Re: gnome-keyring Gnome-keyring and GPG 2.1.0

[Stef Walter <stefw gnome org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04.12.2014 23:13, Stef Walter wrote:
> We really need to rather solve the issue of using the real
> gpg-agent instead of gnome-keyring's agent. gnome-keyring's agent
> doesn't implement various features that gnupg's 2.x has grown to
> require.
>
> Unfortunately gnupg's agent doesn't implement the features that
> GNOME needs (yet?) such as shell based logins, and the optional
> ability to save a password for automatic unlocking.
>
> I haven't had time to work on this. But when either I or someone
> else does, we should put our work in this direction instead.

As a follow up: In order for such a pinentry to replace
gnome-keyring's gpg-agent it would need to replace the following features:

 * GnuPG prompts should happen via gnome-shell when GNOME 3 is running
 * Optionally allow saving the key password in the gnome-keyring
   password keyring.

For implementing a pinentry to replace the gnome-keyring gpg-agent you
would need to:

 * Use the Gcr prompting API so that gnome-shell prompts happen, with an
   automatic fallback to GTK prompts:

   https://developer.gnome.org/gcr/stable/GcrSystemPrompt.html
   https://developer.gnome.org/gcr/stable/GcrPrompt.html

 * Ensure that gnupg sends the keyid to pinentry programs either via an
   environment variable or via the assuan interface.

 * Implement optional automatic saving of using this API:


https://developer.gnome.org/libsecret/0.18/libsecret-Password-storage.html

I would love to help anyone get started with this, and provide any
further advice, code review, etc.

Stef
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSBRIwACgkQe/sRCNknZa8TMwCgwPC4bYfwN4Q7McVS+r7hn+lw
UXEAoJIQyWZYh+n7vN92Agc9kR8zJ6bf
=UFBs
-----END PGP SIGNATURE-----