Re: how to suppress warning about gpg-agent?

2010-03-08 Thread Alex Efros 
Hi!

On Mon, Mar 08, 2010 at 01:06:06PM +0100, Werner Koch wrote:
> FWIW, You should use public key encryption instead of symmetric only
> encryption.  This makes everything much easier.

I don't think so. Every project encrypt it backups with different
passwords (needed for security), and right now I can keep just several
dozens of passwords, but with public keys I'll need to keep several dozens
of .gnupg directories instead, which is harder to manage.

> A littel warning: gpg-agent is is a cornerstone of GnuPG-2.  You can't
> do much without it.  Today gpg2 might be usable without a running
> gpg-agent but with the current branch this will change: All secret key
> operations are then diverted to the agent.

I know. Right now it run gpg-agent in server mode and talk to it STDIN -
that's ok for my needs. I don't try to avoid running gpg-agent, I just
wanna suppress warning.

> In your case the agent is required to return the S2K count.  This values
> is computed only once because it takes some time can can't be done for
> each invcation.  To avoid this you may try option "--s2k-count N".  You
> can get a suitable value for N on your machine by running the command
> 
>   gpg-connect-agent 'getinfo s2k_count' /bye

Wow, it works! With this parameter gpg doesn't output that warning
anymore (and doesn't try to start gpg-agent).

I wonder what is physical sense of this number? Is it safe to hardcode one
number for all user accounts on same server (many servers)?

P.S. But I still think much more clear solution is just add option to
suppress warning message and let gpg start own copy of gpg-agent when it
need it.

-- 
WBR, Alex.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

how to suppress warning about gpg-agent?

2010-03-07 Thread Alex Efros 
Hi!

Looks like we need an option to suppress warning about gpg-agent.


> Long story:

I've a lot of projects (each has separate user account) which use gpg for
encrypting daily backups (from cron) in this way:

  gpg --batch --cipher-algo AES256 -c --passphrase-file PASSFILE BACKUP.tar

The problem is, after switching to gpg2 I start receiving a lot of emails
every day with same warning:

  "can't connect to `/home/USER/.gnupg/S.gpg-agent': No such file or directory"

I don't like to redirect STDERR output of gpg to /dev/null because I wanna
receive emails in case of problems with backup process. But I don't wanna
receive dozens of useless emails with this warning every day.

I don't like to run gpg-agent as a daemon on all these user accounts just
to suppress this warning message (and there may be additional issues to
make it accessible from cron scripts, too).

I can try to run gpg-agent from same cron script just before using gpg,
and then kill gpg-agent, but this may lead to race conditions in case
gpg-agent already started by that user for other needs.

Looks like there only two real solutions: implement pipe filter for gpg's
STDERR to strip just this message (ugly), and patch gpg to add an option
to suppress this warning.

P.S. I use Gentoo Linux and app-crypt/gnupg-2.0.14.

-- 
WBR, Alex.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users