GNU bug report logs - #15552
24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x

Previous Next

Package: emacs;

Reported by: Teodor Zlatanov <tzz <at> lifelogs.com>

Date: Mon, 7 Oct 2013 17:58:01 UTC

Severity: normal

Tags: notabug

Found in version 24.3.50

Done: Daiki Ueno <ueno <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: 15552 <at> debbugs.gnu.org
Cc: ueno <at> gnu.org
Subject: bug#15552: 24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x
Date: Mon, 07 Oct 2013 20:46:34 -0400

On Tue, 08 Oct 2013 08:41:40 +0900 Daiki Ueno <ueno <at> gnu.org> wrote: 

DU> tags 15552 notabug
DU> thanks

DU> Teodor Zlatanov <tzz <at> lifelogs.com> writes:

>> 1. On the local system, install GnuPG 2.x and don't run the gpg-agent
>> 2. Set epa-file-cache-passphrase-for-symmetric-encryption to t
>> 3. Open file.gpg: password dialog pops up
>> 4. close file.gpg
>> 5. Open file.gpg: password dialog pops up again
>> 
>> Step (5) should not prompt.  It works properly with GnuPG 1.x.

DU> That's intended behavior.  It is documented and I stated a number of
DU> times the reason and why I chose such a lengthy name of the variable and
DU> the default is nil:

DU> 1. Emacs heap is not so secure
DU> 2. Using Emacs for password input degrades the security

(please note I opened this at Stefan's request; I knew you wouldn't be
interested in resolving it)

I appreciate your concern for security, but the behavior is broken from
a user's perspective and you make no effort to help at the time the
issue occurs.  You could, for instance, check the GnuPG version and be
helpful.

At least fix the docstring and maybe emit a message to be helpful about
it.  There's no mention that it breaks with GnuPG 2.x:

epa-file-cache-passphrase-for-symmetric-encryption is a variable defined in `epa-file.el'.
Its value is t
Original value was nil

Documentation:
If non-nil, cache passphrase for symmetric encryption.

For security reasons, this option is turned off by default and
not recommended to use.  Instead, consider using public-key
encryption with gpg-agent which does the same job in a safer
way.

DU> You never hear or remember.

Right, thanks again.

Ted
This bug report was last modified 11 years and 229 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.