
>> This patch now works fine for me, both smart card and non-smartcard.
>>
>> Has anyone else tested it?
>
> Yes, I just gave it a try -- works great.
>
>> Should we install it? 
>
> I would vote:  yes. 
>
> @daiki: if you like, you could remove "and gpg-agent " from the
> header: 
> ;; Symmetric encryption and gpg-agent support added by: 
> ;;   Sascha Wilde <wilde@sha-bang.de>
> its no longer true.  :-)

I've installed it, with this modification, on v5-10, trunk and in
emacs CVS.

Thanks to Daiki for implementing it and everyone who tested this!

Re: Small patch to enable use of gpg-agent with pgg

[Romain Francoise]

Simon Josefsson <jas@extundo.com> writes:

> I've installed it, with this modification, on v5-10, trunk and in
> emacs CVS.

There's a problem with this patch, at least in my setup: untrusted
signatures are no longer denoted as such in the PGP button in the
Article buffer.  (It might be due to an earlier patch, my working copy
hadn't been updated for a few days.  I'm using the trunk.)

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: Small patch to enable use of gpg-agent with pgg

[Simon Josefsson]

Romain Francoise <romain@orebokech.com> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> I've installed it, with this modification, on v5-10, trunk and in
>> emacs CVS.
>
> There's a problem with this patch, at least in my setup: untrusted
> signatures are no longer denoted as such in the PGP button in the
> Article buffer.  (It might be due to an earlier patch, my working copy
> hadn't been updated for a few days.  I'm using the trunk.)

Weird, that shouldn't be affected by that patch.  Uhm, if you do 'cvs
update -D 2006-03-01 pgg-gpg.el' (or some date before the patch), does
it work again?

Daiki, do you have any ideas?  Does your patch change what status
information gpg outputs, perhaps?

Re: Small patch to enable use of gpg-agent with pgg

[Romain Francoise]

Simon Josefsson <jas@extundo.com> writes:

> Weird, that shouldn't be affected by that patch.  Uhm, if you do 'cvs
> update -D 2006-03-01 pgg-gpg.el' (or some date before the patch), does
> it work again?

Yes.

> Daiki, do you have any ideas?  Does your patch change what status
> information gpg outputs, perhaps?

Bisecting shows that it's caused by the following change:

2006-03-27  Daiki Ueno  <ueno@unixuser.org>

	* pgg-gpg.el: Invoke gpg asynchronous, to avoid querying for
	passphrases when it is not needed.
	(pgg-gpg-use-agent): Add, to hard code that pgg shouldn't wait for
	passphrase stuff from gpg, should only be necessary when you use
	gpg with a smartcard.

Stepping through the mml2015 code, I see that after this change, the
*MML2015 Result* buffer no longer contains the GnuPG status lines (the
ones that start with ``[GNUPG:]'', in particular the ``[GNUPG:]
TRUST_UNDEFINED'' line), so `mml2015-gpg-extract-signature-details'
doesn't find the trust level of the signature.  So yeah, status
information gets lost somewhere in PGG due to the new asynchronous
interface.

I'm using Emacs from CVS (from March 30th).

Thanks,

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: Small patch to enable use of gpg-agent with pgg

[Ken Manheimer]

hi, all.  i'm just catching up on this development - partly spurred by
breakage of some of my code (allout's encryption stuff) which depends
on functions that have been removed from pgg-gpg,
pgg-gpg-symmetric-key-p and pgg-gpg-select-matching-key.

on looking at the pgg-gpg, i noticed that some other convenience
functions on which i depend have been removed, as well:
pgg-gpg-lookup-key-owner and pgg-gpg-key-id-from-key-owner, and i
suppose others.

unless replaced with something equivalent, i think that the  removal
of these functions means that application code can not anticipate the
kind of key to request from the user.  am i missing something here?

the ChangeLog says nothing about these changes...
--
ken manheimer
ken.manheimer@gmail.com
http://myriadicity.net

Re: Small patch to enable use of gpg-agent with pgg

[Daiki Ueno]

Hello Ken,

>>>>> In <2cd46e7f0604011630r6388edackc4c7ef21b92ecaa7@mail.gmail.com> 
>>>>>	"Ken Manheimer" <ken.manheimer@gmail.com> wrote:
> hi, all.  i'm just catching up on this development - partly spurred by
> breakage of some of my code (allout's encryption stuff) which depends
> on functions that have been removed from pgg-gpg,
> pgg-gpg-symmetric-key-p and pgg-gpg-select-matching-key.

I'm sorry I missed that.

However, pgg-gpg is one of backend modules of pgg and it should not
provide its own API.  If we revive these functions, we should add them
to pgg.el instead of pgg-gpg.el.

I'll read allout's encryption stuff and try to prepare a fix.

Regards,
-- 
Daiki Ueno

"[GNUPG:] TRUST_UNDEFINED" not indicated (was: Small patch to enable use of gpg-agent with pgg)

[Reiner Steib]

On Sat, Apr 01 2006, Romain Francoise wrote:

> Simon Josefsson <jas@extundo.com> writes:
>> Daiki, do you have any ideas?  Does your patch change what status
>> information gpg outputs, perhaps?
>
> Bisecting shows that it's caused by the following change:
>
> 2006-03-27  Daiki Ueno  <ueno@unixuser.org>
>
> 	* pgg-gpg.el: Invoke gpg asynchronous, to avoid querying for
> 	passphrases when it is not needed.
> 	(pgg-gpg-use-agent): Add, to hard code that pgg shouldn't wait for
> 	passphrase stuff from gpg, should only be necessary when you use
> 	gpg with a smartcard.
>
> Stepping through the mml2015 code, I see that after this change, the
> *MML2015 Result* buffer no longer contains the GnuPG status lines (the
> ones that start with ``[GNUPG:]'', in particular the ``[GNUPG:]
> TRUST_UNDEFINED'' line), so `mml2015-gpg-extract-signature-details'
> doesn't find the trust level of the signature.  So yeah, status
> information gets lost somewhere in PGG due to the new asynchronous
> interface.

Simon, what do you suggest to do for Gnus 5.10.8?  Should we revert
pgg-gpg.el to 2006-03-21 (before adding gpg-agent support)?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Daiki Ueno]

>>>>> In <v93bgvoz33.fsf@marauder.physik.uni-ulm.de> 
>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> On Sat, Apr 01 2006, Romain Francoise wrote:

> > Simon Josefsson <jas@extundo.com> writes:
> >> Daiki, do you have any ideas?  Does your patch change what status
> >> information gpg outputs, perhaps?
> >
> > Bisecting shows that it's caused by the following change:
> >
> > 2006-03-27  Daiki Ueno  <ueno@unixuser.org>
> >
> > 	* pgg-gpg.el: Invoke gpg asynchronous, to avoid querying for
> > 	passphrases when it is not needed.
> > 	(pgg-gpg-use-agent): Add, to hard code that pgg shouldn't wait for
> > 	passphrase stuff from gpg, should only be necessary when you use
> > 	gpg with a smartcard.
> >
> > Stepping through the mml2015 code, I see that after this change, the
> > *MML2015 Result* buffer no longer contains the GnuPG status lines (the
> > ones that start with ``[GNUPG:]'', in particular the ``[GNUPG:]
> > TRUST_UNDEFINED'' line), so `mml2015-gpg-extract-signature-details'
> > doesn't find the trust level of the signature.  So yeah, status
> > information gets lost somewhere in PGG due to the new asynchronous
> > interface.

> Simon, what do you suggest to do for Gnus 5.10.8?  Should we revert
> pgg-gpg.el to 2006-03-21 (before adding gpg-agent support)?

Here is the temporary fix for this problem.

diff -u -r7.17 pgg-gpg.el
--- pgg-gpg.el	29 Mar 2006 07:51:17 -0000	7.17
+++ pgg-gpg.el	3 Apr 2006 08:24:53 -0000
@@ -144,7 +144,7 @@
     (when (buffer-live-p (process-buffer process))
       (insert-buffer-substring (process-buffer process))
       (goto-char (point-min))
-      (delete-matching-lines "^\\[GNUPG:] ")
+      ;(delete-matching-lines "^\\[GNUPG:] ")
       (goto-char (point-min))
       (while (re-search-forward "^gpg: " nil t)
 	(replace-match "")))

Regards,
-- 
Daiki Ueno

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Romain Francoise]

Daiki Ueno <ueno@unixuser.org> writes:

> diff -u -r7.17 pgg-gpg.el
> --- pgg-gpg.el	29 Mar 2006 07:51:17 -0000	7.17
> +++ pgg-gpg.el	3 Apr 2006 08:24:53 -0000
> @@ -144,7 +144,7 @@
>      (when (buffer-live-p (process-buffer process))
>        (insert-buffer-substring (process-buffer process))
>        (goto-char (point-min))
> -      (delete-matching-lines "^\\[GNUPG:] ")
> +      ;(delete-matching-lines "^\\[GNUPG:] ")
>        (goto-char (point-min))
>        (while (re-search-forward "^gpg: " nil t)
>  	(replace-match "")))

Indeed, this fixes the problem I reported about trust information
missing from the signature button.

However, there are still issues with the asynchronous interface; for
example if one moves with N and P through a group where all articles are
signed faster than GnuPG can check the signatures, sometimes this error
is signalled:

| error in process filter: sit-for: Selecting deleted buffer
| error in process filter: Selecting deleted buffer

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated (was: Small patch to

[Simon Josefsson]

> Simon, what do you suggest to do for Gnus 5.10.8?  Should we revert
> pgg-gpg.el to 2006-03-21 (before adding gpg-agent support)?

I installed Daiki's temporary fix, if we can confirm that it solves this
problem, I think we should release 5.10 as is, otherwise I tend to agree
to revert this stuff for v5-10, and wait for it to stabilize on the trunk
until we move it back to v5-10.  It can always go into 5.10.9.

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

>>>>> In <873bgvcaew.fsf@pacem.orebokech.com> 
>>>>>	Romain Francoise <romain@orebokech.com> wrote:
> However, there are still issues with the asynchronous interface; for
> example if one moves with N and P through a group where all articles are
> signed faster than GnuPG can check the signatures, sometimes this error
> is signalled:

> | error in process filter: sit-for: Selecting deleted buffer
> | error in process filter: Selecting deleted buffer

I hope this patch will help you.


