GNU bug report logs -
#15552
24.3.50; epa-file-cache-passphrase-for-symmetric-encryption not respected with GnuPG 2.x
Previous Next
Reported by: Teodor Zlatanov <tzz <at> lifelogs.com>
Date: Mon, 7 Oct 2013 17:58:01 UTC
Severity: normal
Tags: notabug
Found in version 24.3.50
Done: Daiki Ueno <ueno <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>>>>> 1. On the local system, install GnuPG 2.x and don't run the gpg-agent
>>>>> 2. Set epa-file-cache-passphrase-for-symmetric-encryption to t
>>>>> 3. Open file.gpg: password dialog pops up
>>>>> 4. close file.gpg
>>>>> 5. Open file.gpg: password dialog pops up again
>>>>> Step (5) should not prompt. It works properly with GnuPG 1.x.
> Still I'm confused: what kind of caching does
> epa-file-cache-passphrase-for-symmetric-encryption offer, then?
> From the docstring I got the impression that it would cache the
> passphrase in Emacs's heap, so gpg's own caching should be largely
> irrelevant (in the second session it will prompt for a password, which
> Emacs should provide from its own cache without prompting the user).
It used to work like that with gpg1. However, gpg2's implementation
choice is that it does not leak the indication that gpg2 (actually
gpg-agent) requires passphrase and it does not allow other tools than
pinentry to inject passphrase.
IMO that's a good idea for security (as pinentry uses secmem).
> Stefan "Also confused about what "symmetric" has to do with it"
Perhaps you could try the above recipe under gpg-agent is properly set up:
$ echo abc > file
$ gpg --symmetric file
$ eval `gpg-agent --daemon`
$ gpg2 < file.gpg
$ gpg2 < file.gpg
You won't be asked for the passphrase at the second time, because
gpg-agent remembers passphrase based on the file content.
This bug report was last modified 11 years and 229 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.