GNU bug report logs -
#8791
23.3; EasyPG: pinentry in remote emacs session without X
Previous Next
Reported by: Roland Winkler <winkler <at> gnu.org>
Date: Fri, 3 Jun 2011 00:05:02 UTC
Severity: normal
Merged with 10011
Found in versions 23.3, 24.0.91
Done: Daiki Ueno <ueno <at> unixuser.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 8791 in the body.
You can then email your comments to 8791 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8791; Package
emacs.
(Fri, 03 Jun 2011 00:05:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Roland Winkler <winkler <at> gnu.org>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Fri, 03 Jun 2011 00:05:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
I am running emacs remotely as a child of gpg-agent, but with X
forwarding disabled. If I am trying to visit a gpg-encrypted file,
I simply get the error message
File exists, but cannot be read
and I get an empty buffer.
I expect that this is related to the fact that EasyPG does not run
pinentry (or: does not run pinentry properly) if X forwarding is
disabled. If I do enable X forwarding and I try to open a
gpg-encrypted file, a pinentry window pops up, asking me for the
passphrase. Then I can visit gpg-encrypted files as expected.
I would expect that with X forwarding disabled, emacs will ask for the
passphrase in the minibuffer. (I believe I got this behavior when I had
no pinentry program installed.)
In GNU Emacs 23.3.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.12.9)
of 2011-06-02 on lukas
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: C
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: en_GB.utf8
value of $LANG: en_US.ISO-8859-15
value of $XMODIFIERS: nil
locale-coding-system: iso-latin-9-unix
default enable-multibyte-characters: t
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8791; Package
emacs.
(Fri, 03 Jun 2011 04:21:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 8791 <at> debbugs.gnu.org (full text, mbox):
Roland Winkler <winkler <at> gnu.org> writes:
> I am running emacs remotely as a child of gpg-agent, but with X
> forwarding disabled. If I am trying to visit a gpg-encrypted file,
> I simply get the error message
>
> File exists, but cannot be read
>
> and I get an empty buffer.
>
> I would expect that with X forwarding disabled, emacs will ask for the
> passphrase in the minibuffer. (I believe I got this behavior when I had
> no pinentry program installed.)
Well I think pinentry should fallback to use curses in this case.
However it is not currently possible since there is no way to get the
tty where Emacs is running. See:
http://article.gmane.org/gmane.emacs.devel/96207
Regards,
--
Daiki Ueno
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8791; Package
emacs.
(Sat, 04 Jun 2011 02:19:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 8791 <at> debbugs.gnu.org (full text, mbox):
On Fri Jun 3 2011 Daiki Ueno wrote:
> Well I think pinentry should fallback to use curses in this case.
> However it is not currently possible since there is no way to get the
> tty where Emacs is running. See:
>
> http://article.gmane.org/gmane.emacs.devel/96207
I do not know much about the internals of gpg. I was wondering: for
gpg, is there anything similar to the ssh-add command, which could
serve as a fallback?
Roland
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8791; Package
emacs.
(Mon, 06 Jun 2011 01:47:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 8791 <at> debbugs.gnu.org (full text, mbox):
"Roland Winkler" <winkler <at> gnu.org> writes:
> On Fri Jun 3 2011 Daiki Ueno wrote:
>> Well I think pinentry should fallback to use curses in this case.
>> However it is not currently possible since there is no way to get the
>> tty where Emacs is running. See:
>>
>> http://article.gmane.org/gmane.emacs.devel/96207
>
> I do not know much about the internals of gpg. I was wondering: for
> gpg, is there anything similar to the ssh-add command, which could
> serve as a fallback?
I suspect that gpg command installed on your remote system is GPG2,
which is tightly coupled with gpg-agent (and thus pinentry) for secret
key operations by its design.
Assuming that, I could imagine a couple of (insecure) workarounds:
1. install both GPG1 and GPG2
2. keep using GPG2 and write a pinentry program which retrieves
passphrase via emacsclient.
Generally I'd recommend 1, since most distros provide both packages,
which can be installed with no conflict.
Regards,
--
Daiki Ueno
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#8791; Package
emacs.
(Mon, 06 Jun 2011 05:25:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 8791 <at> debbugs.gnu.org (full text, mbox):
On Mon Jun 6 2011 Daiki Ueno wrote:
> > I do not know much about the internals of gpg. I was wondering: for
> > gpg, is there anything similar to the ssh-add command, which could
> > serve as a fallback?
>
> I suspect that gpg command installed on your remote system is GPG2,
> which is tightly coupled with gpg-agent (and thus pinentry) for secret
> key operations by its design.
...So I assume from your reply that, first of all, gpg does not have
anything similar to shh-add which is a program the user runs in
order to talk to the ssh agent. But gpg is doing it the other way
round: it's always the gpg agent which runs pinentry to ask the user
for a password.
I do not quite understand what motivated the authors of gpg and ssh
to use these different strategies. Oh well...
Anyway: thanks for EasyPG!
Roland
Reply sent
to
Daiki Ueno <ueno <at> unixuser.org>:
You have taken responsibility.
(Mon, 06 Jun 2011 06:13:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Roland Winkler <winkler <at> gnu.org>:
bug acknowledged by developer.
(Mon, 06 Jun 2011 06:13:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 8791-done <at> debbugs.gnu.org (full text, mbox):
"Roland Winkler" <winkler <at> gnu.org> writes:
> ...So I assume from your reply that, first of all, gpg does not have
> anything similar to shh-add which is a program the user runs in
> order to talk to the ssh agent.
Ah, sorry, I misinterpreted your question - yes, there is:
gpg-preset-passphrase which is normally installed in /usr/libexec.
I'm not quite sure this is what you want as I seldom use that utility,
but anyway closing this bug for now.
> Anyway: thanks for EasyPG!
Welcome.
Regards,
--
Daiki Ueno
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 04 Jul 2011 11:24:04 GMT)
Full text and
rfc822 format available.
bug unarchived.
Request was from
Daiki Ueno <ueno <at> unixuser.org>
to
control <at> debbugs.gnu.org.
(Fri, 11 Nov 2011 01:13:02 GMT)
Full text and
rfc822 format available.
Forcibly Merged 8791 10011.
Request was from
Daiki Ueno <ueno <at> unixuser.org>
to
control <at> debbugs.gnu.org.
(Fri, 11 Nov 2011 01:13:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 13 Dec 2011 12:24:02 GMT)
Full text and
rfc822 format available.
This bug report was last modified 13 years and 196 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.