[PATCH 0/2] Prompting for the GPG password within Emacs

Neil Roberts neil at linux.intel.com
Mon Jul 8 04:07:20 PDT 2013 

Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> The fewer tools that handle your OpenPGP passphrase the better, and
> future versions of GnuPG will not be able to work without the gpg-agent
> anyway (all secret key activity will be handled by the agent as of gnupg
> version 2.1, if i understand upstream's development plans correctly).

Ok, I didn't realise that GnuPG will be taking away for support for
directly prompting for passwords. I agree that using gpg-agent would be
better but this patch seemed to be simpler to get working in my use case
and it matches how mml currently handles it.

> Can you describe what you've tried in terms of using gpg-agent? where
> are your secret keys stored? are they on your local machine, or on the
> remote machine?

Both machines are trusted personal machines so I can put the keys on
either (or both). I think what would be ideal is if OpenSSH could
support gpg-agent forwarding like it does for ssh-agent. That way when
gpg needs a password it could prompt for it via GNOME Keyring on my
local machine. I thought about trying to patch OpenSSH but to be honest
I lost all motivation when I noticed that it is still maintained in CVS.
I found that someone else has made a patch to add support for forwarding
of arbitrary Unix domain sockets¹ but it is now out of date. I suppose
that could be used quite easily to do gpg-agent forwarding. I couldn't
find any feedback from any of the maintainers about why it isn't in the
main source code tree yet. It seems like quite a compelling feature. I'm
guessing (although I'm not sure) that it requires a change in the
protocol and presumably I would have to also compile the server from
source so it seemed like quite a lot of faff to start using that patch
and I opted for this simpler approach instead.

Regards,
- Neil

1. https://bugzilla.mindrot.org/show_bug.cgi?id=1256
---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

More information about the notmuch mailing list