Hi Stef, Thanks for the quick reply.
At Thu, 09 Apr 2015 08:56:09 +0200, Stef Walter wrote: > > On 08.04.2015 22:37, Neal H. Walfield wrote: > > Hi, > > > > I'd like to resume the discussion about GnuPG and Gnome Keyring. I > > read the thread from last Auguest [1], but I couldn't find much more > > information. Stef, could you please tell me exactly what Gnome > > Keyring needs to do? > > > > As I understand the issue, Gnome Keyring wants to cache the password > > for the secret key. It seems to me that the easiest solution is to > > direct GnuPG to use a special pinentry program that is Gnome Keyring > > aware. Basically, gnupg invokes this program when it needs a > > password. But, instead of immediately showing a dialog, it first > > checks whether Gnome Keyring has cached the password. If not, it uses > > a Gnome-themed dialog to prompt the user for the password. If the > > password is accepted, it can then save it in the Gnome Keyring. I > > suspect that this is much simpler than implementing a gpg-agent proxy. > > Indeed. That seems like the best approach. Just to confirm explicitly: if we use a PIN entry program that supports saving passwords in GKR, then GKR has no reason to proxy gpg agent. > There's a GSoC proposal to do work on this over the Summer. > > https://wiki.gnome.org/Outreach/SummerOfCode/2015/Ideas#Confirmed_Ideas > https://bugzilla.gnome.org/show_bug.cgi?id=742094 That's good news. > One thing that seems to be missing is getting a full keyid in the > pinentry for use when optionally storing the passphrase in > gnome-keyring. In theory one can "screen scrape" a short keyid this out > of the prompt message ... but that's pretty fragile. > > So a bit of additional work to have gpg2 pass an Assuan OPTION with the > keyid or a unique identifier, if that's preferrable. The absence of > which would indicate that the passphrase does not belong to a stable > entity (like a key). I think this should not be a problem. I've filed a bug requesting this feature: https://bugs.g10code.com/gnupg/issue1945 Neal _______________________________________________ gnome-keyring-list mailing list gnome-keyring-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
