You are not logged in.
- Topics: Active | Unanswered
#1 2015-03-06 14:12:26
- Gerd093
- Member
- Registered: 2015-03-06
- Posts: 12
gpg and seahorse keyring password promt
When running an application that requires a password on a gnome environment (e.g. for evolution) a window appears and ask for the password, allowing to save the password in the keyring managed by seahorse.
In the past this also happened if one were to enter the password to unlock a pgp key, (either for an application or on the terminal)
However since approximately 09/2014 my system stopped using the pgp passwords saved in the keyring. (For evolution it still works)
Also there is no longer any possibility to save the entered password in the keyring (the window does not appear anymore)
This is also the case for newly installed systems so it does not seem to be related to my setup.
Thank you for any help
Last edited by Gerd093 (2015-03-06 14:12:43)
Offline
#2 2015-03-06 19:46:29
- Foucault
- Member
- From: Athens, Greece
- Registered: 2010-04-06
- Posts: 214
Re: gpg and seahorse keyring password promt
The gpg agent implementation of gnome-keyring ranges from buggy to totally broken, so gnupg intentionally bypasses seahorse by ignoring the GPG_AGENT_INFO (which gnome-keyring sets) environment variable.
Offline
#3 2015-03-07 12:45:45
- Gerd093
- Member
- Registered: 2015-03-06
- Posts: 12
Re: gpg and seahorse keyring password promt
So how can I fix this?
Last edited by Gerd093 (2015-03-07 12:45:53)
Offline
#4 2015-03-08 23:52:03
- Foucault
- Member
- From: Athens, Greece
- Registered: 2010-04-06
- Posts: 214
Re: gpg and seahorse keyring password promt
As long as upstream does not provide a solution to the problem, I don't believe there's much that can be done. You'll have to use the default pinentry/gpg-agent that gnupg provides.
Offline
#5 2015-03-09 00:06:48
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,280
Re: gpg and seahorse keyring password promt
It should be possible to read GPG_AGENT_INFO in a startup script and create a symlink to the socket in the default location I think.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#6 2015-03-09 09:30:56
- Foucault
- Member
- From: Athens, Greece
- Registered: 2010-04-06
- Posts: 214
Re: gpg and seahorse keyring password promt
Yes, it would be possible to remove the ~/.gnupg/S.gpg-agent socket and link it to the $GPG_AGENT_INFO, it's usually something like /run/user/<UID>/keyring/gpg:0:1. Not sure about the security implications though.
Offline
#7 2015-03-09 14:30:37
- Gerd093
- Member
- Registered: 2015-03-06
- Posts: 12
Re: gpg and seahorse keyring password promt
... You'll have to use the default pinentry/gpg-agent that gnupg provides.
Without any possibility of using a password safe, correct?
Yes, it would be possible to remove the ~/.gnupg/S.gpg-agent socket and link it to the $GPG_AGENT_INFO, it's usually something like /run/user/<UID>/keyring/gpg:0:1. Not sure about the security implications though.
Simply "ln -s /run/user/<UID>/keyring/gpg ~/.gnupg/S.gpg-agent " will do the trick right?
Can anyone give a statement about possible security risks?
Offline