[-- Attachment #2: pgg-gpg.el.diff --]
[-- Type: application/octet-stream, Size: 3554 bytes --]

Index: lisp/pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 7.17
diff -u -r7.17 pgg-gpg.el
--- lisp/pgg-gpg.el	29 Mar 2006 07:51:17 -0000	7.17
+++ lisp/pgg-gpg.el	3 Apr 2006 08:58:19 -0000
@@ -106,33 +106,34 @@
     process))
 
 (defun pgg-gpg-process-filter (process input)
-  (save-excursion
-    (if pgg-gpg-debug
-	(save-excursion
-	  (set-buffer (get-buffer-create  " *pgg-gpg-debug*"))
-	  (goto-char (point-max))
-	  (insert input)))
-    (set-buffer (process-buffer process))
-    (goto-char (point-max))
-    (insert input)
-    (goto-char pgg-gpg-read-point)
-    (beginning-of-line)
-    (while (looking-at ".*\n")		;the input line is finished
+  (if (buffer-live-p (process-buffer process))
       (save-excursion
-	(if (looking-at "\\[GNUPG:] \\([A-Z_]+\\)\\>.*")
-	    (let* ((status (match-string 1))
-		   (symbol (intern-soft (concat "pgg-gpg-status-" status)))
-		   (entry (member status pgg-gpg-pending-status-list)))
-	      (if entry
-		  (setq pgg-gpg-pending-status-list
-			(delq (car entry)
-			      pgg-gpg-pending-status-list)))
-	      (if (and symbol
-		       (fboundp symbol))
-		  (funcall symbol process (buffer-substring (match-beginning 1)
-							    (match-end 0)))))))
-      (forward-line))
-    (setq pgg-gpg-read-point (point))))
+	(if pgg-gpg-debug
+	    (save-excursion
+	      (set-buffer (get-buffer-create  " *pgg-gpg-debug*"))
+	      (goto-char (point-max))
+	      (insert input)))
+	(set-buffer (process-buffer process))
+	(goto-char (point-max))
+	(insert input)
+	(goto-char pgg-gpg-read-point)
+	(beginning-of-line)
+	(while (looking-at ".*\n")	;the input line is finished
+	  (save-excursion
+	    (if (looking-at "\\[GNUPG:] \\([A-Z_]+\\)\\>.*")
+		(let* ((status (match-string 1))
+		       (symbol (intern-soft (concat "pgg-gpg-status-" status)))
+		       (entry (member status pgg-gpg-pending-status-list)))
+		  (if entry
+		      (setq pgg-gpg-pending-status-list
+			    (delq (car entry)
+				  pgg-gpg-pending-status-list)))
+		  (if (and symbol
+			   (fboundp symbol))
+		      (funcall symbol process (buffer-substring (match-beginning 1)
+								(match-end 0)))))))
+	  (forward-line))
+	(setq pgg-gpg-read-point (point)))))
 
 (defun pgg-gpg-process-sentinel (process status)
   (set-process-filter process nil)
@@ -174,19 +175,20 @@
   (process-send-eof process)
   (while (eq (process-status process) 'run)
     (sit-for 0.1))
-  (save-excursion
-    (set-buffer (process-buffer process))
-    (setq status-list (copy-sequence status-list))
-    (let ((pointer status-list))
-      (while pointer
-	(goto-char (point-min))
-	(unless (re-search-forward
-		 (concat "^\\[GNUPG:] " (car pointer) "\\>")
-		 nil t)
-	  (setq status-list (delq (car pointer) status-list)))
-	(setq pointer (cdr pointer))))
-    (kill-buffer (process-buffer process))
-    status-list))
+  (if (buffer-live-p (process-buffer process))
+      (save-excursion
+	(set-buffer (process-buffer process))
+	(setq status-list (copy-sequence status-list))
+	(let ((pointer status-list))
+	  (while pointer
+	    (goto-char (point-min))
+	    (unless (re-search-forward
+		     (concat "^\\[GNUPG:] " (car pointer) "\\>")
+		     nil t)
+	      (setq status-list (delq (car pointer) status-list)))
+	    (setq pointer (cdr pointer))))
+	(kill-buffer (process-buffer process))
+	status-list)))
 
 (defun pgg-gpg-status-USERID_HINT (process line)
   (if (string-match "\\`USERID_HINT \\([^ ]+\\) \\(.*\\)" line)

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Romain Francoise]

Daiki Ueno <ueno@unixuser.org> writes:

>> | error in process filter: sit-for: Selecting deleted buffer
>> | error in process filter: Selecting deleted buffer

> I hope this patch will help you.

It does: with this patch on top of your previous fix everything works as
intended, as far as I can see.  Simon, could you install it?

Thanks!

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Simon Josefsson]

Romain Francoise <romain@orebokech.com> writes:

> Daiki Ueno <ueno@unixuser.org> writes:
>
>>> | error in process filter: sit-for: Selecting deleted buffer
>>> | error in process filter: Selecting deleted buffer
>
>> I hope this patch will help you.
>
> It does: with this patch on top of your previous fix everything works as
> intended, as far as I can see.  Simon, could you install it?

Done!  Thanks for testing.

If some more problem is discovered, maybe we should back out these
changes from v5-10.  They can be tested on the trunk, and moved back
to v5-10 in time for 5.10.9.

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Adam Sjøgren]

This async thing is really neat. One - perhaps - tiny thing, though:

This is what happens for me:

 * I enter a group.

 * I view an article (which has a gpg-signature).

 * At first the article is displayed in what looks like as raw text,
   then the gpg-thing finishes, and finally the headers are coloured,
   the boring ones hidden and the gpg-buttons are added.
   (If gpg has to fetch the key from the keyserver this sequence is
    not instant, and so slighly confusing)

I would like the colouring and stuff to happen first, so things jumped
around and changed a little less at the time gpg is done.

Possible?


  Best regards,

-- 
 "Danskar sover ofantligt länge."                             Adam Sjøgren
 "Skriv det."                                            asjo@koldfront.dk

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Romain Francoise]

asjo@koldfront.dk (Adam Sjøgren) writes:

> I would like the colouring and stuff to happen first, so things jumped
> around and changed a little less at the time gpg is done.

That would be nice, but note that the current behavior is still an
improvement over the old one: with the synchronous interface, Emacs
appears to hang while waiting for gpg.  Having visual feedback that the
article is getting processed is very good.

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Adam Sjøgren]

On Mon, 03 Apr 2006 19:00:53 +0200, Romain wrote:

> asjo@koldfront.dk (Adam Sjøgren) writes:
>> I would like the colouring and stuff to happen first, so things jumped
>> around and changed a little less at the time gpg is done.

> That would be nice, but note that the current behavior is still an
> improvement over the old one: with the synchronous interface, Emacs
> appears to hang while waiting for gpg.  Having visual feedback that the
> article is getting processed is very good.

Sure, don't get me wrong, I think it is a very, very nice improvement!

I just wanted to mention this quickly, so it can get done while the
editors (and peoples heads) are hot - if it isn't a lot of trouble.


  Best regards,

    Adam

-- 
 "Noone stops you                                             Adam Sjøgren
  Like you stop yourself"                                asjo@koldfront.dk

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 922 bytes --]

>>>>> In <87u09b6m7t.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> Romain Francoise <romain@orebokech.com> writes:

> > Daiki Ueno <ueno@unixuser.org> writes:
> >
> >>> | error in process filter: sit-for: Selecting deleted buffer
> >>> | error in process filter: Selecting deleted buffer
> >
> >> I hope this patch will help you.
> >
> > It does: with this patch on top of your previous fix everything works as
> > intended, as far as I can see.  Simon, could you install it?

> Done!  Thanks for testing.

Sorry for bothering you again, Romain, could you test the attached
patch?  It would be better fix for that problem since it makes sure to
clean up process buffers every time gpg processes complete.

> If some more problem is discovered, maybe we should back out these
> changes from v5-10.  They can be tested on the trunk, and moved back
> to v5-10 in time for 5.10.9.

Yes, I agree.


[-- Attachment #2: pgg-gpg.el.diff --]
[-- Type: application/octet-stream, Size: 8030 bytes --]

Index: lisp/pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 7.19
diff -u -r7.19 pgg-gpg.el
--- lisp/pgg-gpg.el	3 Apr 2006 09:10:40 -0000	7.19
+++ lisp/pgg-gpg.el	4 Apr 2006 02:27:53 -0000
@@ -106,13 +106,13 @@
     process))
 
 (defun pgg-gpg-process-filter (process input)
+  (if pgg-gpg-debug
+      (save-excursion
+	(set-buffer (get-buffer-create  " *pgg-gpg-debug*"))
+	(goto-char (point-max))
+	(insert input)))
   (if (buffer-live-p (process-buffer process))
       (save-excursion
-	(if pgg-gpg-debug
-	    (save-excursion
-	      (set-buffer (get-buffer-create  " *pgg-gpg-debug*"))
-	      (goto-char (point-max))
-	      (insert input)))
 	(set-buffer (process-buffer process))
 	(goto-char (point-max))
 	(insert input)
@@ -130,39 +130,39 @@
 				  pgg-gpg-pending-status-list)))
 		  (if (and symbol
 			   (fboundp symbol))
-		      (funcall symbol process (buffer-substring (match-beginning 1)
-								(match-end 0)))))))
+		      (funcall symbol process (buffer-substring
+					       (match-beginning 1)
+					       (match-end 0)))))))
 	  (forward-line))
 	(setq pgg-gpg-read-point (point)))))
 
 (defun pgg-gpg-process-sentinel (process status)
-  (set-process-filter process nil)
-  (save-excursion
-    ;; Copy the contents of process-buffer to pgg-errors-buffer.
-    (set-buffer (get-buffer-create pgg-errors-buffer))
-    (buffer-disable-undo)
-    (erase-buffer)
-    (when (buffer-live-p (process-buffer process))
-      (insert-buffer-substring (process-buffer process))
-      (goto-char (point-min))
-      ;(delete-matching-lines "^\\[GNUPG:] ")
-      (goto-char (point-min))
-      (while (re-search-forward "^gpg: " nil t)
-	(replace-match "")))
-    ;; Read the contents of the output file to pgg-output-buffer.
-    (set-buffer (get-buffer-create pgg-output-buffer))
-    (buffer-disable-undo)
-    (erase-buffer)
-    (if (and (equal status "finished\n")
-	     (buffer-live-p (process-buffer process)))
-	(let ((output-file-name (with-current-buffer (process-buffer process)
-				  pgg-gpg-output-file-name)))
-	  (when (file-exists-p output-file-name)
-	    (let ((coding-system-for-read (if pgg-text-mode
-					      'raw-text
-					    'binary)))
-	      (insert-file-contents output-file-name))
-	    (delete-file output-file-name))))))
+  (if (buffer-live-p (process-buffer process))
+      (save-excursion
+	(set-buffer (process-buffer process))
+	(when pgg-gpg-passphrase
+	  (fillarray pgg-gpg-passphrase 0)
+	  (setq pgg-gpg-passphrase nil))
+	;; Copy the contents of process-buffer to pgg-errors-buffer.
+	(set-buffer (get-buffer-create pgg-errors-buffer))
+	(buffer-disable-undo)
+	(erase-buffer)
+	(insert-buffer-substring (process-buffer process))
+	;; Read the contents of the output file to pgg-output-buffer.
+	(set-buffer (get-buffer-create pgg-output-buffer))
+	(buffer-disable-undo)
+	(erase-buffer)
+	(if (equal status "finished\n")
+	    (let ((output-file-name
+		   (with-current-buffer (process-buffer process)
+		     pgg-gpg-output-file-name)))
+	      (when (file-exists-p output-file-name)
+		(let ((coding-system-for-read (if pgg-text-mode
+						  'raw-text
+						'binary)))
+		  (insert-file-contents output-file-name))
+		(delete-file output-file-name))))
+	(kill-buffer (process-buffer process)))))
 
 (defun pgg-gpg-wait-for-status (process status-list)
   (with-current-buffer (process-buffer process)
@@ -171,24 +171,12 @@
 		pgg-gpg-pending-status-list)
       (accept-process-output process 1))))
 
-(defun pgg-gpg-wait-for-completion (process &optional status-list)
+(defun pgg-gpg-wait-for-completion (process)
   (process-send-eof process)
   (while (eq (process-status process) 'run)
-    (sit-for 0.1))
-  (if (buffer-live-p (process-buffer process))
-      (save-excursion
-	(set-buffer (process-buffer process))
-	(setq status-list (copy-sequence status-list))
-	(let ((pointer status-list))
-	  (while pointer
-	    (goto-char (point-min))
-	    (unless (re-search-forward
-		     (concat "^\\[GNUPG:] " (car pointer) "\\>")
-		     nil t)
-	      (setq status-list (delq (car pointer) status-list)))
-	    (setq pointer (cdr pointer))))
-	(kill-buffer (process-buffer process))
-	status-list)))
+    ;; We can't use accept-process-output instead of sit-for here
+    ;; because it may cause an interrupt during the sentinel execution.
+    (sit-for 0.1)))
 
 (defun pgg-gpg-status-USERID_HINT (process line)
   (if (string-match "\\`USERID_HINT \\([^ ]+\\) \\(.*\\)" line)
@@ -270,7 +258,12 @@
     (if (and sign (not pgg-gpg-use-agent))
 	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
     (process-send-region process start end)
-    (pgg-gpg-wait-for-completion process '("SIG_CREATED" "END_ENCRYPTION"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] END_ENCRYPTION\\>"
+				     nil t))))))
 
