[sup] gpg-agent issue

Discussion:

Valentin Reis

2015-03-17 12:49:19 UTC

Hello,

Sup asks for my gpg passphrase every time it has to encrypt, sign or
decrypt an e-mail, even though I am using gpg-agent.
When decrypting files sequentially using gpg or gpg2, gpg-agent is used,
and I have to provide the passphrase just once.

Here are the contents of my config files:

.gnupg/gpg.conf
keyserver hkp://keys.gnupg.net
use-agent

.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-curses

.sup/config.yaml
...
:accounts:
:default:
...
:gpgkey: 59EA13A1
...

No crypto hooks in .sup/hooks are in use.

gpg --list-keys
/home/fre/.gnupg/pubring.gpg
----------------------------
pub 2048R/59EA13A1 2014-04-28
uid Valentin Reis <***@gmail.com>
sub 2048R/C8DA9D35 2014-04-28
sub 2048R/4F728EEB 2014-04-28

It is a debian machine. Various apt-get output:
gnupg-agent is already the newest version.
libgpgme11 is already the newest version.
gnupg2 is already the newest version.

Cheers!
val

--
--
You received this message because you are subscribed to the Google Groups "The Sup email client" group.
To unsubscribe from this group and stop receiving emails from it, send an email to supmua+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/supmua/1426596032-sup-4861%40frex230.
For more options, visit https://groups.google.com/d/optout.

valentin.reis

2015-03-17 12:51:46 UTC

Permalink

In case this is not clear, I would like sup to use gpg-agent correctly, so
as not to have to enter my passphrase repeatedly.
Do any of you see something I'm doing wrong?
Thanks!

Post by Valentin Reis
Hello,
Sup asks for my gpg passphrase every time it has to encrypt, sign or
decrypt an e-mail, even though I am using gpg-agent.
When decrypting files sequentially using gpg or gpg2, gpg-agent is used,
and I have to provide the passphrase just once.
.gnupg/gpg.conf
keyserver hkp://keys.gnupg.net
use-agent
.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-curses
.sup/config.yaml
...
...
:gpgkey: 59EA13A1
...
No crypto hooks in .sup/hooks are in use.
gpg --list-keys
/home/fre/.gnupg/pubring.gpg
----------------------------
pub 2048R/59EA13A1 2014-04-28
sub 2048R/C8DA9D35 2014-04-28
sub 2048R/4F728EEB 2014-04-28
gnupg-agent is already the newest version.
libgpgme11 is already the newest version.
gnupg2 is already the newest version.
Cheers!
val
--

--
You received this message because you are subscribed to the Google Groups "The Sup email client" group.
To unsubscribe from this group and stop receiving emails from it, send an email to supmua+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/supmua/48037a62-3da5-4a29-bd79-6dd1feb61879%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Johannes Larsen

2015-03-17 13:31:08 UTC

Permalink

gpg-agent caches the passphrase for a limited time (a couple of hours if
remember correctly). to check if this is the problem try signing a file
(thereby providing gpg-agent with a passphrase) then start sup in the
same shell and check if its signs emails. the time gpg-agent caches the
passphrase can be changed with: (~/.gnupg/gpg-agent.conf)

max-cache-ttl <SECONDS>

if the passphrase caching is not the problem you might have initiated
gpg-agent insufficiently. this is what I source from ~/.bashrc to
initiate the gpg-agent or connect to a running gpg-agent:

if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
fi
gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info" --quiet &> /dev/null
export GPG_TTY=$(tty)

if you read `man gpg-agent` it mentions that exporting GPG_TTY is
important, so if you do not do this already, it might be a good place to
start.

--
johs (Johannes Larsen), (+47) 41435451
--
You received this message because you are subscribed to the Google Groups "The Sup email client" group.
To unsubscribe from this group and stop receiving emails from it, send an email to supmua+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/supmua/1426598955-sup-8868%40repos.
For more options, visit https://groups.google.com/d/optout.

Valentin Reis

2015-03-17 13:33:34 UTC

Permalink

Hi,
I just figured the same thing here :) Thanks for the fast answer.
Indeed, I started sup-mail using a separate script which does not export
the environment variable.
Thanks for the help.
Valentin

Post by Johannes Larsen
gpg-agent caches the passphrase for a limited time (a couple of hours if
remember correctly). to check if this is the problem try signing a file
(thereby providing gpg-agent with a passphrase) then start sup in the
same shell and check if its signs emails. the time gpg-agent caches the
passphrase can be changed with: (~/.gnupg/gpg-agent.conf)
max-cache-ttl <SECONDS>
if the passphrase caching is not the problem you might have initiated
gpg-agent insufficiently. this is what I source from ~/.bashrc to
if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
fi
gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info" --quiet &> /dev/null
export GPG_TTY=$(tty)
if you read `man gpg-agent` it mentions that exporting GPG_TTY is
important, so if you do not do this already, it might be a good place to
start.
--
johs (Johannes Larsen), (+47) 41435451

--
--
You received this message because you are subscribed to the Google Groups "The Sup email client" group.
To unsubscribe from this group and stop receiving emails from it, send an email to supmua+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/supmua/1426599142-sup-8830%40frex230.
For more options, visit https://groups.google.com/d/optout.