gpg-agent with gpg4win 1.9.0

Patrick Brunschwig patrick at mozilla-enigmail.org
Tue May 20 13:51:38 CEST 2008 

Marcus Brinkmann wrote:
> At Mon, 19 May 2008 18:10:24 +0200,
> Patrick Brunschwig <patrick at mozilla-enigmail.org> wrote:
>> Hello,
>>
>> I am assessing gpg4win 1.9.0 in order to prepare for supporting gpg2 in
>> Enigmail on Windows, once gpg4win v2.0 will officially be released.
>>
>> Now I have found that gpg-agent on Windows doesn't detach when started
>> with --daemon.
>>
>> Is this something that will be fixed, or am I missing something?
> 
> You mean if invoked from the command line, right?  The way this works

Almost ... I wouldn't care too much about the command line, but I have
the same problem if I start gpg-agent from Enigmail.

> in Windows for us is that the process invoking the agent starts the
> process in detached mode.  I don't understand every detail about
> process execution under Windows.  Maybe it is possible for the
> gpg-agent to do it as well, or maybe there would need to be hints in
> the gpg-agent.exe file to instruct the console to do it (but note that
> we don't want the console to always detach it, as gpg-agent can be
> usefully invoked on the command line).  The way we do it is that all
> tools that start the agent in daemon mode use something like
> gnupg_spawn_process_detached which sets the DETACHED_PROCESS and
> CREATE_NEW_PROCESS_GROUP flags in CreateProcess.

OK, I'll have to check how it's invoked.

> If you have a particular suggestion how invoking gpg-agent --daemon
> from the command line can be improved, please let us know.

Ideally, things would work in the same way on Unix and Windows, i.e. if
--no-detach is provided gpg-agent would start as today and if just
--daemon is provided the daemon would detach itself. However, I don't
know if that's easily possible on Windows.

> In general, you can just let gpg/gpgsm etc take care of starting
> gpg-agent on demand.  There are a couple of corner cases where a
> gpg-agent is not started on demand yet (the protect tool for P12 comes
> to mind), but we will have to fix them.  Users of gpg or gpgsm need
> not be concerned about gpg-agent.

Right, I also noticed this today :-) The reason for me to start
gpg-agent from Enigmail was to ensure that the agent really works and
that Enigmail doesn't need to ask for passphrases. Probably on Windows
I'll just let gpg2 handle gpg-agent and assume that the agent will just
always work.

-Patrick

More information about the Gnupg-devel mailing list