 (defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
   "Encrypt the current region between START and END with symmetric cipher."
@@ -280,7 +273,12 @@
 	 (process (pgg-gpg-start-process args)))
     (pgg-gpg-wait-for-status process '("BEGIN_ENCRYPTION"))
     (process-send-region process start end)
-    (pgg-gpg-wait-for-completion process '("END_ENCRYPTION"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] END_ENCRYPTION\\>"
+				     nil t))))))
 
 (defun pgg-gpg-decrypt-region (start end &optional passphrase)
   "Decrypt the current region between START and END."
@@ -288,7 +286,12 @@
 	 (process (pgg-gpg-start-process args)))
     (process-send-region process start end)
     (pgg-gpg-wait-for-status process '("BEGIN_DECRYPTION"))
-    (pgg-gpg-wait-for-completion process '("GOODSIG" "DECRYPTION_OKAY"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] DECRYPTION_OKAY\\>"
+				     nil t))))))
 
 (defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
   "Make detached signature from text between START and END."
@@ -302,7 +305,12 @@
     (unless pgg-gpg-use-agent
       (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
     (process-send-region process start end)
-    (pgg-gpg-wait-for-completion process '("SIG_CREATED"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] SIG_CREATED\\>"
+				     nil t))))))
 
 (defun pgg-gpg-verify-region (start end &optional signature)
   "Verify region between START and END as the detached signature SIGNATURE."
@@ -312,7 +320,12 @@
       (setq args (append args (list signature))))
     (setq process (pgg-gpg-start-process (append args '("-"))))
     (process-send-region process start end)
-    (pgg-gpg-wait-for-completion process '("GOODSIG"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] GOODSIG\\>"
+				     nil t))))))
 
 (defun pgg-gpg-insert-key ()
   "Insert public key at point."
@@ -329,7 +342,12 @@
 	 (process (pgg-gpg-start-process args))
 	 status)
     (process-send-region process start end)
-    (pgg-gpg-wait-for-completion process '("IMPORT_RES"))))
+    (pgg-gpg-wait-for-completion process)
+    (save-excursion
+      (set-buffer (get-buffer-create pgg-errors-buffer))
+      (goto-char (point-max))
+      (not (null (re-search-backward "^\\[GNUPG:] IMPORT_RES\\>"
+				     nil t))))))
 
 (provide 'pgg-gpg)
 

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Romain Francoise]

Daiki Ueno <ueno@unixuser.org> writes:

> Sorry for bothering you again, Romain, could you test the attached
> patch?  It would be better fix for that problem since it makes sure to
> clean up process buffers every time gpg processes complete.

This patch works fine here, no shortcomings detected.

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Simon Josefsson]

Romain Francoise <romain@orebokech.com> writes:

> Daiki Ueno <ueno@unixuser.org> writes:
>
>> Sorry for bothering you again, Romain, could you test the attached
>> patch?  It would be better fix for that problem since it makes sure to
>> clean up process buffers every time gpg processes complete.
>
> This patch works fine here, no shortcomings detected.

Installed.

Now, the only difference between various pgg-gpg versions (v5-10, Gnus
trunk, Emacs trunk) is that Gnus trunk don't bind
default-enable-multibyte-characters.  Was that fix safe?  Should we
move it to v5-10 and emacs too?  I recall some problems with it.

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Reiner Steib]

On Tue, Apr 04 2006, Simon Josefsson wrote:

> Now, the only difference between various pgg-gpg versions (v5-10, Gnus
> trunk, Emacs trunk) is that Gnus trunk don't bind
> default-enable-multibyte-characters.  Was that fix safe?  Should we
> move it to v5-10 and emacs too?  I recall some problems with it.

Do you refer to this?

  From: Reiner Steib
  Subject: PGG: byte length problem in pass-phrase
  Message-ID: <v9bqvp58eq.fsf_-_@marauder.physik.uni-ulm.de>
  http://thread.gmane.org/v9bqvp58eq.fsf_-_@marauder.physik.uni-ulm.de

Sorry, I didn't have time to test/debug this further.  But the problem
was independent whether or not default-enable-multibyte-characters was
bound.  But removing it solved the problem "GnuPG messages unreadable
under multibyte locales" as reported by Daiki Ueno.  So I'd suggest to
install it in v5-10 and Emacs.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: "[GNUPG:] TRUST_UNDEFINED" not indicated

[Simon Josefsson]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Tue, Apr 04 2006, Simon Josefsson wrote:
>
>> Now, the only difference between various pgg-gpg versions (v5-10, Gnus
>> trunk, Emacs trunk) is that Gnus trunk don't bind
>> default-enable-multibyte-characters.  Was that fix safe?  Should we
>> move it to v5-10 and emacs too?  I recall some problems with it.
>
> Do you refer to this?
>
>   From: Reiner Steib
>   Subject: PGG: byte length problem in pass-phrase
>   Message-ID: <v9bqvp58eq.fsf_-_@marauder.physik.uni-ulm.de>
>   http://thread.gmane.org/v9bqvp58eq.fsf_-_@marauder.physik.uni-ulm.de
>
> Sorry, I didn't have time to test/debug this further.  But the problem
> was independent whether or not default-enable-multibyte-characters was
> bound.  But removing it solved the problem "GnuPG messages unreadable
> under multibyte locales" as reported by Daiki Ueno.  So I'd suggest to
> install it in v5-10 and Emacs.

Done, thanks!

pgg-gpg: BEGIN_SIGNING

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]

>>>>> In <87slp587cw.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> Daiki Ueno <ueno@unixuser.org> writes:

> >>>>>> In <87irq1evdk.fsf@catnip.gol.com> 
> >>>>>>	Miles Bader <miles@gnu.org> wrote:
> >> Simon Josefsson <jas@extundo.com> writes:
> >> > What do you think?  It might be ugly to depend on the 'gpg: writing'
> >> > output instead of the [GNUPG:] stuff, but I see no option here.
> >
> >> Of course if such a kludge is used, an important thing is to report the
> >> problem with the "official" interface as a bug...
> >
> > Yes.  I think the root of the problem is that gpg does not emit any
> > trigger of signature creation.  I'll propose a patch to GnuPG so as to
> > introduce BEGIN_SIGNING and END_SIGNING status.

> That sounds like a good idea.

BEGIN_SIGNING is now available in GnuPG 1.4.3.  Should we install the
attached patch right now or wait for the new GnuPG packages available in
most distributions?


[-- Attachment #2: pgg-gpg.el.diff --]
[-- Type: application/octet-stream, Size: 1677 bytes --]

Index: lisp/pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 7.20
diff -u -r7.20 pgg-gpg.el
--- lisp/pgg-gpg.el	4 Apr 2006 10:33:07 -0000	7.20
+++ lisp/pgg-gpg.el	5 Apr 2006 01:51:34 -0000
@@ -50,11 +50,6 @@
   :type '(choice (const :tag "New `--recipient' option" "--recipient")
 		 (const :tag "Old `--remote-user' option" "--remote-user")))
 
-(defcustom pgg-gpg-use-agent nil
-  "Whether to use gnupg agent for key caching."
-  :group 'pgg-gpg
-  :type 'boolean)
-
 (defvar pgg-gpg-user-id nil
   "GnuPG ID of your default identity.")
 
@@ -76,7 +71,6 @@
 			"--command-fd" "0"
 			"--yes" ; overwrite
 			"--output" output-file-name)
-		  (if pgg-gpg-use-agent '("--use-agent"))
 		  pgg-gpg-extra-args
 		  args))
 	 (coding-system-for-write 'binary)
@@ -255,8 +249,8 @@
 				      (if pgg-encrypt-for-me
 					  (list pgg-gpg-user-id))))))))
 	 (process (pgg-gpg-start-process args)))
-    (if (and sign (not pgg-gpg-use-agent))
-	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+    (if sign
+	(pgg-gpg-wait-for-status process '("BEGIN_SIGNING")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion
@@ -302,8 +296,7 @@
 			"--local-user" pgg-gpg-user-id)
 		  (if pgg-text-mode '("--textmode"))))
 	 (process (pgg-gpg-start-process args)))
-    (unless pgg-gpg-use-agent
-      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+    (pgg-gpg-wait-for-status process '("BEGIN_SIGNING"))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: pgg-gpg: BEGIN_SIGNING

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <87slp587cw.fsf@latte.josefsson.org> 
>>>>>>	Simon Josefsson <jas@extundo.com> wrote:
>> Daiki Ueno <ueno@unixuser.org> writes:
>
>> >>>>>> In <87irq1evdk.fsf@catnip.gol.com> 
>> >>>>>>	Miles Bader <miles@gnu.org> wrote:
>> >> Simon Josefsson <jas@extundo.com> writes:
>> >> > What do you think?  It might be ugly to depend on the 'gpg: writing'
>> >> > output instead of the [GNUPG:] stuff, but I see no option here.
>> >
>> >> Of course if such a kludge is used, an important thing is to report the
>> >> problem with the "official" interface as a bug...
>> >
>> > Yes.  I think the root of the problem is that gpg does not emit any
>> > trigger of signature creation.  I'll propose a patch to GnuPG so as to
>> > introduce BEGIN_SIGNING and END_SIGNING status.
>
>> That sounds like a good idea.
>
> BEGIN_SIGNING is now available in GnuPG 1.4.3.  Should we install the
> attached patch right now or wait for the new GnuPG packages available in
> most distributions?

I don't think we can assume that people use new GnuPG releases.

> -(defcustom pgg-gpg-use-agent nil
> -  "Whether to use gnupg agent for key caching."
> -  :group 'pgg-gpg
> -  :type 'boolean)
> -

So I think this variable has to stay.

> -    (if (and sign (not pgg-gpg-use-agent))
> -	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
> +    (if sign
> +	(pgg-gpg-wait-for-status process '("BEGIN_SIGNING")))
>      (process-send-region process start end)
>      (pgg-gpg-wait-for-completion process)
>      (save-excursion
> @@ -302,8 +296,7 @@
>  			"--local-user" pgg-gpg-user-id)
>  		  (if pgg-text-mode '("--textmode"))))
>  	 (process (pgg-gpg-start-process args)))
> -    (unless pgg-gpg-use-agent
> -      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
> +    (pgg-gpg-wait-for-status process '("BEGIN_SIGNING"))
>      (process-send-region process start end)
>      (pgg-gpg-wait-for-completion process)
>      (save-excursion

Can't we change it, so that if pgg-gpg-use-agent is nil, it will wait
for either GOOD_PASSPHRASE or BEGIN_SIGNING?  Then it will work fine
for everyone (both new and old GnuPG) except those with old GnuPG and
smart cards, I think.

I think we can get it so that pgg-gpg-use-agent is only ever needed if
you use an old GnuPG with smart cards.

We _could_ fix that too, and avoid pgg-gpg-use-agent completely, if we
also searched for the 'gpg: writing to' string.  But maybe that make
the code too ugly to maintain.

pgg-gpg broken?

[Sascha Wilde]

Hi *,

I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
successfully many times before), but it failed.

