* org-passwords.el and encryption
@ 2016-03-12 10:50 Julien Cubizolles
2016-03-12 11:06 ` Eric S Fraga
0 siblings, 1 reply; 10+ messages in thread
From: Julien Cubizolles @ 2016-03-12 10:50 UTC (permalink / raw)
To: emacs-orgmode
I've recently started using org-passwords.el. I'm using symmetric
encryption for the gpg file where the passwords are stored. I've seen
mention of several ways to avoid typing the passphrase over and over in
one session: using gpg-agent or not... What would you recommend ?
Wilk.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-03-12 10:50 org-passwords.el and encryption Julien Cubizolles
@ 2016-03-12 11:06 ` Eric S Fraga
2016-03-14 5:07 ` Julien Cubizolles
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Eric S Fraga @ 2016-03-12 11:06 UTC (permalink / raw)
To: Julien Cubizolles; +Cc: emacs-orgmode
On Saturday, 12 Mar 2016 at 11:50, Julien Cubizolles wrote:
> I've recently started using org-passwords.el. I'm using symmetric
> encryption for the gpg file where the passwords are stored. I've seen
> mention of several ways to avoid typing the passphrase over and over in
> one session: using gpg-agent or not... What would you recommend ?
I use gpg-agent in conjunction with keychain. Generally works very
well.
--
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.91.1, Org release_8.3.4-626-gb62d55
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-03-12 11:06 ` Eric S Fraga
@ 2016-03-14 5:07 ` Julien Cubizolles
2016-04-27 9:57 ` Julien Cubizolles
[not found] ` <b73fb254715948c184bd36568dac3ac9@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
2 siblings, 0 replies; 10+ messages in thread
From: Julien Cubizolles @ 2016-03-14 5:07 UTC (permalink / raw)
To: emacs-orgmode
Eric S Fraga <e.fraga@ucl.ac.uk> writes:
> On Saturday, 12 Mar 2016 at 11:50, Julien Cubizolles wrote:
>> I've recently started using org-passwords.el. I'm using symmetric
>> encryption for the gpg file where the passwords are stored. I've seen
>> mention of several ways to avoid typing the passphrase over and over in
>> one session: using gpg-agent or not... What would you recommend ?
>
> I use gpg-agent in conjunction with keychain. Generally works very
> well.
I'll give it a try, thanks.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-03-12 11:06 ` Eric S Fraga
2016-03-14 5:07 ` Julien Cubizolles
@ 2016-04-27 9:57 ` Julien Cubizolles
[not found] ` <b73fb254715948c184bd36568dac3ac9@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
2 siblings, 0 replies; 10+ messages in thread
From: Julien Cubizolles @ 2016-04-27 9:57 UTC (permalink / raw)
To: emacs-orgmode, Eric S Fraga
Eric S Fraga <e.fraga@ucl.ac.uk> writes:
> I use gpg-agent in conjunction with keychain. Generally works very
> well.
I'm trying to set it up but I'm running into problems. Could you precise
a few details:
+ do you run keychain from your ~/.profile, and so how ? If I follow the
instructions at http://www.funtoo.org/Keychain, keychain can't start
in the login screen of the display manager (lightdm on Ubuntu in my
case)
+ do you use keychain to also manage ssh keys? If so does it use a
graphical tool to ask for your passphrase ?
+ how does emacs ask for the gpg passphrase: graphical (pinentry), emacsclient or
in a minibuffer ?
Thanks for you help.
Julien.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
[not found] ` <b73fb254715948c184bd36568dac3ac9@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
@ 2016-04-27 11:19 ` Eric S Fraga
2016-04-27 16:24 ` Julien Cubizolles
[not found] ` <5c0fae869af046c9bc65aeae572a7693@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
0 siblings, 2 replies; 10+ messages in thread
From: Eric S Fraga @ 2016-04-27 11:19 UTC (permalink / raw)
To: Julien Cubizolles; +Cc: emacs-orgmode@gnu.org
On Wednesday, 27 Apr 2016 at 09:57, Julien Cubizolles wrote:
> Eric S Fraga <e.fraga@ucl.ac.uk> writes:
>
>> I use gpg-agent in conjunction with keychain. Generally works very
>> well.
