gpg + mailcrypt(emacs)?

[Brian Warner]

> > Has anyone modified mailcrypt to work with gpg?
> 
> Brian Warner is working on that.

Here's what I've got working so far:

 encryption
 making signatures
 verifying signatures
 insert-public-key
 snarf-keys

Here's what doesn't work:

 decryption

There are also lots of error cases that aren't handled very well: lack of trust
in particular. (part of the problem: I haven't yet figured out how to set up
my testing keys to create the chain of trust).

In trying to get decryption to work with gpg-0.3.4, I've run into a problem
resulting from the following comment (g10/g10.c:main()):

    if( argc )
	fname = *argv;
    else {
	fname = NULL;
	if( get_passphrase_fd() == 0 ) {
	    /* reading data and passphrase from stdin:
	     * we assume the first line is the passphrase, so
	     * we should read it now.
	     *
	     * We should do it here, but for now it is not needed.
	     * Anyway, this password scheme is not quite good
	     */
	}
    }

mailcrypt wants to send the passphrase in the same way that PGP did it,
invoking this exact case.

I agree that sending it over stdin is a bit ugly. Any ideas on how to do it
better? The ssh-agent idea is good, but I can see that turning into a huge
side project (you'd want to split the encryption so that the keys never had to
leave the agent, so then you could put the agent into a secure device [I'm
thinking a PalmPilot or Java iButton, I've seen discussions about it], you'd
need a gpg-agent remote protocol, etc, etc). A worthy side project, but a
non-trivial one.

Is there anything slightly more short-term that would be cleaner?

thanks,
 -Brian