This is the backtrace I get:

Debugger entered--Lisp error: (error "Process pgg-gpg not running")
  process-send-string(#<process pgg-gpg> "DerDenkendeWeissEs\n")
  pgg-gpg-status-GET_HIDDEN(#<process pgg-gpg> "GET_HIDDEN
  passphrase.enter")
  pgg-gpg-process-filter(#<process pgg-gpg> "[GNUPG:] USERID_HINT
  31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>\n[GNUPG:]
  NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0\n[GNUPG:]
  GET_HIDDEN passphrase.enter\n[GNUPG:] GOT_IT\n[GNUPG:]
  BAD_PASSPHRASE 31A16202F8F7E674\ngpg: Invalid passphrase; please try
  again ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
  <Sascha.Wilde@intevation.de>\n[GNUPG:] NEED_PASSPHRASE
  31A16202F8F7E674 BB2185144BB86568 16 0\n[GNUPG:] GET_HIDDEN
  passphrase.enter\n[GNUPG:] GOT_IT\n[GNUPG:] BAD_PASSPHRASE
  31A16202F8F7E674\ngpg: Invalid passphrase; please try again
  ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
  <Sascha.Wilde@intevation.de>\n[GNUPG:] NEED_PASSPHRASE
  31A16202F8F7E674 BB2185144BB86568 16 0\n[GNUPG:] GET_HIDDEN
  passphrase.enter\n[GNUPG:] GOT_IT\n[GNUPG:] BAD_PASSPHRASE
  31A16202F8F7E674\n[GNUPG:] ENC_TO xxxxxxxxxxxxxxxx 16 0\ngpg:
  encrypted with 1024-bit ELG-E key, ID xxxxxxxx, created 2003-06-24\n
  \"xxxxxx xxxxxxxx xxxx <xxxxxx@intevation.de>\"\n[GNUPG:] NO_SECKEY
  xxxxxxxxxxxxxxxx\ngpg: encrypted with 2048-bit ELG-E key, ID
  F8F7E674, created 2004-11-15\n      \"Sascha Wilde
  <Sascha.Wilde@intevation.de>\"\ngpg: public key decryption failed:
  bad passphrase\n[GNUPG:] BEGIN_DECRYPTION\n[GNUPG:]
  DECRYPTION_FAILED\ngpg: decryption failed: secret key not
  available\ngpg: CRC error; 3CB1DD - 15B95A\n[GNUPG:]
  END_DECRYPTION\n")

Signing mails works (including querying the passphrase).

Might this be related to the latest changes by Daiki?
Sorry I don't have time to investigate this any further right now...

cheers
sascha
-- 
Sascha Wilde : "Der Nicht-Denkende glaubt, dass niemand denkt,
             : der Denkende weiss es!"
             : (Gabriel Laub)

Re: pgg-gpg broken?

[Daiki Ueno]

>>>>> In <m2k6a4z8or.fsf_-_@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
> successfully many times before), but it failed.

> This is the backtrace I get:

> Debugger entered--Lisp error: (error "Process pgg-gpg not running")
>   process-send-string(#<process pgg-gpg> "DerDenkendeWeissEs\n")
>   pgg-gpg-status-GET_HIDDEN(#<process pgg-gpg> "GET_HIDDEN
>   passphrase.enter")
>   pgg-gpg-process-filter(#<process pgg-gpg> "[GNUPG:] USERID_HINT
>   31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>\n[GNUPG:]
>   NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0\n[GNUPG:]
>   GET_HIDDEN passphrase.enter\n[GNUPG:] GOT_IT\n[GNUPG:]
>   BAD_PASSPHRASE 31A16202F8F7E674\ngpg: Invalid passphrase; please try
>   again ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde

> Might this be related to the latest changes by Daiki?

The problem might be related to the default-enable-multibyte-characters
issue:
http://article.gmane.org/gmane.emacs.gnus.general/62428
if you are using non-ASCII characters in your passphrase.

Regards,
-- 
Daiki Ueno

Re: pgg-gpg: BEGIN_SIGNING

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 654 bytes --]

>>>>> In <87fyks8ley.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> I don't think we can assume that people use new GnuPG releases.

I see.  I expect that new GnuPG releases will spread faster than other
softwares not related to security though.

> Can't we change it, so that if pgg-gpg-use-agent is nil, it will wait
> for either GOOD_PASSPHRASE or BEGIN_SIGNING?  Then it will work fine
> for everyone (both new and old GnuPG) except those with old GnuPG and
> smart cards, I think.

> I think we can get it so that pgg-gpg-use-agent is only ever needed if
> you use an old GnuPG with smart cards.

Ok, here is the patch.


[-- Attachment #2: pgg-gpg.el.diff --]
[-- Type: application/octet-stream, Size: 1064 bytes --]

Index: lisp/pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 7.20
diff -u -r7.20 pgg-gpg.el
--- lisp/pgg-gpg.el	4 Apr 2006 10:33:07 -0000	7.20
+++ lisp/pgg-gpg.el	5 Apr 2006 09:56:53 -0000
@@ -256,7 +256,7 @@
 					  (list pgg-gpg-user-id))))))))
 	 (process (pgg-gpg-start-process args)))
     (if (and sign (not pgg-gpg-use-agent))
-	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+	(pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion
@@ -303,7 +303,7 @@
 		  (if pgg-text-mode '("--textmode"))))
 	 (process (pgg-gpg-start-process args)))
     (unless pgg-gpg-use-agent
-      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+      (pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: pgg-gpg broken?

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

>>>>>> In <m2k6a4z8or.fsf_-_@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
>> successfully many times before), but it failed.
>
>> This is the backtrace I get:
>
>> Debugger entered--Lisp error: (error "Process pgg-gpg not running")
>>   process-send-string(#<process pgg-gpg> "DerDenkendeWeissEs\n")
>>   pgg-gpg-status-GET_HIDDEN(#<process pgg-gpg> "GET_HIDDEN
>>   passphrase.enter")
>>   pgg-gpg-process-filter(#<process pgg-gpg> "[GNUPG:] USERID_HINT
>>   31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>\n[GNUPG:]
>>   NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0\n[GNUPG:]
>>   GET_HIDDEN passphrase.enter\n[GNUPG:] GOT_IT\n[GNUPG:]
>>   BAD_PASSPHRASE 31A16202F8F7E674\ngpg: Invalid passphrase; please try
>>   again ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
>
>> Might this be related to the latest changes by Daiki?
>
> The problem might be related to the default-enable-multibyte-characters
> issue:
> http://article.gmane.org/gmane.emacs.gnus.general/62428
> if you are using non-ASCII characters in your passphrase.

No, only plain ASCII.

sascha
-- 
Sascha Wilde : "Ist es nicht schon schlimm genug, dass ICH hier rumtrolle?"
             : (Henning Leise in d.o.c.)

Re: pgg-gpg: BEGIN_SIGNING

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <87fyks8ley.fsf@latte.josefsson.org> 
>>>>>>	Simon Josefsson <jas@extundo.com> wrote:
>> I don't think we can assume that people use new GnuPG releases.
>
> I see.  I expect that new GnuPG releases will spread faster than other
> softwares not related to security though.

Agreed.  However, since there is no harm in keeping the variable
around, for those with old GnuPG and smart cards, it seems simpler to
keep it.

>> Can't we change it, so that if pgg-gpg-use-agent is nil, it will wait
>> for either GOOD_PASSPHRASE or BEGIN_SIGNING?  Then it will work fine
>> for everyone (both new and old GnuPG) except those with old GnuPG and
>> smart cards, I think.
>
>> I think we can get it so that pgg-gpg-use-agent is only ever needed if
>> you use an old GnuPG with smart cards.
>
> Ok, here is the patch.

Applied, thanks!

Re: pgg-gpg: BEGIN_SIGNING

[Daiki Ueno]

[-- Attachment #1: Type: text/plain, Size: 593 bytes --]

>>>>> In <873bgs8evn.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> >> Can't we change it, so that if pgg-gpg-use-agent is nil, it will wait
> >> for either GOOD_PASSPHRASE or BEGIN_SIGNING?  Then it will work fine
> >> for everyone (both new and old GnuPG) except those with old GnuPG and
> >> smart cards, I think.
> >
> >> I think we can get it so that pgg-gpg-use-agent is only ever needed if
> >> you use an old GnuPG with smart cards.
> >
> > Ok, here is the patch.

> Applied, thanks!

I'm sorry.  The patch has a bug.  Please apply the fix attached below.


[-- Attachment #2: pgg-gpg.el.diff --]
[-- Type: application/octet-stream, Size: 972 bytes --]

? pgg-gpg.el.diff
Index: lisp/pgg-gpg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
retrieving revision 7.21
diff -u -r7.21 pgg-gpg.el
--- lisp/pgg-gpg.el	5 Apr 2006 10:57:51 -0000	7.21
+++ lisp/pgg-gpg.el	5 Apr 2006 11:40:57 -0000
@@ -122,12 +122,10 @@
 	  (save-excursion
 	    (if (looking-at "\\[GNUPG:] \\([A-Z_]+\\)\\>.*")
 		(let* ((status (match-string 1))
-		       (symbol (intern-soft (concat "pgg-gpg-status-" status)))
-		       (entry (member status pgg-gpg-pending-status-list)))
-		  (if entry
-		      (setq pgg-gpg-pending-status-list
-			    (delq (car entry)
-				  pgg-gpg-pending-status-list)))
+		       (symbol (intern-soft (concat "pgg-gpg-status-"
+						    status))))
+		  (if (member status pgg-gpg-pending-status-list)
+		      (setq pgg-gpg-pending-status-list nil))
 		  (if (and symbol
 			   (fboundp symbol))
 		      (funcall symbol process (buffer-substring

[-- Attachment #3: Type: text/plain, Size: 25 bytes --]


Regards,
-- 
Daiki Ueno

Re: pgg-gpg: BEGIN_SIGNING

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <873bgs8evn.fsf@latte.josefsson.org> 
>>>>>>	Simon Josefsson <jas@extundo.com> wrote:
>> >> Can't we change it, so that if pgg-gpg-use-agent is nil, it will wait
>> >> for either GOOD_PASSPHRASE or BEGIN_SIGNING?  Then it will work fine
>> >> for everyone (both new and old GnuPG) except those with old GnuPG and
>> >> smart cards, I think.
>> >
>> >> I think we can get it so that pgg-gpg-use-agent is only ever needed if
>> >> you use an old GnuPG with smart cards.
>> >
>> > Ok, here is the patch.
>
>> Applied, thanks!
>
> I'm sorry.  The patch has a bug.  Please apply the fix attached below.

Applied to the trunk, thanks.  I'm beginning to think that we should
revert these changes for v5-10, pgg-gpg was fairly stable before.
Reiner, what do you think?  Is this holding up the release?

Please test current GPG features (was: pgg-gpg: BEGIN_SIGNING)

[Reiner Steib]

On Wed, Apr 05 2006, Simon Josefsson wrote:

> I'm beginning to think that we should revert these changes for
> v5-10, pgg-gpg was fairly stable before.  Reiner, what do you think?
> Is this holding up the release?

Larsi's _current_ ;-) time frame for the release is somewhere between
Friday and Sunday.  So it's not holding it up at the moment, but I'd
strongly prefer to have no code changes[*] at least in the last ~48
hours before preparing the tar-balls.

Let's give the current code one last chance.  If no problems arise,
let's keep it in for 5.10.8 and No Gnus.  Else, let's revert
`pgg-gpg.el' to revision 7.11 (before adding gpg-agent support on
2006-03-21) in the trunk and in v5-10 until the Gnus releases are out.
For the version in Emacs CVS, I don't have a strong opinion.  Probably
we should keep the current code plus further fixes there and sync it
back to trunk and v5-10 after the Gnus releases are done.

Opinions?

So people, please test the GPG features now and report any problems.
Preferably, also check if the problem goes away when using revision
7.11 of `pgg-gpg.el'.

Bye, Reiner.

[*] Apart from really trivial changes.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Simon Josefsson]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> Let's give the current code one last chance.  If no problems arise,
> let's keep it in for 5.10.8 and No Gnus.

Sascha has reported one problem that may be caused by the new code, I
don't think it has been fixed.

> Else, let's revert `pgg-gpg.el' to revision 7.11 (before adding
> gpg-agent support on 2006-03-21) in the trunk and in v5-10 until the
> Gnus releases are out.  For the version in Emacs CVS, I don't have a
> strong opinion.  Probably we should keep the current code plus
> further fixes there and sync it back to trunk and v5-10 after the
> Gnus releases are done.
>
> Opinions?

Why revert anything in the trunk?  The trunk is the experimental
branch after all.  I think we should revert it to before the
2006-03-21 fix in v5-10 and Emacs CVS only.  If a few months of
testing the trunk doesn't turn up problems, we can move it to v5-10
and Emacs CVS.

> So people, please test the GPG features now and report any problems.
> Preferably, also check if the problem goes away when using revision
> 7.11 of `pgg-gpg.el'.

