Re: Notmuch, Emacs and pinentry -- oh my

Subject: Re: Notmuch, Emacs and pinentry -- oh my

Date: Tue, 12 Nov 2019 00:59:47 -0500

To: Ralph Seichter,


From: Daniel Kahn Gillmor

On Mon 2019-11-11 20:10:26 +0100, Ralph Seichter wrote:
> I tried that by setting GPG_TTY to a fixed terminal, but while this
> seemed to work on the first call, the second time I was prompted for a
> password it was echoed, in cleartext, to the terminal. Is there a better
> method to achieve what you proposed?

I don't fully understand the parameters of what you just posted here,
but my understanding is that Werner Koch (GnuPG upstream) expects
pinentry-tty or pinentry-curses to work in this dedicated terminal mode.

If you can post a full and clear description of what you did and how it
did not work as expected to as a bug report, and
point me to it, i am happy to try to make sure that report gets some
kind of reasonable resolution from upstream (even though i probably
don't have time to solve it myself).

Let me know if you can't get an account working to report a bug on that
system, i can probably grease the skids there too.

>> To be clear about your threat model here: [...]
> Barring break-ins, nobody but me is logging in on that particular
> server, so intercepting gpg-agent would be difficult. Access to the
> Notmuch index would not be any easier, unless somebody physically
> removed the hard drives.
> The lock/unlock operations to seems interesting, and, if it was based on
> strong encryption, I would feel more comfortable. Are you thinking of
> protecting just the index or the whole Maildir store? The latter would
> not work for me, because Dovecot needs to access the data, and if only
> the index is protected, I'd still need to decrypt messages within Emacs.

This hypothetical subcommand would just protect the index.

If the index is unlocked, and you're using:

   notmuch config set index.decrypt true

Then you will be able to read your mail without access to your long-term
secret key material because notmuch will stash a copy of the session key
for each message in the index, and decryption can happen with that
session key on its own.  please read the index.decrypt section of
notmuch-config(1) for more details.


signature.asc (application/pgp-signature)
notmuch mailing list