Thoughts on GnuPG and automation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Feb 28 03:05:04 CET 2015
On Fri 2015-02-27 07:19:41 -0500, Bjarni Runar Einarsson <bre at pagekite.net> wrote:
> I think you misunderstood my complaint. I don't mind if the agent is a
> persistance daemon that provides GPG-related services, that's all well
> and good. It's good process separation and I have no problem with that.
> My gripe with the agent, is the agent is controlling the UI of
> authentication. This breaks Mailpile, and this is one of the key areas
> where GnuPG crosses the imaginary line between library/utility and
> "application". Fixing this was point 1. in my list of suggestions and
> explaining why it was necessary was the bulk of the post.
The only part of the UI that the agent controls is prompting the user
for use of the key, and passphrase entry upon unlock.
Why does this break mailpile? I prefer the agent to have separate UI
from the tool that uses the agent, because i want don't want tools that
use the agent to be able to mask the agent's UI.
I'm quite happy that enigmail (for example) appears to be dropping plans
for non-agent use of secret key material. this should be a simplifying
change, and it should make it easier for systems to integrate OS-level
prompting and feedback to the user independent of which application uses
the secret key store.
More information about the Gnupg-users