Hear, hear.

Re: pgg-gpg broken?

[Reiner Steib]

On Wed, Apr 05 2006, Sascha Wilde wrote:

> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
> successfully many times before), but it failed.
[...]
> Signing mails works (including querying the passphrase).
>
> Might this be related to the latest changes by Daiki?

Could you test with `pgg-gpg.el' revision 1.4 from Emacs CVS or
revision 7.11 from Gnus CVS, please?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Reiner Steib]

On Wed, Apr 05 2006, Simon Josefsson wrote:

> Why revert anything in the trunk?  The trunk is the experimental
> branch after all.

IIRC, all these changes were supposed to fix some bugs (smart cards,
gpg-agent, multi-byte locales, ...).  It would be good to have the
same bug fix level in Gnus 5.10.8 and No Gnus 0.4, IMHO.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: pgg-gpg broken?

[Sascha Wilde]

Reiner Steib <reinersteib+gmane@imap.cc> wrote:

> On Wed, Apr 05 2006, Sascha Wilde wrote:
>
>> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
>> successfully many times before), but it failed.
> [...]
>> Signing mails works (including querying the passphrase).
>>
>> Might this be related to the latest changes by Daiki?
>
> Could you test with `pgg-gpg.el' revision 1.4 from Emacs CVS or
> revision 7.11 from Gnus CVS, please?

I fetched 1.4 from Emacs CVS and it works perfectly well with the mail
in question.

Same holds true for 1.8 from Emacs CVS, which includes my original
version of gpg-agent support, but it stops working with 1.9 -- so it
seems the problem lies withing Daiki's new code...

Some more revelations regarding the problem:

It is somewhat more specific: while I can't decrypt the old mail with
the current pgg-gpg code, I actually can decrypt an fresh test Mail,
which I just send to myself for testing.  This matches my observations
about the different versions.  I have no idea whats so special about
this one mail (it's encrypted for more than one key, but this is no
problem in other cases...).

cheers
sascha
-- 
Sascha Wilde : xedit? Das sieht zwar wie vi aus als könne es nix, aber im
             : Gegensatz zu vi kann es wirklich nix und nix ist noch geschönt!
             : (Michael Core in dafc)

Re: pgg-gpg broken?

[Daiki Ueno]

>>>>> In <m2zmj0xr4x.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> Daiki Ueno <ueno@unixuser.org> wrote:

> >>>>>> In <m2k6a4z8or.fsf_-_@kenny.sha-bang.de> 
> >>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> >> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
> >> successfully many times before), but it failed.
> >
> >> This is the backtrace I get:
> >
> >> Debugger entered--Lisp error: (error "Process pgg-gpg not running")
> >>   process-send-string(#<process pgg-gpg> "DerDenkendeWeissEs\n")
> >>   pgg-gpg-status-GET_HIDDEN(#<process pgg-gpg> "GET_HIDDEN
> >>   passphrase.enter")
> >>   BAD_PASSPHRASE 31A16202F8F7E674\ngpg: Invalid passphrase; please try
> >>   again ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
> >
> >> Might this be related to the latest changes by Daiki?
> >
> > The problem might be related to the default-enable-multibyte-characters
> > issue:
> > http://article.gmane.org/gmane.emacs.gnus.general/62428
> > if you are using non-ASCII characters in your passphrase.

> No, only plain ASCII.

Two more questions:

1. The passphrase you entered was correct?
2. How many times were you queried your passphrase?

A straightforward way to investigate this problem is decrypting the mail
from the command line as pgg-gpg does.  Could you try the following?

$ cat input.txt | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
  --output output.txt --decrypt

Regards,
-- 
Daiki Ueno

Re: pgg-gpg broken?

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

>>>>>> In <m2zmj0xr4x.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> Daiki Ueno <ueno@unixuser.org> wrote:
>
>> >>>>>> In <m2k6a4z8or.fsf_-_@kenny.sha-bang.de> 
>> >>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> >> I just needed to decrypt an old Mail using Gnus/pgg (which i decrypted
>> >> successfully many times before), but it failed.
>> >
>> >> This is the backtrace I get:
>> >
>> >> Debugger entered--Lisp error: (error "Process pgg-gpg not running")
>> >>   process-send-string(#<process pgg-gpg> "DerDenkendeWeissEs\n")
>> >>   pgg-gpg-status-GET_HIDDEN(#<process pgg-gpg> "GET_HIDDEN
>> >>   passphrase.enter")
>> >>   BAD_PASSPHRASE 31A16202F8F7E674\ngpg: Invalid passphrase; please try
>> >>   again ...\n[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
>> >
>> >> Might this be related to the latest changes by Daiki?
>> >
>> > The problem might be related to the default-enable-multibyte-characters
>> > issue:
>> > http://article.gmane.org/gmane.emacs.gnus.general/62428
>> > if you are using non-ASCII characters in your passphrase.
>
>> No, only plain ASCII.
>
> Two more questions:
>
> 1. The passphrase you entered was correct?

Yes.  I tried this _many_ times, and only this mail fails (and only
with your new code).

> 2. How many times were you queried your passphrase?

Once.  If the passphrase is already cached (I'm _not_ using the agent
on this system): none.  I also encountered the situation of getting
asked over and over again, but I can't reproduce that...

> A straightforward way to investigate this problem is decrypting the mail
> from the command line as pgg-gpg does.  Could you try the following?
>
> $ cat input.txt | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
>   --output output.txt --decrypt

This doesn't work (it tries to read the passphrase from the pipe, too.
But this works:

gpg --no-tty --status-fd 1 --command-fd 0 --yes \ 
  --output output.txt --decrypt test.msg

Here is the Output:

[GNUPG:] ENC_TO 31A16202F8F7E674 16 0
[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde
<Sascha.Wilde@intevation.de>
[GNUPG:] NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0
[GNUPG:] GET_HIDDEN passphrase.enter
***********************
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] ENC_TO **************** 16 0
gpg: encrypted with 1024-bit ELG-E key, ID C42134DD, created
2003-06-24
      "******** **** <*******@intevation.de>"
[GNUPG:] NO_SECKEY ****************
gpg: encrypted with 2048-bit ELG-E key, ID F8F7E674, created
2004-11-15
      "Sascha Wilde <Sascha.Wilde@intevation.de>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] PLAINTEXT 74 1143202578 mutt-eukrante-10004-12773-1220
gpg: Signature made Fre 24 Mr 2006 13:16:19 CET using DSA key ID
********
[GNUPG:] SIG_ID AfiFfg5+XNFF741BR7ts3MOF6ds 2006-03-24 1143202579
[GNUPG:] GOODSIG **************** ******** ****
<******@intevation.de>
gpg: Good signature from "******** **** <*******@intevation.de>"
gpg:                 aka "******** **** ***** <*******.********@intevation.de>"
[GNUPG:] VALIDSIG 53D27A45B9AD27915EE44EDE5BB3F5195816791A 2006-03-24
1143202579 0 3 0 17 2 01 53D27A45B9AD27915EE44EDE5BB3F5195816791A
[GNUPG:] TRUST_FULLY
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION

As you can see: everything worked well...
BUT, doing more tests, things became more and more strange:

I tried 

gpg --no-tty --status-fd 1 --command-fd 0 --yes \ 
  --output output.txt --decrypt

And pasted in the message using copy and paste, then I got this error:

gpg: CRC error; 6E24DE - 15B95A
[GNUPG:] END_DECRYPTION

So I set pgg-gpg-debug to t and found the same error.

Even more strange, when using the gpg-agent

gpg --no-tty --status-fd 1 --command-fd 0 --yes \
  --output output.txt --decrypt <test.msg

works fine, while decryption using the agent + pgg-gpg just hangs...

cheers
sascha
-- 
Sascha Wilde : "Der Nicht-Denkende glaubt, dass niemand denkt,
             : der Denkende weiss es!"
             : (Gabriel Laub)

Re: pgg-gpg broken?

[Daiki Ueno]

>>>>> In <m21wwbcc46.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> > A straightforward way to investigate this problem is decrypting the mail
> > from the command line as pgg-gpg does.  Could you try the following?
> >
> > $ cat input.txt | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
> >   --output output.txt --decrypt

> This doesn't work (it tries to read the passphrase from the pipe, too.

As I said in the private mail, this is because the pipe is closed after
cat exits.  Could you try this one and see if gpg waits after "[GNUPG:]
GET_HIDDEN passphrase.enter"?

$ (cat test.msg; sleep 10) | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
  --output output.txt --decrypt

Regards,
-- 
Daiki Ueno

Re: pgg-gpg broken?

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

>>>>>> In <m21wwbcc46.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> > A straightforward way to investigate this problem is decrypting the mail
>> > from the command line as pgg-gpg does.  Could you try the following?
>> >
>> > $ cat input.txt | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
>> >   --output output.txt --decrypt
>
>> This doesn't work (it tries to read the passphrase from the pipe, too.
>
> As I said in the private mail, this is because the pipe is closed after
> cat exits.  Could you try this one and see if gpg waits after "[GNUPG:]
> GET_HIDDEN passphrase.enter"?
>
> $ (cat test.msg; sleep 10) | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
>   --output output.txt --decrypt

No, it doesn't -- here is what happens 
(thomas agreed with posting this information, so no more '*'s):

(cat test.msg; sleep 10) | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
  --output output.txt --decrypt
[GNUPG:] ENC_TO 31A16202F8F7E674 16 0
[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>
[GNUPG:] NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] BAD_PASSPHRASE 31A16202F8F7E674
gpg: Invalid passphrase; please try again ...
[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>
[GNUPG:] NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] BAD_PASSPHRASE 31A16202F8F7E674
gpg: Invalid passphrase; please try again ...
[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>
[GNUPG:] NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
[GNUPG:] BAD_PASSPHRASE 31A16202F8F7E674
[GNUPG:] ENC_TO 8699BF5FC42134DD 16 0
gpg: encrypted with 1024-bit ELG-E key, ID C42134DD, created 2003-06-24
      "Thomas Arendsen Hein <thomas@intevation.de>"
[GNUPG:] NO_SECKEY 8699BF5FC42134DD
gpg: encrypted with 2048-bit ELG-E key, ID F8F7E674, created 2004-11-15
      "Sascha Wilde <Sascha.Wilde@intevation.de>"
gpg: public key decryption failed: bad passphrase
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: secret key not available
gpg: CRC error; 474D93 - 15B95A
[GNUPG:] END_DECRYPTION

is seems that gpg detects the end early and uses the rest of the
message as passphrase, which of cause fails...

So either the PGP Message is malformed, or that there is a
bug in gpg.

In either case, I don't understand why 

gpg --no-tty --status-fd 1 --command-fd 0 --yes \ 
  --output output.txt --decrypt test.msg

works without any error:

[GNUPG:] ENC_TO 31A16202F8F7E674 16 0   
[GNUPG:] USERID_HINT 31A16202F8F7E674 Sascha Wilde <Sascha.Wilde@intevation.de>
[GNUPG:] NEED_PASSPHRASE 31A16202F8F7E674 BB2185144BB86568 16 0
[GNUPG:] GET_HIDDEN passphrase.enter
*************************
[GNUPG:] GOT_IT
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] ENC_TO 8699BF5FC42134DD 16 0
gpg: encrypted with 1024-bit ELG-E key, ID C42134DD, created 2003-06-24
      "Thomas Arendsen Hein <thomas@intevation.de>"
[GNUPG:] NO_SECKEY 8699BF5FC42134DD
gpg: encrypted with 2048-bit ELG-E key, ID F8F7E674, created 2004-11-15
      "Sascha Wilde <Sascha.Wilde@intevation.de>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] PLAINTEXT 74 1143202578 mutt-eukrante-10004-12773-1220
gpg: Signature made Fre 24 Mr 2006 13:16:19 CET using DSA key ID 5816791A
[GNUPG:] SIG_ID AfiFfg5+XNFF741BR7ts3MOF6ds 2006-03-24 1143202579
[GNUPG:] GOODSIG 5BB3F5195816791A Thomas Arendsen Hein <thomas@intevation.de>
gpg: Good signature from "Thomas Arendsen Hein <thomas@intevation.de>"
gpg:                 aka "Thomas Arendsen Hein (private) <thomas@jtah.de>"
gpg:                 aka "Thomas Arendsen Hein <Thomas.Arendsen.Hein@intevation.   de>"
[GNUPG:] VALIDSIG 53D27A45B9AD27915EE44EDE5BB3F5195816791A 2006-03-24 1143202579    0 3 0 17 2 01 53D27A45B9AD27915EE44EDE5BB3F5195816791A
[GNUPG:] TRUST_FULLY
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION

cheers
-- 
Sascha Wilde

A conclusion is simply the place where someone got tired of thinking.

