unlock keychain with pam authentication

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Sep 29 16:28:17 CEST 2015


On Tue 2015-09-29 08:53:32 -0400, Andrew Gallagher <andrewg at andrewg.com> wrote:
> On 28/09/15 23:16, SGT. Garcia wrote:
>> On Mon, Sep 28, 2015 at 04:10:10PM -0400, Daniel Kahn Gillmor wrote:
>>> 
>>> Do you ever import keys that other people
>>> send you?  or keys you find on the web?  or keys attached to e-mail
>>> messages?  Are you sure the things imported can't include a secret key?
>> 
>> this is the first time i hear about *importing* to be honest. after reading, yes
>> just reading, your email a new key was added and on the next run of 'notmuch
>> new' i was asked for it by pinentry. i'm guessing mutt imports any key it finds
>> in attachments.
>
> Surely that 'feature' needs removing asap?

I'm surprised to hear that notmuch has this feature, and i haven't seen
it happen myself.  I'm one of the people who helped contribute to
notmuch's OpenPGP mechanisms.

This sounds like something to be raised on the notmuch mailing list,
though.

        --dkg



More information about the Gnupg-users mailing list