[PATCH 0/2] Prompting for the GPG password within Emacs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jul 7 16:08:22 PDT 2013


Hi Niel--

On 07/07/2013 07:14 AM, Neil Roberts wrote:

> I've recently started using notmuch to try and read PGP-encrypted
> email. However the trouble is I normally access my email remotely via
> SSH and it's very difficult to get gpg-agent to work in those
> circumstances. I've therefore made some patches to try and get Emacs
> to prompt for the password. They are based on the way mml communicates
> with gpg by having two pipes so that notmuch can notify Emacs that it
> needs a password and it will reply on the other.

I strongly encourage you to get the gpg-agent model sorted out for your
use case, instead of moving in the direction of this patch series.

The fewer tools that handle your OpenPGP passphrase the better, and
future versions of GnuPG will not be able to work without the gpg-agent
anyway (all secret key activity will be handled by the agent as of gnupg
version 2.1, if i understand upstream's development plans correctly).

I personally hope that notmuch (and notmuch-emacs) will resist the urge
to try to handle any sort of sensitive material like secret keys or
passphrases directly, but will leave that work to libraries or
out-of-process agents.

Can you describe what you've tried in terms of using gpg-agent?  where
are your secret keys stored?  are they on your local machine, or on the
remote machine?

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20130707/8b82fd79/attachment.pgp>


More information about the notmuch mailing list