Re: pgg-gpg broken?

[Daiki Ueno]

>>>>> In <m2y7yjdo02.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> Daiki Ueno <ueno@unixuser.org> wrote:

> > As I said in the private mail, this is because the pipe is closed after
> > cat exits.  Could you try this one and see if gpg waits after "[GNUPG:]
> > GET_HIDDEN passphrase.enter"?
> >
> > $ (cat test.msg; sleep 10) | gpg --no-tty --status-fd 1 --command-fd 0 --yes \
> >   --output output.txt --decrypt

> No, it doesn't -- here is what happens 

> is seems that gpg detects the end early and uses the rest of the
> message as passphrase, which of cause fails...

If you have pgpdump installed, you will see what packets are read from
the message.

Anyway, I'll try to change pgg-gpg-decrypt-region to read a PGP message
from a temporary file.  Thanks for testing!

Regards,
-- 
Daiki Ueno

Re: Please test current GPG features

[Reiner Steib]

On Wed, Apr 05 2006, Simon Josefsson wrote:

> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>
>> Let's give the current code one last chance.  If no problems arise,
>> let's keep it in for 5.10.8 and No Gnus.
>
> Sascha has reported one problem that may be caused by the new code, I
> don't think it has been fixed.

In <news:m27j63vndk.fsf@kenny.sha-bang.de>, Sascha confirmed that it
works with rev. 1.4 from Emacs CVS (= 7.11 from Gnus).

So I think we should better revert to 7.11.  Simon, WDYT?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Simon Josefsson]

> On Wed, Apr 05 2006, Simon Josefsson wrote:
>
>> Reiner Steib <reinersteib+gmane@imap.cc> writes:
>>
>>> Let's give the current code one last chance.  If no problems arise,
>>> let's keep it in for 5.10.8 and No Gnus.
>>
>> Sascha has reported one problem that may be caused by the new code, I
>> don't think it has been fixed.
>
> In <news:m27j63vndk.fsf@kenny.sha-bang.de>, Sascha confirmed that it
> works with rev. 1.4 from Emacs CVS (= 7.11 from Gnus).
>
> So I think we should better revert to 7.11.  Simon, WDYT?

Yup.  I still think we shouldn't revert anything on the Gnus trunk branch
though, Daiki's approach (if we can get it to work) should be better in
the long run.  Testing it out on No Gnus seem appropriate.

The 1.4/7.11 version has known limitations (doesn't work with smart cards,
inferior password prompts (doesn't contain the key id as known to gpg),
excessive password prompts for password-less keys (which is confusing),
and maybe more).

Re: Please test current GPG features

[Reiner Steib]

On Thu, Apr 06 2006, Simon Josefsson wrote:

>> So I think we should better revert to 7.11.  Simon, WDYT?
>
> Yup.  I still think we shouldn't revert anything on the Gnus trunk branch
> though, Daiki's approach (if we can get it to work) should be better in
> the long run.  Testing it out on No Gnus seem appropriate.

Okay, I reverted it to 7.11 on the v5-10 branch:

	* pgg-gpg.el: Revert to revision 7.11 because of unresolved
	problems caused by adding symmetric encryption support and the
	asynchronous gpg call.

Please adjust this ChangeLog entry if it is incorrect or something is
missing.

> The 1.4/7.11 version has known limitations (doesn't work with smart cards,
> inferior password prompts (doesn't contain the key id as known to gpg),
> excessive password prompts for password-less keys (which is confusing),
> and maybe more).

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Simon Josefsson]

>> Yup.  I still think we shouldn't revert anything on the Gnus trunk
>> branch
>> though, Daiki's approach (if we can get it to work) should be better in
>> the long run.  Testing it out on No Gnus seem appropriate.
>
> Okay, I reverted it to 7.11 on the v5-10 branch:
>
> 	* pgg-gpg.el: Revert to revision 7.11 because of unresolved
> 	problems caused by adding symmetric encryption support and the
> 	asynchronous gpg call.
>
> Please adjust this ChangeLog entry if it is incorrect or something is
> missing.

Looks fine, thanks!

Re: Please test current GPG features

[Romain Francoise]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> Okay, I reverted it to 7.11 on the v5-10 branch:

Simon, could you revert pgg-gpg.el in Emacs CVS too?

Thanks,

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: Please test current GPG features

[Romain Francoise]

Romain Francoise <romain@orebokech.com> writes:

> Simon, could you revert pgg-gpg.el in Emacs CVS too?

I've now done that myself.  The v5-10 version and the Emacs trunk are
now in sync (there were whitespace only changes between the version in
our branch and Emacs's 1.4 version).

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: Please test current GPG features

[Reiner Steib]

On Thu, Apr 06 2006, Romain Francoise wrote:

> The v5-10 version and the Emacs trunk are now in sync (there were
> whitespace only changes between the version in our branch and
> Emacs's 1.4 version).

These should be synced from Gnus (v5-10) to Emacs.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Romain Francoise]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> These should be synced from Gnus (v5-10) to Emacs.

Yes, that's what I did.

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

gpg-agent support removed?! (was: pgg-gpg broken?)

[Sascha Wilde]

Hi *,

after noticing, that the broken mail con suddenly be decrypted again I
checked the changelog and found this entry:

  2006-04-06  Romain Francoise  <romain@orebokech.com>

         * pgg-gpg.el: Sync back with Gnus 5.10, reverting changes that add
         symmetric encryption features and a new asynchronous interface to
         GnuPG.  This new version is version 1.4, plus whitespace changes.

why was that done?!  And why was it done without any discussion or
even informing the people involved?!?

sascha
-- 
Sascha Wilde  :  "I heard that if you play the Windows CD backward, you
              :  get a satanic message. But that's nothing compared to
              :  when you play it forward: It installs Windows...." 
              :  -- G. R. Gaudreau

Re: gpg-agent support removed?! (was: pgg-gpg broken?)

[Simon Josefsson]

> Hi *,
>
> after noticing, that the broken mail con suddenly be decrypted again I
> checked the changelog and found this entry:
>
>   2006-04-06  Romain Francoise  <romain@orebokech.com>
>
>          * pgg-gpg.el: Sync back with Gnus 5.10, reverting changes that
> add
>          symmetric encryption features and a new asynchronous interface to
>          GnuPG.  This new version is version 1.4, plus whitespace changes.
>
> why was that done?!  And why was it done without any discussion or
> even informing the people involved?!?

I thought all discussions about this were kept on the mailing list?  Maybe
check the ding list, perhaps emacs-devel was removed at some point.

I think we decided to back out Daiki's asynchronous interface, because it
is too much new code and we need to have people use it for a while and
work out the problems (on the Gnus CVS trunk).  Perhaps Romain backed out
more than that?  I think we should revert to the pgg-gpg.el right before
adding Daiki's partial rewrite.  The symmetric stuff, and the more recent
addition of the pgg-gpg-use-agent variable should be fine.

I don't have a workable internet connection, and I'm going away on holiday
tomorrow, so I hope others can help work out the details, or wait 10 days.

Re: gpg-agent support removed?!

[Romain Francoise]

Sascha Wilde <wilde@sha-bang.de> writes:

> And why was it done without any discussion or even informing the
> people involved?!?

Since PGG is historically a Gnus package, it was discussed on the ding
mailing-list, which you obviously don't read...  :-)

The relevant sub-thread starts here:

  <URL: http://article.gmane.org/gmane.emacs.gnus.general/62545>

The reasons why this was done are:

1) The new code has bugs and is a major rewrite from previous versions;
   it isn't yet very stable, at least not enough for a stable Gnus
   release.

2) A new Gnus v5.10 release is due out this week-end, so there wasn't
   enough time to fix the bugs in the new code, hence the decision to
   revert it in Gnus 5.10.  Since Emacs 22 is supposed to have Gnus
   5.10, I reverted the changes in Emacs CVS in order to keep the
   upcoming Gnus release and Emacs in sync.

3) The changes broke allout.el's encryption features, and require a
   transition to ensure that allout and PGG can work correctly together
   without breakage.

4) We're trying to get Emacs to a releasable state, and introducing new
   features right now might not be the best idea, depending on how
   seriously you take the feature freeze.

At the moment, the plan is to let the new code mature in the Gnus trunk
(not the Emacs trunk), and then sync it back in Gnus' v5-10 branch and
the Emacs trunk once things have settled down.  I realize that part of
the problem is that PGG is maintained as a Gnus package in Gnus, and as
a general-purpose package in Emacs...

Hoping this clarifies the situation,

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: gpg-agent support removed?!

[Reiner Steib]

On Fri, Apr 07 2006, Sascha Wilde wrote:

>   2006-04-06  Romain Francoise  <romain@orebokech.com>
>
>          * pgg-gpg.el: Sync back with Gnus 5.10, reverting changes that add
>          symmetric encryption features and a new asynchronous interface to
>          GnuPG.  This new version is version 1.4, plus whitespace changes.
>
> why was that done?!  And why was it done without any discussion or
> even informing the people involved?!?

Let me try to summarize (CMIIW):

There were several unresolved serious problems¹ (including your
report) with the new code.  So for the upcoming release of Gnus 5.10.8
we (Simon and me) agreed to revert `pgg-gpg.el' in the stable Gnus
branch (v5-10).

Simon's advised on keeping the new code in the Gnus trunk, so I
followed his suggestion.  I didn't have a strong option on what is
best for the version² in Emacs CVS, so I didn't touch it.  IIRC Simon
didn't express an opinion concerning this version neither.  Probably
Romain thought that the problems with the new code are too serious
also for Emacs CVS.

After the Gnus 5.10.8 release (which should be this week-end unless
Lars needs to shift it) we can put the new code plus Daiki's fixes
posted today back in all three branches.

Bye, Reiner.

¹ Unresolved serious problems with the new code in `pgg-gpg.el':
  http://article.gmane.org/gmane.emacs.pretest.bugs/11591
  http://article.gmane.org/gmane.emacs.devel/52450
  http://article.gmane.org/gmane.emacs.gnus.general/62567
  
  Maybe more?  I don't remember exactly.

² Normally the version in Emacs CVS and Gnus stable (v5-10) are and
  should be synched (semi-)automatically by Miles Bader.  Because of
  the upcoming stable Gnus release, I asked Miles suspend it until
  Gnus 5.10.8 is released.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: gpg-agent support removed?!

[Sascha Wilde]

Romain Francoise <romain@orebokech.com> wrote:

> Sascha Wilde <wilde@sha-bang.de> writes:
>
>> And why was it done without any discussion or even informing the
>> people involved?!?
>
> Since PGG is historically a Gnus package, it was discussed on the ding
> mailing-list, which you obviously don't read...  :-)

That's true, so please CC me at any response.
(at least if it doesn't go too emacs-devel, too).

Thanks to everybody for summarizing the discussion.

May I suggest to revert the code to version 1.8 from GNU Emacs CVS instead?

This version includes my original agent support code and Reiners small
compatibility fix.

