a few GPGME issues

Wichert Akkerman wichert at wiggy.net
Sun Apr 21 21:57:02 CEST 2002


Previously Marcus Brinkmann wrote:
> I think this will be addressed better by gpg-agent, which, as ssh-agent,
> can be run as a daemon and cache the passphrase.

Unfortunately gpg-agent is mention in a few places in the documentation
but has never been part of a proper release so I can't use that.

> The other way to get this information is to look at the result of the
> operation, if it is No_Passphrase, you know that there has not been a useful
> passphrase supplied by the user.  This information is not made available to
> you at the time you would like to have it (when the passphrase callback is
> called for clean up), but the whole passphrase callback is a bit of a hack
> anyway, compared with gpg-agent.

That information is at the wrong abstraction layer currently so while I
can use that it would result in less clean code than my current hack
(which seems to hit a bug in gpgme but I'll post about that seperately :)

> Ah, good question.  It does indeed copy the data.

Bugger, that means that for now I'm going to have to resort to calling
gnupg and using the command-fd and passphrase-fd stuff myself :(

> Another reason to use gpg-agent.

So release it already :)

> In fact, it is not nice that it is doing that, but it seems to be
> difficult to avoid given the current command handler interface.

Another approach would be to expose a file descriptor from GPGME where
I can write the passphrase to from the callback. That would actually
be even better since it means I can implement my own gpg-agent like
thing (which I actually already have).

> Mmmh, ok.  It would be convenient to have the set function return the old
> value, supposing that this is good enough for you.  But as there are two
> values to give back this doesn't work too well anyway.  I suppose
> 
> void gpgme_get_passphrase_cb (GpgmeCtx ctx, GpgmePassphraseCb *cb, void **hook)
> 
> will do the job for you (resp for progress meter)?

That would be fine.

> Mmh, yeah, point taken.  However, I would like to discuss the future of the
> passphrase interface with Werner first, in case it is going to be phased out
> entirely in favor for gpg-agent.  Changing this requires adding a new
> Passphrase callback type, and new set/get functions for them.  Or changing
> the existing type of course, which would be an ABI change.

Speaking of ABI and text-data: can you explain the reason for returning
data in XML format instead of structs? I can understand it makes the ABI
more stable, but it also means that an application will have to include
an XML parser to get information about something that happens inside the
same binary. It makes things awkwards and feels like misuse of XML.

Wichert.

-- 
  _________________________________________________________________
 /wichert at wiggy.net         This space intentionally left occupied \
| wichert at deephackmode.org            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |




More information about the Gnupg-devel mailing list