Notmuch, Emacs and pinentry -- oh my

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Nov 11 21:59:47 PST 2019


On Mon 2019-11-11 20:10:26 +0100, Ralph Seichter wrote:
> I tried that by setting GPG_TTY to a fixed terminal, but while this
> seemed to work on the first call, the second time I was prompted for a
> password it was echoed, in cleartext, to the terminal. Is there a better
> method to achieve what you proposed?

I don't fully understand the parameters of what you just posted here,
but my understanding is that Werner Koch (GnuPG upstream) expects
pinentry-tty or pinentry-curses to work in this dedicated terminal mode.

If you can post a full and clear description of what you did and how it
did not work as expected to https://dev.gnupg.org/ as a bug report, and
point me to it, i am happy to try to make sure that report gets some
kind of reasonable resolution from upstream (even though i probably
don't have time to solve it myself).

Let me know if you can't get an account working to report a bug on that
system, i can probably grease the skids there too.

>> To be clear about your threat model here: [...]
>
> Barring break-ins, nobody but me is logging in on that particular
> server, so intercepting gpg-agent would be difficult. Access to the
> Notmuch index would not be any easier, unless somebody physically
> removed the hard drives.
>
> The lock/unlock operations to seems interesting, and, if it was based on
> strong encryption, I would feel more comfortable. Are you thinking of
> protecting just the index or the whole Maildir store? The latter would
> not work for me, because Dovecot needs to access the data, and if only
> the index is protected, I'd still need to decrypt messages within Emacs.

This hypothetical subcommand would just protect the index.

If the index is unlocked, and you're using:

   notmuch config set index.decrypt true

Then you will be able to read your mail without access to your long-term
secret key material because notmuch will stash a copy of the session key
for each message in the index, and decryption can happen with that
session key on its own.  please read the index.decrypt section of
notmuch-config(1) for more details.

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20191112/cc753c7c/attachment.sig>


More information about the notmuch mailing list