I would prefer this version because it:  
- allow using the agent
- but only if enabled explicitly by the user, so the default behavior
  is completely unchanged compared to the old code
- introduces only very few code changes, with no known bugs
- has none of the problems of Daikis code regarding robustness 
  or api changes 

IIRC this version was already discussed and accepted for 5.10.

cheers
sascha
-- 
Sascha Wilde
Well, *my* brain likes to think it's vastly more powerful than any
finite Turing machine but it hasn't proven that to me...
  -- Christopher Koppler in comp.lang.lisp

Re: gpg-agent support removed?!

[Daiki Ueno]

>>>>> In <v9lkuhd0mv.fsf@marauder.physik.uni-ulm.de> 
>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> ¹ Unresolved serious problems with the new code in `pgg-gpg.el':
>   http://article.gmane.org/gmane.emacs.pretest.bugs/11591

Sorry, I didn't read emacs-pretest-bug.  Thomas, could you tell me what
happened more precisely?  i.e. (setq debug-on-error t) and (setq
pgg-gpg-debug t)

>   http://article.gmane.org/gmane.emacs.devel/52450

I think this is fixed by the patch I posted some time ago.
http://article.gmane.org/gmane.emacs.gnus.general/62571

>   http://article.gmane.org/gmane.emacs.gnus.general/62567

I hope that this should be fixed in the right way, not in the way such
as just reversion.  So to say, this is a bug of *allout.el* and not of
PGG, I think.

Regards,
-- 
Daiki Ueno

Re: gpg-agent support removed?!

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

>>>>>> In <v9lkuhd0mv.fsf@marauder.physik.uni-ulm.de> 
>>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:

>>   http://article.gmane.org/gmane.emacs.devel/52450
>
> I think this is fixed by the patch I posted some time ago.
> http://article.gmane.org/gmane.emacs.gnus.general/62571

This sounds interesting -- where can I get this version for testing?

-- 
Sascha Wilde
We're Germans and we use Unix. That's a combination of two 
demographic groups known to have no sense of humour whatsoever.
  -- Hanno Mueller in de.comp.os.unix.programming

Re: gpg-agent support removed?!

[Daiki Ueno]

>>>>> In <m2lkuhcz2y.fsf@kenny.sha-bang.de> 
>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
> >>   http://article.gmane.org/gmane.emacs.devel/52450
> >
> > I think this is fixed by the patch I posted some time ago.
> > http://article.gmane.org/gmane.emacs.gnus.general/62571

> This sounds interesting -- where can I get this version for testing?

I put the tarball which contains the current pgg*.el at

http://www.unixuser.org/~ueno/pgg-20060407.tar.gz

Regards,
-- 
Daiki Ueno

Re: gpg-agent support removed?!

[Simon Josefsson]

> May I suggest to revert the code to version 1.8 from GNU Emacs CVS
> instead?
>
> This version includes my original agent support code and Reiners small
> compatibility fix.
>
> I would prefer this version because it:
> - allow using the agent
> - but only if enabled explicitly by the user, so the default behavior
>   is completely unchanged compared to the old code
> - introduces only very few code changes, with no known bugs
> - has none of the problems of Daikis code regarding robustness
>   or api changes
>
> IIRC this version was already discussed and accepted for 5.10.

I agree, we shouldn't revert more than Daiki's asynchronous stuff in
v5-10/Emacs CVS.

Re: gpg-agent support removed?!

[Reiner Steib]

[-- Attachment #1.1: Type: text/plain, Size: 1115 bytes --]

[ Reducing Cc list ]

On Fri, Apr 07 2006, Sascha Wilde wrote:

> Daiki Ueno <ueno@unixuser.org> wrote:
>
>>>>>>> In <v9lkuhd0mv.fsf@marauder.physik.uni-ulm.de> 
>>>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>
>>>   http://article.gmane.org/gmane.emacs.devel/52450
>>
>> I think this is fixed by the patch I posted some time ago.
>> http://article.gmane.org/gmane.emacs.gnus.general/62571

,----
| RCS file: /usr/local/cvsroot/gnus/lisp/pgg-gpg.el,v
| retrieving revision 7.22
| diff -u -r7.22 pgg-gpg.el
| --- lisp/pgg-gpg.el	5 Apr 2006 12:57:22 -0000	7.22
| +++ lisp/pgg-gpg.el	7 Apr 2006 08:07:26 -0000
`----

So this is a patch against the Gnus trunk (revision 7.22)

> This sounds interesting -- where can I get this version for testing?

$ cvs -d :pserver:gnus@cvs.gnus.org:/usr/local/cvsroot login
CVS password: gnus
$ cvs -d :pserver:gnus@cvs.gnus.org:/usr/local/cvsroot checkout gnus/lisp/pgg-gpg.el

(cf. http://www.gnus.org/distribution.html)

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: gpg-agent support removed?!

[Thomas Baumann]

GNU Emacs 22.0.50.1 (i686-suse-linux-gnu, X toolkit, Xaw3d scroll bars)
of 2006-04-05 on norvel

gpg (GnuPG) 1.4.2


Description:

I write an email to be signed.
From: Thomas Baumann <thomas.baumann@ch.tum.de>
To: tb
cc: 
Subject: sign
X-Mailer: MH-E 7.93+cvs; nmh 1.2; GNU Emacs 22.0.50.1
Reply-To: thomas.baumann@ch.tum.de
--------
<#secure method=pgpmime mode=sign sender=AE757F32>
Test

after C-cC-c emacs waits for something endlessly....

backtrace

Debugger entered--Lisp error: (quit)
  accept-process-output(#<process pgg-gpg<4>> 1)
  pgg-gpg-wait-for-status(#<process pgg-gpg<4>> ("BEGIN_SIGNING"))
  pgg-gpg-sign-region(1 7 nil nil)
  funcall(pgg-gpg-sign-region 1 7 nil nil)
  apply(funcall pgg-gpg-sign-region (1 7 nil nil))
  pgg-invoke("sign-region" gpg 1 7 nil nil)
  pgg-sign-region(1 7)
  mml2015-pgg-sign((part (sign . "pgpmime") (sender . "AE757F32") (tag-location . 173) (contents . "Test\n")))
  mml2015-sign((part (sign . "pgpmime") (sender . "AE757F32") (tag-location . 173) (contents . "Test\n")))
  mml-pgpmime-sign-buffer((part (sign . "pgpmime") (sender . "AE757F32") (tag-location . 173) (contents . "Test\n")))
  mml-generate-mime-1((part (sign . "pgpmime") (sender . "AE757F32") (tag-location . 173) (contents . "Test\n")))
  mml-generate-mime()
  message-encode-message-body()
  mml-to-mime()
  (condition-case err (mml-to-mime) (error (with-current-buffer buffer ... ... ...) (error ...)))
  (let ((saved-text ...) (buffer ...) (modified-flag ...)) (condition-case err (mml-to-mime) (error ... ...)))
  mh-mml-to-mime()
  mh-send-letter(nil)
  call-interactively(mh-send-letter)


Things are ok if I the following version of pgg-gpg.el

-rw-r--r--   1 tb users  13819 Feb 10 07:33 pgg-gpg.el


With todays cvs signing does work, but checking the signatures won't
work any more. 

open an email with signature
[mouse-1] on [[PGP Signed Part:Undecided]]

= everything between [[PGP Signed Part:Undecided]] and [[End of PGP
Signed Part]] disappears and there is no change to the buttons....

again this works with pgg-gpg from February...

Thomas

Re: gpg-agent support removed?!

[Daiki Ueno]

>>>>> In <25746.1144418743@norvel.baumann-gauting.site> 
>>>>>	Thomas Baumann <thomas.baumann@ch.tum.de> wrote:

Thanks for testing again, Thomas.

> Debugger entered--Lisp error: (quit)
>   accept-process-output(#<process pgg-gpg<4>> 1)
>   pgg-gpg-wait-for-status(#<process pgg-gpg<4>> ("BEGIN_SIGNING"))

Looks odd.  I think that the code which waits only for "BEGIN_SIGNING"
has not ever been incorporated in Gnus CVS.

> Things are ok if I the following version of pgg-gpg.el

> -rw-r--r--   1 tb users  13819 Feb 10 07:33 pgg-gpg.el

Could you tell me what version did you test the above?

Regards,
-- 
Daiki Ueno

Re: gpg-agent support removed?!

[Reiner Steib]

[ Reducing Cc list ]

On Fri, Apr 07 2006, Daiki Ueno wrote:

>>>>>> In <25746.1144418743@norvel.baumann-gauting.site> 
>>>>>>	Thomas Baumann <thomas.baumann@ch.tum.de> wrote:
>> Debugger entered--Lisp error: (quit)
>>   accept-process-output(#<process pgg-gpg<4>> 1)
>>   pgg-gpg-wait-for-status(#<process pgg-gpg<4>> ("BEGIN_SIGNING"))
>
> Looks odd.  I think that the code which waits only for "BEGIN_SIGNING"
> has not ever been incorporated in Gnus CVS.

| X-Mailer: MH-E 7.93+cvs; nmh 1.2; GNU Emacs 22.0.50.1

MH-E uses the MIME stuff from Gnus, but Thomas is using MH-E from
Emacs CVS.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: gpg-agent support removed?!

[Daiki Ueno]

>>>>> In <v97j61crtc.fsf@marauder.physik.uni-ulm.de> 
>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> >>>>>> In <25746.1144418743@norvel.baumann-gauting.site> 
> >>>>>>	Thomas Baumann <thomas.baumann@ch.tum.de> wrote:
> >> Debugger entered--Lisp error: (quit)
> >>   accept-process-output(#<process pgg-gpg<4>> 1)
> >>   pgg-gpg-wait-for-status(#<process pgg-gpg<4>> ("BEGIN_SIGNING"))
> >
> > Looks odd.  I think that the code which waits only for "BEGIN_SIGNING"
> > has not ever been incorporated in Gnus CVS.

> | X-Mailer: MH-E 7.93+cvs; nmh 1.2; GNU Emacs 22.0.50.1

> MH-E uses the MIME stuff from Gnus, but Thomas is using MH-E from
> Emacs CVS.

Did someone mistakenly installed the first BEGIN_SIGNING patch to Emacs
CVS, while it has not been commited in Gnus CVS?  Simon vetoed it
because it does _not_ work with the earlier GnuPG versions than 1.4.3.

http://article.gmane.org/gmane.emacs.gnus.general/62513
http://article.gmane.org/gmane.emacs.gnus.general/62514

Regards,
-- 
Daiki Ueno

Re: gpg-agent support removed?!

[Reiner Steib]

On Fri, Apr 07 2006, Simon Josefsson wrote:

>> May I suggest to revert the code to version 1.8 from GNU Emacs CVS
>> instead?
>>
>> This version includes my original agent support code and Reiners small
>> compatibility fix.
>>
>> I would prefer this version because it:
>> - allow using the agent
>> - but only if enabled explicitly by the user, so the default behavior
>>   is completely unchanged compared to the old code
>> - introduces only very few code changes, with no known bugs
>> - has none of the problems of Daikis code regarding robustness
>>   or api changes
>>
>> IIRC this version was already discussed and accepted for 5.10.
>
> I agree, we shouldn't revert more than Daiki's asynchronous stuff in
> v5-10/Emacs CVS.

Okay, I'll do this (revision 7.15 in Gnus).

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: gpg-agent support removed?!

[Reiner Steib]

On Fri, Apr 07 2006, Daiki Ueno wrote:

>>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
>> > Looks odd.  I think that the code which waits only for "BEGIN_SIGNING"
>> > has not ever been incorporated in Gnus CVS.
>
>> | X-Mailer: MH-E 7.93+cvs; nmh 1.2; GNU Emacs 22.0.50.1
>
>> MH-E uses the MIME stuff from Gnus, but Thomas is using MH-E from
>> Emacs CVS.
>
> Did someone mistakenly installed the first BEGIN_SIGNING patch to Emacs
> CVS, while it has not been commited in Gnus CVS?  

