gnome keyring & gpg agent
Neal H. Walfield
neal at walfield.org
Fri Jun 5 04:30:21 CEST 2015
At Thu, 04 Jun 2015 22:14:25 -0400,
Daniel Kahn Gillmor wrote:
> >> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
> >> Maybe we need to offer them a patch. the goal here is just to disable
> >> gnome-keyring's gpg-agent proxy implementation by default, right?
> > That's correct. It should be sufficient to configure gnome keyring
> > with --disable-gpg-agent (but I haven't tested this).
> that would make it so that users who wanted to use gnome-keyring as the
> gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and
> who otherwise ignore the concerns Werner has raised about
> gnome-keyring's incomplete gpg-agent support) would be unable to do so.
> It's a more invasive change than just disabling the functionality as per
> runtime defaults.
> Then again, that might keep us from dealing with a lot of extra bug
> reports :)
I spoke with Stef (the maintainer of GNOME Keyring, cc'ed) and he
agrees that removing the proxy is the correct way forward.
The only reason that the proxy exists is to cache passwords.
pinentry-gnome3 does exactly that in a cleaner way. In other words:
it makes the proxy completely redundant.
A GSoC student is working on finishing the changes to GNOME Keyring
and pinentry-gnome3 (e.g., extending GCR to deal with all of GnuPG's
prompts). Nevertheless, the current pinentry version already more
complete than the proxy.
More information about the Gnupg-devel