Notmuch, Emacs and pinentry -- oh my

Ralph Seichter abbot at
Mon Nov 11 11:10:26 PST 2019

* Daniel Kahn Gillmor:

> Have you considered running gpg-agent in a dedicated terminal window,
> and handling the gpg-agent prompts from that window?

I tried that by setting GPG_TTY to a fixed terminal, but while this
seemed to work on the first call, the second time I was prompted for a
password it was echoed, in cleartext, to the terminal. Is there a better
method to achieve what you proposed?

> To be clear about your threat model here: [...]

Barring break-ins, nobody but me is logging in on that particular
server, so intercepting gpg-agent would be difficult. Access to the
Notmuch index would not be any easier, unless somebody physically
removed the hard drives.

The lock/unlock operations to seems interesting, and, if it was based on
strong encryption, I would feel more comfortable. Are you thinking of
protecting just the index or the whole Maildir store? The latter would
not work for me, because Dovecot needs to access the data, and if only
the index is protected, I'd still need to decrypt messages within Emacs.

Currently, decryption happens in whatever MUA I am using at that time,
i.e. mostly Notmuch/Emacs and alternatively Thunderbird/Enigmail.


More information about the notmuch mailing list