subject:"Bug#775958\: claws\-mail\-pgpmime\: OpenPGP key generation prompts the user for passphrase unnecessarily"

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

2015-01-23 Thread Ricardo Mones

On Fri, 23 Jan 2015 10:11:31 -0500
Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 Hi Ricardo--
 
 Thanks for the quick response!

Hi, you're welcome! :)

 On Fri 2015-01-23 07:33:12 -0500, Ricardo Mones wrote:
  When you say because i'm using the gpg-agent […] does it mean that:
 
   a) you're simply using it, and expect Claws Mail to be able to found that
  fact by itself and do not ask for passwords
 
   b) you have also checked Use gpg-agent to manage passwords option in
  Claws Mail's preferences Plugins/GPG panel but is still asking for
  passwords  
 
 I guess i mean (a), because i don't see the option you describe.
 
 In the Claws Mail preferences dialog box's GPG pane, i see only the
 following:
 
 
 [claws-gpg-prefs.png  image/png (32033 bytes)] 
  
 
 -
 GPG
 ===
  Sign key:
   (*) Use default GnuPG key
   ( ) Select key by your email address
   ( ) Specify key manually
  { User or key ID: _ }
 
  [ Generate a new key pair ]
 -
 
 
 Am i missing something?  the only plugins i have loaded are:
 
   PGP/Core
   PGP/MIME

That's per-account GPG preferences. I was referring to the global GPG
plugin configuration :) see attached screenshot.

Mine is disabled because I don't have it running.

If you have agent running and the check is still disabled this is
because GPG_AGENT_INFO environment variable was not set by the agent
(see claws-mail manpage).

Has the gpg-agent experimental version you have changed that much?

regards,
-- 
 Ricardo Mones
 http://people.debian.org/~mones
 «Big book, big bore. -- Callimachus»


pgpaobd6943Hi.pgp
Description: OpenPGP digital signature

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

2015-01-23 Thread Daniel Kahn Gillmor

On Fri 2015-01-23 13:01:12 -0500, Ricardo Mones wrote:
 That's per-account GPG preferences. I was referring to the global GPG
 plugin configuration :) see attached screenshot.

ah, ok, thanks.  i don't think i knew about the difference -- i'm not a
regular claws-mail user.

 Mine is disabled because I don't have it running.

Mine is disabled too, but i do have it available :)

 If you have agent running and the check is still disabled this is
 because GPG_AGENT_INFO environment variable was not set by the agent
 (see claws-mail manpage).

right, in my test account, i didn't have $GPG_AGENT_INFO set because i
wasn't using a full X11 session startup, and because the newer gpg-agent 

 Has the gpg-agent experimental version you have changed that much?

Yes, it has!  as of gpg 2.1, the agent is launched automatically when
needed, and it uses the standard socket location of
$GNUPGHOME/S.gpg-agent (and in fact, the gpg process itself deliberately
doesn't handle the secret key material or passphrases at all, which is
great from a security perspective).

For backward compatibility, we're probably still going to continue
setting $GPG_AGENT_INFO anyway within the debian X11 session startup,
but that's not a good long-term solution.

Here's how i recommend that claws changes things (feel free to forward
this upstream if you think it's better dealt with there).  the basic
idea is that claws-mail should do everything it can to avoid handling
the user's passphrase:

 * check the version of gpg -- if it's 2.1 or later, *require* the use
   of the agent.

 * if it's before 2.1, and $GPG_AGENT_INFO is set, then enable the
   preference *and* make it default to checked.

 * if it's before 2.1 and $GPG_AGENT_INFO is not set, then enable the
   preference and make it default to unchecked.  If the user checks it,
   and tries to use gpg, and GPG_AGENT_INFO is still unset, present the
   user with a suggestion to either upgrade gpg (and the agent) to 2.1,
   or to ensure that gpg-agent is launched as part of their desktop
   session.

Thanks for talking this through here,

   --dkg


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

2015-01-23 Thread Daniel Kahn Gillmor

Hi Ricardo--

Thanks for the quick response!

On Fri 2015-01-23 07:33:12 -0500, Ricardo Mones wrote:
 When you say because i'm using the gpg-agent […] does it mean that:

  a) you're simply using it, and expect Claws Mail to be able to found that
 fact by itself and do not ask for passwords

  b) you have also checked Use gpg-agent to manage passwords option in
 Claws Mail's preferences Plugins/GPG panel but is still asking for
 passwords

I guess i mean (a), because i don't see the option you describe.

