Re: gnome-keyring Gnome Keyring and gpg
- From: Stef Walter <stefw gnome org>
- To: "Neal H. Walfield" <neal walfield org>, gnome-keyring-list gnome org
- Cc: GnuPG Development List <gnupg-devel gnupg org>
- Subject: Re: gnome-keyring Gnome Keyring and gpg
- Date: Thu, 09 Apr 2015 08:56:09 +0200
On 08.04.2015 22:37, Neal H. Walfield wrote:
Hi,
I'd like to resume the discussion about GnuPG and Gnome Keyring. I
read the thread from last Auguest [1], but I couldn't find much more
information. Stef, could you please tell me exactly what Gnome
Keyring needs to do?
As I understand the issue, Gnome Keyring wants to cache the password
for the secret key. It seems to me that the easiest solution is to
direct GnuPG to use a special pinentry program that is Gnome Keyring
aware. Basically, gnupg invokes this program when it needs a
password. But, instead of immediately showing a dialog, it first
checks whether Gnome Keyring has cached the password. If not, it uses
a Gnome-themed dialog to prompt the user for the password. If the
password is accepted, it can then save it in the Gnome Keyring. I
suspect that this is much simpler than implementing a gpg-agent proxy.
Indeed. That seems like the best approach.
There's a GSoC proposal to do work on this over the Summer.
https://wiki.gnome.org/Outreach/SummerOfCode/2015/Ideas#Confirmed_Ideas
https://bugzilla.gnome.org/show_bug.cgi?id=742094
One thing that seems to be missing is getting a full keyid in the
pinentry for use when optionally storing the passphrase in
gnome-keyring. In theory one can "screen scrape" a short keyid this out
of the prompt message ... but that's pretty fragile.
So a bit of additional work to have gpg2 pass an Assuan OPTION with the
keyid or a unique identifier, if that's preferrable. The absence of
which would indicate that the passphrase does not belong to a stable
entity (like a key).
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]