Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily
On Fri, 23 Jan 2015 10:11:31 -0500 Daniel Kahn Gillmor d...@fifthhorseman.net wrote: Hi Ricardo-- Thanks for the quick response! Hi, you're welcome! :) On Fri 2015-01-23 07:33:12 -0500, Ricardo Mones wrote: When you say because i'm using the gpg-agent […] does it mean that: a) you're simply using it, and expect Claws Mail to be able to found that fact by itself and do not ask for passwords b) you have also checked Use gpg-agent to manage passwords option in Claws Mail's preferences Plugins/GPG panel but is still asking for passwords I guess i mean (a), because i don't see the option you describe. In the Claws Mail preferences dialog box's GPG pane, i see only the following: [claws-gpg-prefs.png image/png (32033 bytes)] - GPG === Sign key: (*) Use default GnuPG key ( ) Select key by your email address ( ) Specify key manually { User or key ID: _ } [ Generate a new key pair ] - Am i missing something? the only plugins i have loaded are: PGP/Core PGP/MIME That's per-account GPG preferences. I was referring to the global GPG plugin configuration :) see attached screenshot. Mine is disabled because I don't have it running. If you have agent running and the check is still disabled this is because GPG_AGENT_INFO environment variable was not set by the agent (see claws-mail manpage). Has the gpg-agent experimental version you have changed that much? regards, -- Ricardo Mones http://people.debian.org/~mones «Big book, big bore. -- Callimachus» pgpaobd6943Hi.pgp Description: OpenPGP digital signature
Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily
On Fri 2015-01-23 13:01:12 -0500, Ricardo Mones wrote: That's per-account GPG preferences. I was referring to the global GPG plugin configuration :) see attached screenshot. ah, ok, thanks. i don't think i knew about the difference -- i'm not a regular claws-mail user. Mine is disabled because I don't have it running. Mine is disabled too, but i do have it available :) If you have agent running and the check is still disabled this is because GPG_AGENT_INFO environment variable was not set by the agent (see claws-mail manpage). right, in my test account, i didn't have $GPG_AGENT_INFO set because i wasn't using a full X11 session startup, and because the newer gpg-agent Has the gpg-agent experimental version you have changed that much? Yes, it has! as of gpg 2.1, the agent is launched automatically when needed, and it uses the standard socket location of $GNUPGHOME/S.gpg-agent (and in fact, the gpg process itself deliberately doesn't handle the secret key material or passphrases at all, which is great from a security perspective). For backward compatibility, we're probably still going to continue setting $GPG_AGENT_INFO anyway within the debian X11 session startup, but that's not a good long-term solution. Here's how i recommend that claws changes things (feel free to forward this upstream if you think it's better dealt with there). the basic idea is that claws-mail should do everything it can to avoid handling the user's passphrase: * check the version of gpg -- if it's 2.1 or later, *require* the use of the agent. * if it's before 2.1, and $GPG_AGENT_INFO is set, then enable the preference *and* make it default to checked. * if it's before 2.1 and $GPG_AGENT_INFO is not set, then enable the preference and make it default to unchecked. If the user checks it, and tries to use gpg, and GPG_AGENT_INFO is still unset, present the user with a suggestion to either upgrade gpg (and the agent) to 2.1, or to ensure that gpg-agent is launched as part of their desktop session. Thanks for talking this through here, --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily
Hi Ricardo-- Thanks for the quick response! On Fri 2015-01-23 07:33:12 -0500, Ricardo Mones wrote: When you say because i'm using the gpg-agent […] does it mean that: a) you're simply using it, and expect Claws Mail to be able to found that fact by itself and do not ask for passwords b) you have also checked Use gpg-agent to manage passwords option in Claws Mail's preferences Plugins/GPG panel but is still asking for passwords I guess i mean (a), because i don't see the option you describe. In the Claws Mail preferences dialog box's GPG pane, i see only the following: - GPG === Sign key: (*) Use default GnuPG key ( ) Select key by your email address ( ) Specify key manually { User or key ID: _ } [ Generate a new key pair ] - Am i missing something? the only plugins i have loaded are: PGP/Core PGP/MIME --dkg signature.asc Description: PGP signature
Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily
Control: tags -1 moreinfo Hi Daniel, On Wed, Jan 21, 2015 at 06:02:12PM -0500, Daniel Kahn Gillmor wrote: Package: claws-mail-pgpmime Version: 3.11.1-3 Severity: normal I've got gpg 2.1 installed, from debian experimental. I haven't tested the below with other versions of gpg. from the Preferences for current account dialog, I chose Plugins GPG, and then clicked on Generate a new key pair. Claws prompted me (twice) for a new passphrase, and then invoked gpg, which started to generate a key. however, gpg itself went ahead and prompted me via pinentry for a passphrase during key generation. because i'm using the gpg-agent, claws doesn't have to touch my passphrase at all. This is a good thing! but claws prompted me for my passphrase anyway. This would be pretty confusing to a new user, being asked to enter their passphrase 4 times during key generation. When you say because i'm using the gpg-agent […] does it mean that: a) you're simply using it, and expect Claws Mail to be able to found that fact by itself and do not ask for passwords b) you have also checked Use gpg-agent to manage passwords option in Claws Mail's preferences Plugins/GPG panel but is still asking for passwords best regards, -- Ricardo Mones ~ bash: ./signature: No such file or directory /bin/bash signature.asc Description: Digital signature
Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily
Package: claws-mail-pgpmime Version: 3.11.1-3 Severity: normal I've got gpg 2.1 installed, from debian experimental. I haven't tested the below with other versions of gpg. from the Preferences for current account dialog, I chose Plugins GPG, and then clicked on Generate a new key pair. Claws prompted me (twice) for a new passphrase, and then invoked gpg, which started to generate a key. however, gpg itself went ahead and prompted me via pinentry for a passphrase during key generation. because i'm using the gpg-agent, claws doesn't have to touch my passphrase at all. This is a good thing! but claws prompted me for my passphrase anyway. This would be pretty confusing to a new user, being asked to enter their passphrase 4 times during key generation. --dkg -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages claws-mail-pgpmime depends on: ii claws-mail 3.11.1-3 ii libarchive13 3.1.2-10 ii libassuan0 2.1.2-2 ii libatk1.0-0 2.14.0-1 ii libc62.19-13 ii libcairo21.14.0-2.1 ii libdb5.3 5.3.28-7~deb8u1 ii libenchant1c2a 1.6.0-10.1 ii libetpan17 1.5-2 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgnutls-deb0-283.3.8-5 ii libgpg-error01.17-3 ii libgpgme11 1.5.1-6 ii libgtk2.0-0 2.24.25-1 ii liblockfile1 1.09-6 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii libsasl2-2 2.1.26.dfsg1-12 ii pinentry-gtk20.9.0-0.1 ii zlib1g 1:1.2.8.dfsg-2+b1 claws-mail-pgpmime recommends no packages. Versions of packages claws-mail-pgpmime suggests: ii gnupg-agent 2.1.1-1 -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org