[Users] Unlocking GnuPG

Michael Rasmussen mir at miras.org
Mon Feb 6 08:26:47 CET 2017


Maybe your password is stored in the gnome session? 

On February 6, 2017 8:08:17 AM GMT+01:00, Johan Vromans <jvromans at squirrel.nl> wrote:
>On Sun, 5 Feb 2017 22:21:10 +0100, Johan Vromans <jvromans at squirrel.nl>
>wrote:
>
>> I assume it's my fault, but...
>
>In any case, it's not claws.
>
>> When I run gpg in a terminal window, it says that gpg-agent is not
>> available and asks for the passphrase. Good.
>
>Actually, there *is* a gpg-agent, and it is found by gpg2.
>I assume the claws plugin also uses gpg2, either directly or
>indirectly.
>
>> When I use claws to send a (GnuPG) signed e-mail, it does so without
>> asking for the gpg passphrase. I don't recall I ever instructed claws
>to
>> permanently store this passphrase. 
>
>Running gpg-agent with debugging reveals that it is contacted
>correctly.
>Then it invokes pinentry to ask for the passphrase. Much to my
>surprise,
>pinentry returns the desired information without popping up a dialog.
>So
>apparently it is cached by pinentry, or Gnome, or whatever.
>
>Still scary, especially since I haven't found a way to stop this (IMHO
>undesired) behaviour.
>
>-- Johan
>_______________________________________________
>Users mailing list
>Users at lists.claws-mail.org
>http://lists.claws-mail.org/cgi-bin/mailman/listinfo/users

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

----

This mail was virus scanned and spam checked before delivery.
This mail is also DKIM signed. See header dkim-signature.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20170206/6818b97a/attachment.html>


More information about the Users mailing list