Notes from the first OpenPGP Summit
Neal H. Walfield
neal at walfield.org
Tue Apr 28 16:06:59 CEST 2015
We've documented the problem at http://wiki.gnupg.org/GnomeKeyring .
At Tue, 28 Apr 2015 14:45:22 +0200,
Simon Josefsson wrote:
> Werner Koch <wk at gnupg.org> writes:
> > I appreciated the opportunity to meet the GPG Tools developers, who
> > are very dedicated to make GnuPG working well on OS X. I stressed the
> > importance to actively participate on the GnuPG mailing list to keep
> > information in sync. One example may illustrate this: For years the
> > adaption of GnuPG-2 on GNOME based systems has been hampered by the
> > fact that the gnome-keyring-manager (GKR) tries to emulate gpg-agent
> > and thus inhibits proper working of any advanced function of GnuPG
> > (e.g. smartcards and gpgsm). With Debian’s release of Jessie that
> > problem will even be worse due to other desktop environments now also
> > using GKR. Given that the GKR developers are not willing to change
> > their defaults, Neal, dkg, and me came up with a pragmatic solution
> > for this problem on Saturday morning.
> What is this solution?
> I am working around the bug in Jessie , but GKR's bug/design is a
> real pain if you want to convince others to start to use GnuPG with
> smartcards. I recently noticed that my fix doesn't even work on Ubuntu,
> so each OS need their own fix... :-(
The solution is to fix Gnome Keyring :). I've spoken with Stef, the
main developer of GKR, and he confirmed that the only reason GKR MITMs
GPG Agent is so that it can intercept prompts for the password to
supply any cached value. The solution is to enhance pinentry so that
if GKR is available it caches the password with GKR. This requires a
few modifications to GnuPG proper as well as enhancements to pinentry.
I'm working on this and it should be done shortly. The GPG Tools
people also need this functionality in GPG 2.0 so it will also be
backported. We hope to coordinate with Debian to get the fixed
versions of GPG and GKR in the next point release of Jessie.
More information about the Gnupg-users