sendings passwords with gpg-agent? (was Re: gnupg1 still needed?)
Adam Milazzo
adam at adammil.net
Mon Jul 21 12:03:20 CEST 2008
[Whoops. Adding list.]
> Consider smart cards used on a
> terminal with a number pad. In this case, you really do not want the
> pin number to go through the application.
Yes, I agree.
> It is best to consider gpg2 with this use case in mind. Just forget
> about secret key handling and passphrases and such. They are not the
> business of applications any more with gpg2.
The main problem I have is that the gpg-agent UI sucks. For instance,
with symmetric decryption, it just says "Enter password", which leaves
the user wondering "which password??". They'll probably enter their
secret key password, which won't work. And they won't know why it didn't
work...
Second, there's no obvious way to cache the passwords, so the user would
think he has to to type them in for every file in a multi-file
operation, for instance.
And finally, unit tests for libraries that script GPG behind the scenes
can't be run automatically. The gpg-agent dialog pops up a hundred times
during the tests.
This would be a moot point if there was a GPG library, but the official
answer seems to be to script the GPG text-mode executable, which is made
harder by gpg-agent.
More information about the Gnupg-devel
mailing list