On 08.04.2015 22:37, Neal H. Walfield wrote: > Hi, > > I'd like to resume the discussion about GnuPG and Gnome Keyring. I > read the thread from last Auguest [1], but I couldn't find much more > information. Stef, could you please tell me exactly what Gnome > Keyring needs to do? > > As I understand the issue, Gnome Keyring wants to cache the password > for the secret key. It seems to me that the easiest solution is to > direct GnuPG to use a special pinentry program that is Gnome Keyring > aware. Basically, gnupg invokes this program when it needs a > password. But, instead of immediately showing a dialog, it first > checks whether Gnome Keyring has cached the password. If not, it uses > a Gnome-themed dialog to prompt the user for the password. If the > password is accepted, it can then save it in the Gnome Keyring. I > suspect that this is much simpler than implementing a gpg-agent proxy.
Indeed. That seems like the best approach. There's a GSoC proposal to do work on this over the Summer. https://wiki.gnome.org/Outreach/SummerOfCode/2015/Ideas#Confirmed_Ideas https://bugzilla.gnome.org/show_bug.cgi?id=742094 One thing that seems to be missing is getting a full keyid in the pinentry for use when optionally storing the passphrase in gnome-keyring. In theory one can "screen scrape" a short keyid this out of the prompt message ... but that's pretty fragile. So a bit of additional work to have gpg2 pass an Assuan OPTION with the keyid or a unique identifier, if that's preferrable. The absence of which would indicate that the passphrase does not belong to a stable entity (like a key). Cheers, Stef _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
