Is gpgme_set_passphrase_cb effectively deprecated?

Jeroen Ooms jeroen at berkeley.edu
Mon Jan 7 17:04:15 CET 2019


On Mon, Jan 7, 2019 at 10:47 AM Andre Heinecke <aheinecke at gnupg.org> wrote:
> > I was wondering if it is possible to update the
> > gpgme_set_passphrase_cb documentation on the current situation, which
> > versions of gnupg it is expected to work, under which
> > conditions/settings.
>
> Something else seems wrong in your setup / code. It should work for you.
> Maybe take a look at the gpgme log to see more about what happens.

OK it does work indeed, I realize my mistake now. First I assumed the
passphrase would be required when importing or exporting keys, as is
the case for ssh/PEM files. But I understand now that gpg will import
an encrypted gpg key; the passphrase is only needed when actually
using the key.

In addition, I was confused because gpg seems to be using ssh-agent to
cache keys? The passphrase callback function was not being invoked
because the unlocked key was cached apparently. I have never setup
gpg-agent on this machine, but I am running ssh-agent. Anyway I
cleared the cache:

  echo RELOADAGENT | gpg-connect-agent

And now I do get prompted for the passphrase when trying to sign with
the encrypted key!



More information about the Gnupg-devel mailing list