----------------------------
revision 1.13
date: 2006-04-05 11:00:11 +0000;  author: jas;  state: Exp;  lines: +2 -2
2006-04-05  Daiki Ueno  <ueno@unixuser.org>

	* pgg-gpg.el (pgg-gpg-encrypt-region, pgg-gpg-sign-region): Wait
	for BEGIN_SIGNING too, new in GnuPG 1.4.3.
----------------------------

> Simon vetoed it because it does _not_ work with the earlier GnuPG
> versions than 1.4.3.

AFAICS, Simon installed a modified version:

--8<---------------cut here---------------start------------->8---
--- pgg-gpg.el	4 Apr 2006 23:30:02 -0000	1.12
+++ pgg-gpg.el	5 Apr 2006 11:00:11 -0000	1.13
@@ -256,7 +256,7 @@
 					  (list pgg-gpg-user-id))))))))
 	 (process (pgg-gpg-start-process args)))
     (if (and sign (not pgg-gpg-use-agent))
-	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+	(pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion
@@ -303,7 +303,7 @@
 		  (if pgg-text-mode '("--textmode"))))
 	 (process (pgg-gpg-start-process args)))
     (unless pgg-gpg-use-agent
-      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
+      (pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
     (process-send-region process start end)
     (pgg-gpg-wait-for-completion process)
     (save-excursion
--8<---------------cut here---------------end--------------->8---

Thomas should update from CVS (I have reverted to revision 1.8,
i.e. before your asynchronous gpg call, after adding gpg-agent support
from Sascha) and check again, I think.  Or test your version.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: gpg-agent support removed?!

[Thomas Baumann]

Reiner Steib <reinersteib+gmane@imap.cc> wrote:

> On Fri, Apr 07 2006, Daiki Ueno wrote:
> 
> >>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> >> > Looks odd.  I think that the code which waits only for "BEGIN_SIGNING"
> >> > has not ever been incorporated in Gnus CVS.
> >
> >> | X-Mailer: MH-E 7.93+cvs; nmh 1.2; GNU Emacs 22.0.50.1
> >
> >> MH-E uses the MIME stuff from Gnus, but Thomas is using MH-E from
> >> Emacs CVS.
> >
> > Did someone mistakenly installed the first BEGIN_SIGNING patch to Emacs
> > CVS, while it has not been commited in Gnus CVS?  
> 
> ----------------------------
> revision 1.13
> date: 2006-04-05 11:00:11 +0000;  author: jas;  state: Exp;  lines: +2 -2
> 2006-04-05  Daiki Ueno  <ueno@unixuser.org>
> 
> 	* pgg-gpg.el (pgg-gpg-encrypt-region, pgg-gpg-sign-region): Wait
> 	for BEGIN_SIGNING too, new in GnuPG 1.4.3.
> ----------------------------
> 
> > Simon vetoed it because it does _not_ work with the earlier GnuPG
> > versions than 1.4.3.
> 
> AFAICS, Simon installed a modified version:
> 
> --8<---------------cut here---------------start------------->8---
> --- pgg-gpg.el	4 Apr 2006 23:30:02 -0000	1.12
> +++ pgg-gpg.el	5 Apr 2006 11:00:11 -0000	1.13
> @@ -256,7 +256,7 @@
>  					  (list pgg-gpg-user-id))))))))
>  	 (process (pgg-gpg-start-process args)))
>      (if (and sign (not pgg-gpg-use-agent))
> -	(pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
> +	(pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
>      (process-send-region process start end)
>      (pgg-gpg-wait-for-completion process)
>      (save-excursion
> @@ -303,7 +303,7 @@
>  		  (if pgg-text-mode '("--textmode"))))
>  	 (process (pgg-gpg-start-process args)))
>      (unless pgg-gpg-use-agent
> -      (pgg-gpg-wait-for-status process '("GOOD_PASSPHRASE")))
> +      (pgg-gpg-wait-for-status process '("BEGIN_SIGNING" "GOOD_PASSPHRASE")))
>      (process-send-region process start end)
>      (pgg-gpg-wait-for-completion process)
>      (save-excursion
> --8<---------------cut here---------------end--------------->8---
> 
> Thomas should update from CVS (I have reverted to revision 1.8,
> i.e. before your asynchronous gpg call, after adding gpg-agent support
> from Sascha) and check again, I think.  Or test your version.
> 
> Bye, Reiner.
> -- 
>        ,,,
>       (o o)
> ---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/
> 

Everything back to normal with this mornings CVS, at least for the
pgg-gpg.el, thanks

Thomas

Re: gpg-agent support removed?!

[Romain Francoise]

Sascha Wilde <wilde@sha-bang.de> writes:

> May I suggest to revert the code to version 1.8 from GNU Emacs CVS
> instead?

Reiner has now done that, in Gnus and Emacs.

-- 
Romain Francoise <romain@orebokech.com> | The sea! the sea! the open
it's a miracle -- http://orebokech.com/ | sea! The blue, the fresh, the
                                        | ever free! --Bryan W. Procter

Re: gpg-agent support removed?!

[Sascha Wilde]

Romain Francoise <romain@orebokech.com> wrote:

> Sascha Wilde <wilde@sha-bang.de> writes:
>
>> May I suggest to revert the code to version 1.8 from GNU Emacs CVS
>> instead?
>
> Reiner has now done that, in Gnus and Emacs.

Thanks.
sascha
-- 
Sascha Wilde
Nothing is fool-proof to a sufficiently talented fool.

Re: gpg-agent support removed?!

[Daiki Ueno]

>>>>> In <v9acaxw05w.fsf@marauder.physik.uni-ulm.de> 
>>>>>	Reiner Steib <reinersteib+gmane@imap.cc> wrote:
> AFAICS, Simon installed a modified version:

> --- pgg-gpg.el	4 Apr 2006 23:30:02 -0000	1.12
> +++ pgg-gpg.el	5 Apr 2006 11:00:11 -0000	1.13

This patch had a bug, and I posted the fix just after.  However, I don't
see the reason, Simon didn't commit the fix to Emacs CVS.

http://article.gmane.org/gmane.emacs.gnus.general/62522

So, this bug is fixed in the current PGG code

http://www.unixuser.org/~ueno/pgg-20060407.tar.gz

Thomas, could you test this?

Regards,
-- 
Daiki Ueno

Re: gpg-agent support removed?!

[Sascha Wilde]

Daiki Ueno <ueno@unixuser.org> wrote:

>>>>>> In <m2lkuhcz2y.fsf@kenny.sha-bang.de> 
>>>>>>	Sascha Wilde <wilde@sha-bang.de> wrote:
>> >>   http://article.gmane.org/gmane.emacs.devel/52450
>> >
>> > I think this is fixed by the patch I posted some time ago.
>> > http://article.gmane.org/gmane.emacs.gnus.general/62571
>
>> This sounds interesting -- where can I get this version for testing?
>
> I put the tarball which contains the current pgg*.el at
>
> http://www.unixuser.org/~ueno/pgg-20060407.tar.gz

Thanks.  I finally found the time to give it a try -- and it seems to
solve my problem.

cheers
sascha
-- 
Sascha Wilde  :  "I heard that if you play the Windows CD backward, you
              :  get a satanic message. But that's nothing compared to
              :  when you play it forward: It installs Windows...." 
              :  -- G. R. Gaudreau

Re: gpg-agent support removed?!

[Reiner Steib]

On Sun, Apr 09 2006, Sascha Wilde wrote:

> Daiki Ueno <ueno@unixuser.org> wrote:
>> I put the tarball which contains the current pgg*.el at
>>
>> http://www.unixuser.org/~ueno/pgg-20060407.tar.gz
>
> Thanks.  I finally found the time to give it a try -- and it seems to
> solve my problem.

Daiki, should this version be installed in Gnus trunk?  Could you
provide ChangeLog entries (compared to the version in Gnus CVS trunk),
please?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

PGG maintainance (was: gpg-agent support removed?!)

[Reiner Steib]

On Sat, Apr 08 2006, Daiki Ueno wrote:

>>>>>> In <87r7482tjt.fsf@pacem.orebokech.com> 
>>>>>>	Romain Francoise <romain@orebokech.com> wrote:
>> However, I think the Emacs trunk isn't the place to test them, at least
>> at the moment.
>
> Yes, I know.  However, I'm beginning to think that Gnus CVS is also not
> the right place to do this because PGG is now used by programs other
> than Gnus and I have no CVS write access to Gnus CVS.  Even for a tiny
> fix I have to explain the reason and wait for Simon to commit.

If you'd like to maintain pgg*.el in Gnus' repository, you could ask
Lars for write access.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: Please test current GPG features

[Simon Josefsson]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Wed, Apr 05 2006, Simon Josefsson wrote:
>
>> Why revert anything in the trunk?  The trunk is the experimental
>> branch after all.
>
> IIRC, all these changes were supposed to fix some bugs (smart cards,
> gpg-agent, multi-byte locales, ...).  It would be good to have the
> same bug fix level in Gnus 5.10.8 and No Gnus 0.4, IMHO.

Yes, naturally I agree to having the bug fixes on all branches.  But
some bugs could only be fixed by the rather large asynchronous
rewrite, and I believe that is a too large fix to have in v5-10 until
we have tested it more thoroughly, in the trunk.  What do you think?

(I'm still catching up on this thread after vacation, just ignore this
if it is irrelevant today.)

Re: Please test current GPG features

[Daiki Ueno]

>>>>> In <87d5fftg7m.fsf@latte.josefsson.org> 
>>>>>	Simon Josefsson <jas@extundo.com> wrote:
> Yes, naturally I agree to having the bug fixes on all branches.  But
> some bugs could only be fixed by the rather large asynchronous
> rewrite, and I believe that is a too large fix to have in v5-10 until
> we have tested it more thoroughly, in the trunk.  What do you think?

Now I think it should be better to revert the trunk as well.

> (I'm still catching up on this thread after vacation, just ignore this
> if it is irrelevant today.)

After the long long discussion, I found that it was difficult for me to
continue development of PGG in Gnus.  There are some reason (I'm not
a Gnus user, etc.)

That aside, I started development of yet another GnuPG interface for
Emacs, which provides GPA like user interface and GPGME like library
interface.

Now it basically works but has not been tested thoroughly.
The flash movie is at: http://couya.m17n.org/~ueno/out.html

I'll release the first version on April 29th.  If you would like to test
it, contact me privately.

P.S.
Please note that the new project is neither a fork or a
re-implementation of PGG.  It also provides a PGG backend.

Regards,
-- 
Daiki Ueno

Re: Please test current GPG features

[Simon Josefsson]

Daiki Ueno <ueno@unixuser.org> writes:

>>>>>> In <87d5fftg7m.fsf@latte.josefsson.org> 
>>>>>>	Simon Josefsson <jas@extundo.com> wrote:
>> Yes, naturally I agree to having the bug fixes on all branches.  But
>> some bugs could only be fixed by the rather large asynchronous
>> rewrite, and I believe that is a too large fix to have in v5-10 until
>> we have tested it more thoroughly, in the trunk.  What do you think?
>
> Now I think it should be better to revert the trunk as well.
>
>> (I'm still catching up on this thread after vacation, just ignore this
>> if it is irrelevant today.)
>
> After the long long discussion, I found that it was difficult for me to
> continue development of PGG in Gnus.  There are some reason (I'm not
> a Gnus user, etc.)

I think it would be very good if you had CVS write access to Gnus, and
can keep the trunk version of PGG in sync with your latest changes.
What do you think?

Is there another official PGG development site?  E.g., a CVS server?
We could set up Gnus trunk to sync it, so you don't have to commit
your changes to Gnus CVS too.

> That aside, I started development of yet another GnuPG interface for
> Emacs, which provides GPA like user interface and GPGME like library
> interface.

Cool!  This may enable S/MIME support easier too, I imagine, which is
something I have started working on a few times but never finished.

> Now it basically works but has not been tested thoroughly.
> The flash movie is at: http://couya.m17n.org/~ueno/out.html
>
> I'll release the first version on April 29th.  If you would like to test
> it, contact me privately.
>
> P.S.
> Please note that the new project is neither a fork or a
> re-implementation of PGG.  It also provides a PGG backend.

Excellent.