gpg 2.2 and epa

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

gpg 2.2 and epa

Richard Stallman
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

I tried installing gpg 2.2 some months ago, but Emacs master ceased to
recognize when it was asking for a password.  Has anyone had success
with this?

--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)



Reply | Threaded
Open this post in threaded view
|

gpg 2.2 and epa

Paul Eggert
Richard Stallman wrote:
> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
> recognize when it was asking for a password.  Has anyone had success
> with this?

Emacs master works for me on my Ubuntu 18.04.1 desktop, where "gpg --version"
reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.

Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is,
Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs.
On my desktop, when I am using Emacs and need a GPG passphrase, a window pops up
(I assume generated by the GPG agent), and the agent remembers the key.

If you want to continue to type the passphrase into Emacs, here is a relevant
20-message thread, dated 2016:

https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html

with the conclusion seeming to be "it's not worth the trouble".

Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Juri Linkov-2
In reply to this post by Richard Stallman
> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
> recognize when it was asking for a password.  Has anyone had success
> with this?

When I had the same problem, the only way to get out of this situation
was to manually decrypt a file from an old format, and encrypt it again
in a new format, e.g.

gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Óscar Fuentes
Juri Linkov <[hidden email]> writes:

>> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
>> recognize when it was asking for a password.  Has anyone had success
>> with this?
>
> When I had the same problem, the only way to get out of this situation
> was to manually decrypt a file from an old format, and encrypt it again
> in a new format, e.g.
>
> gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

Or put

ignore-mdc-error

in ~/.gnupg/gpg.conf

Emacs has nothing to do with this. It was a change on gnupg.


Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Eli Zaretskii
In reply to this post by Paul Eggert
> From: Paul Eggert <[hidden email]>
> Date: Sun, 2 Dec 2018 16:47:29 -0800
> Cc: [hidden email]
>
> If you want to continue to type the passphrase into Emacs, here is a relevant
> 20-message thread, dated 2016:
>
> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
>
> with the conclusion seeming to be "it's not worth the trouble".

NEWS.26 (or just NEWS if you use Emacs 26) has some text about this;
search for "gpg".  Maybe the information there will be useful as well
(I don't use gpg, so I have no idea).

Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Filipp Gunbin
In reply to this post by Paul Eggert
On 02/12/2018 16:47 -0800, Paul Eggert wrote:

> Richard Stallman wrote:
>> I tried installing gpg 2.2 some months ago, but Emacs master ceased to
>> recognize when it was asking for a password.  Has anyone had success
>> with this?
>
> Emacs master works for me on my Ubuntu 18.04.1 desktop, where "gpg --version"
> reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.
>
> Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is,
> Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs.
> On my desktop, when I am using Emacs and need a GPG passphrase, a window pops up
> (I assume generated by the GPG agent), and the agent remembers the key.
>
> If you want to continue to type the passphrase into Emacs, here is a relevant
> 20-message thread, dated 2016:
>
> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
>
> with the conclusion seeming to be "it's not worth the trouble".

With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
quering to Emacs.  This works ok in master.  No other settings should be
required for that.

Filipp

Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Richard Stallman
In reply to this post by Paul Eggert
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Emacs master (like Emacs 26.1) delegates password handling to gpg2. That is,
  > Emacs itself isn't responsible for reading passphrases; gpg2 does it for Emacs.

I should have added that I always use Emacs on a tty.
When gpg tries to read the password on a tty under Emacs,
it does not work: both programs try to read at once
and it is unpredictable which one gets each character.

With gpg 1, something in Emacs recognizes that it wants a password,
reads the password in Emacs, then passes it to gpg.  That method works.
But it doesn't seem to activate when using gpg 2.

Has anyone seen this problem?


--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)



Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Richard Stallman
In reply to this post by Juri Linkov-2
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > When I had the same problem, the only way to get out of this situation
  > was to manually decrypt a file from an old format, and encrypt it again
  > in a new format, e.g.

  > gpg --ignore-mdc-error --output file.txt --decrypt file.gpg

GPG 1 can decrypt all the files I receive, so I don't think my problem
has to do with a difference in format.  I think you must have had a
different problem.

--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)



Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Ted Zlatanov
In reply to this post by Filipp Gunbin
On Mon, 03 Dec 2018 18:17:59 +0300 Filipp Gunbin <[hidden email]> wrote:

FG> With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
FG> quering to Emacs.  This works ok in master.  No other settings should be
FG> required for that.

At least for me, that was insufficient. The GnuPG configuration (usually
~/.gnupg/gpg-agent.conf) needed this before the loopback worked:

allow-loopback-pinentry

HTH
Ted


Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Teemu Likonen-2
Ted Zlatanov [2018-12-31 16:21:19Z] wrote:

> On Mon, 03 Dec 2018 18:17:59 +0300 Filipp Gunbin <[hidden email]> wrote:
> FG> With (setq epg-pinentry-mode 'loopback), gpg redirects passphrase
> FG> quering to Emacs. This works ok in master. No other settings
> FG> should be required for that.
>
> At least for me, that was insufficient. The GnuPG configuration
> (usually ~/.gnupg/gpg-agent.conf) needed this before the loopback
> worked:
>
> allow-loopback-pinentry
"allow-loopback-pinentry" is the default, at least in gpg 2.1.18. I
believe it wasn't the default at first when the feature was introduced.

--
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Ted Zlatanov
On Mon, 31 Dec 2018 18:46:12 +0200 Teemu Likonen <[hidden email]> wrote:

TL> "allow-loopback-pinentry" is the default, at least in gpg 2.1.18. I
TL> believe it wasn't the default at first when the feature was introduced.

Ah, thanks for letting me know. I definitely needed it back then and
haven't kept up with the releases.

Ted

Reply | Threaded
Open this post in threaded view
|

Re: gpg 2.2 and epa

Colin Baxter
In reply to this post by Filipp Gunbin
Dear Filipp,

>>>>> Filipp Gunbin <[hidden email]> writes:

    Filipp> On 02/12/2018 16:47 -0800, Paul Eggert wrote:
    >> Richard Stallman wrote:
    >>> I tried installing gpg 2.2 some months ago, but Emacs master
    >>> ceased to recognize when it was asking for a password.  Has
    >>> anyone had success with this?
    >>
    >> Emacs master works for me on my Ubuntu 18.04.1 desktop, where
    >> "gpg --version" reports gpg (GnuPG) 2.2.4 with libgcrypt 1.8.1.
    >>
    >> Emacs master (like Emacs 26.1) delegates password handling to
    >> gpg2. That is, Emacs itself isn't responsible for reading
    >> passphrases; gpg2 does it for Emacs.  On my desktop, when I am
    >> using Emacs and need a GPG passphrase, a window pops up (I assume
    >> generated by the GPG agent), and the agent remembers the key.
    >>
    >> If you want to continue to type the passphrase into Emacs, here
    >> is a relevant 20-message thread, dated 2016:
    >>
    >> https://lists.gnu.org/archive/html/help-gnu-emacs/2016-02/msg00102.html
    >>
    >> with the conclusion seeming to be "it's not worth the trouble".

    Filipp> With (setq epg-pinentry-mode 'loopback), gpg redirects
    Filipp> passphrase quering to Emacs.  This works ok in master.  No
    Filipp> other settings should be required for that.

This works for emacs-27 even if you ssh in to a remote machine and
launch emacs from there. Thanks Filipp for this, I've found it very
useful.

Best wishes,

--
Colin Baxter
[hidden email]