In the Claws Mail preferences dialog box's GPG pane, i see only the
following:


-
GPG
===
 Sign key:
  (*) Use default GnuPG key
  ( ) Select key by your email address
  ( ) Specify key manually
 { User or key ID: _ }

 [ Generate a new key pair ]
-


Am i missing something?  the only plugins i have loaded are:

  PGP/Core
  PGP/MIME


  --dkg


signature.asc
Description: PGP signature

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

2015-01-23 Thread Ricardo Mones

Control: tags -1 moreinfo

Hi Daniel,

On Wed, Jan 21, 2015 at 06:02:12PM -0500, Daniel Kahn Gillmor wrote:
 Package: claws-mail-pgpmime
 Version: 3.11.1-3
 Severity: normal
 
 I've got gpg 2.1 installed, from debian experimental.  I haven't
 tested the below with other versions of gpg.
 
 from the Preferences for current account dialog, I chose Plugins 
 GPG, and then clicked on Generate a new key pair.
 
 Claws prompted me (twice) for a new passphrase, and then invoked gpg,
 which started to generate a key.  however, gpg itself went ahead and
 prompted me via pinentry for a passphrase during key generation.
 
 because i'm using the gpg-agent, claws doesn't have to touch my
 passphrase at all.  This is a good thing!  but claws prompted me for
 my passphrase anyway.  This would be pretty confusing to a new user,
 being asked to enter their passphrase 4 times during key generation.

When you say because i'm using the gpg-agent […] does it mean that:

 a) you're simply using it, and expect Claws Mail to be able to found that
fact by itself and do not ask for passwords

 b) you have also checked Use gpg-agent to manage passwords option in
Claws Mail's preferences Plugins/GPG panel but is still asking for
passwords

best regards,
-- 
  Ricardo Mones 
  ~
  bash: ./signature: No such file or directory  /bin/bash



signature.asc
Description: Digital signature

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

2015-01-21 Thread Daniel Kahn Gillmor

Package: claws-mail-pgpmime
Version: 3.11.1-3
Severity: normal

I've got gpg 2.1 installed, from debian experimental.  I haven't
tested the below with other versions of gpg.

from the Preferences for current account dialog, I chose Plugins 
GPG, and then clicked on Generate a new key pair.

Claws prompted me (twice) for a new passphrase, and then invoked gpg,
which started to generate a key.  however, gpg itself went ahead and
prompted me via pinentry for a passphrase during key generation.

because i'm using the gpg-agent, claws doesn't have to touch my
passphrase at all.  This is a good thing!  but claws prompted me for
my passphrase anyway.  This would be pretty confusing to a new user,
being asked to enter their passphrase 4 times during key generation.

  --dkg

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages claws-mail-pgpmime depends on:
ii  claws-mail   3.11.1-3
ii  libarchive13 3.1.2-10
ii  libassuan0   2.1.2-2
ii  libatk1.0-0  2.14.0-1
ii  libc62.19-13
ii  libcairo21.14.0-2.1
ii  libdb5.3 5.3.28-7~deb8u1
ii  libenchant1c2a   1.6.0-10.1
ii  libetpan17   1.5-2
ii  libfontconfig1   2.11.0-6.3
ii  libfreetype6 2.5.2-2
ii  libgdk-pixbuf2.0-0   2.31.1-2+b1
ii  libglib2.0-0 2.42.1-1
ii  libgnutls-deb0-283.3.8-5
ii  libgpg-error01.17-3
ii  libgpgme11   1.5.1-6
ii  libgtk2.0-0  2.24.25-1
ii  liblockfile1 1.09-6
ii  libpango-1.0-0   1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-01.36.8-3
ii  libsasl2-2   2.1.26.dfsg1-12
ii  pinentry-gtk20.9.0-0.1
ii  zlib1g   1:1.2.8.dfsg-2+b1

claws-mail-pgpmime recommends no packages.

Versions of packages claws-mail-pgpmime suggests:
ii  gnupg-agent  2.1.1-1

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

Bug#775958: claws-mail-pgpmime: OpenPGP key generation prompts the user for passphrase unnecessarily

5 matches

Site Navigation

Mail list logo

Footer information