gnome-keyring Gnome Keyring and gpg
Neal H. Walfield
neal at walfield.org
Thu Apr 9 11:24:42 CEST 2015
Thanks for the quick reply.
At Thu, 09 Apr 2015 08:56:09 +0200,
Stef Walter wrote:
> On 08.04.2015 22:37, Neal H. Walfield wrote:
> > Hi,
> > I'd like to resume the discussion about GnuPG and Gnome Keyring. I
> > read the thread from last Auguest , but I couldn't find much more
> > information. Stef, could you please tell me exactly what Gnome
> > Keyring needs to do?
> > As I understand the issue, Gnome Keyring wants to cache the password
> > for the secret key. It seems to me that the easiest solution is to
> > direct GnuPG to use a special pinentry program that is Gnome Keyring
> > aware. Basically, gnupg invokes this program when it needs a
> > password. But, instead of immediately showing a dialog, it first
> > checks whether Gnome Keyring has cached the password. If not, it uses
> > a Gnome-themed dialog to prompt the user for the password. If the
> > password is accepted, it can then save it in the Gnome Keyring. I
> > suspect that this is much simpler than implementing a gpg-agent proxy.
> Indeed. That seems like the best approach.
Just to confirm explicitly: if we use a PIN entry program that
supports saving passwords in GKR, then GKR has no reason to proxy gpg
> There's a GSoC proposal to do work on this over the Summer.
That's good news.
> One thing that seems to be missing is getting a full keyid in the
> pinentry for use when optionally storing the passphrase in
> gnome-keyring. In theory one can "screen scrape" a short keyid this out
> of the prompt message ... but that's pretty fragile.
> So a bit of additional work to have gpg2 pass an Assuan OPTION with the
> keyid or a unique identifier, if that's preferrable. The absence of
> which would indicate that the passphrase does not belong to a stable
> entity (like a key).
I think this should not be a problem. I've filed a bug requesting
More information about the Gnupg-devel