Eli Zaretskii writes: >> From: Arsen Arsenović >> Cc: 67937@debbugs.gnu.org >> Date: Wed, 20 Dec 2023 20:11:20 +0100 >> >> >> - emacs -Q >> >> - M-x epa-file-disable >> >> - M-: (auth-source-pass-get 'secret "something") >> >> >> >> You will see a GPG-encrypted data string. >> >> >> >> epa-file-disable should not break the auth-source. >> > >> > Please tell more about what you mean by "break". >> >> What I mean by that is 'You will see a GPG-encrypted data string'. The >> source returns an encrypted string rather than its contents. > > How can it decrypt the string when you disable decryption? What is > the replacement of epa-file that would decrypt the data string? Even with epa-disable, it could use epa-decrypt-region to decrypt the password from the file. For some context, I'll briefly summarize how password-store (pass) works: pass stores credentials as one line representing the secret and the rest being aux data (usually usernames and similar) in each file. One file represents one set of credentials, encrypted via PGP (an example filename is ~/.password-store/gentoo/gentoo.org/arsen@gentoo.org.gpg). To get a given password from a given password store entry, auth-source-pass needs to decrypt this file and get the first line of the decrypted contents. Currently, auth-source-pass relies on epa-file facilities to decrypt the password entries, but those do nothing after epa-file-disable. Instead, it should use something like epa-decrypt-region or such (sorry, not too familiar with EasyPG). AIUI, epa-file-disable disables *automatic* decryption, not all forms of decryption. To provide some more context, I noticed auth-source-pass preventing sending emails seemingly at random (by returning encrypted passwords rather than the actual passwords), then noticed that it seems to start working again following M-x epa-file-enable RET M-x auth-source-forget-all-cached RET, and then I managed to reproduce in a clean Emacs, then I filed this report. I'm still unsure why epa-file gets disabled on occasion, but whether it does or does not, auth-source-pass should either ensure its enabled or not rely on such a facility for reading passwords. Thanks again, have a lovely night. -- Arsen Arsenović