>
> I'm trying to set it up but I'm running into problems. Could you precise
> a few details:
>
> + do you run keychain from your ~/.profile, and so how ? If I follow the
> instructions at http://www.funtoo.org/Keychain, keychain can't start
> in the login screen of the display manager (lightdm on Ubuntu in my
> case)
I have keychain in both my .bash_profile (for when I log in in console
mode or remotely) and in my .xinitrc. The latter is used by lightdm but
only when you have selected a non-standard desktop environment (not sure
which setting but not one of gnome, kde, etc.). I use ratpoison...
> + do you use keychain to also manage ssh keys? If so does it use a
> graphical tool to ask for your passphrase ?
Yes. And yes: pinentry. I should say that keychain works without fault
for ssh but see below for gpg.
> + how does emacs ask for the gpg passphrase: graphical (pinentry), emacsclient or
> in a minibuffer ?
Sometimes, emacs will ask and usually does so in the minibuffer. I
cannot answer more precisely because although I am running Debian
testing on all of my systems, they all behave slightly differently when
it comes to ssh and gpg key management. I obviously do not have exactly
the same packages installed on all of my systems...
My keychain line in my .xinitrc is:
eval $(keychain --eval --agents ssh,gpg id_rsa gpgkey )
I think the gpgkey needs to be the subkey but I am not sure.
My .bash_profile has essentially the same.
HTH,
eric
--
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.92.1, Org release_8.3.4-655-g9fb077
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-04-27 11:19 ` Eric S Fraga
@ 2016-04-27 16:24 ` Julien Cubizolles
[not found] ` <5c0fae869af046c9bc65aeae572a7693@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
1 sibling, 0 replies; 10+ messages in thread
From: Julien Cubizolles @ 2016-04-27 16:24 UTC (permalink / raw)
To: emacs-orgmode@gnu.org, Eric S Fraga
Eric S Fraga <e.fraga@ucl.ac.uk> writes:
> I have keychain in both my .bash_profile (for when I log in in console
> mode or remotely)
there must be something wrong with my setup: keychain complains:
--8<---------------cut here---------------start------------->8---
* Adding 1 gpg key(s): 370D5DFF
* Error: Problem adding (is pinentry installed?); giving up
--8<---------------cut here---------------end--------------->8---
> eval $(keychain --eval --agents ssh,gpg id_rsa gpgkey )
I have the same here.
I think I'll give up with keychain for now, ssh-agent and gpg-agent are
automatically started when I log in, two passphrases per login are not
too annoying.
Thanks for your help.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
[not found] ` <5c0fae869af046c9bc65aeae572a7693@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
@ 2016-04-27 18:28 ` Eric S Fraga
2016-04-27 19:23 ` Julien Cubizolles
[not found] ` <2120266e262744119e766b3f19fd807c@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
0 siblings, 2 replies; 10+ messages in thread
From: Eric S Fraga @ 2016-04-27 18:28 UTC (permalink / raw)
To: Julien Cubizolles; +Cc: emacs-orgmode@gnu.org
On Wednesday, 27 Apr 2016 at 16:24, Julien Cubizolles wrote:
> there must be something wrong with my setup: keychain complains:
>
> * Adding 1 gpg key(s): 370D5DFF
> * Error: Problem adding (is pinentry installed?); giving up
Which version(s) of pinentry do you have installed? And is this error
from your .profile (i.e. console login) or from lightdm, or is it when
you try manually?
--
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.92.1, Org release_8.3.4-739-g789412
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-04-27 18:28 ` Eric S Fraga
@ 2016-04-27 19:23 ` Julien Cubizolles
[not found] ` <2120266e262744119e766b3f19fd807c@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
1 sibling, 0 replies; 10+ messages in thread
From: Julien Cubizolles @ 2016-04-27 19:23 UTC (permalink / raw)
To: emacs-orgmode@gnu.org, Eric S Fraga
Eric S Fraga <e.fraga@ucl.ac.uk> writes:
> On Wednesday, 27 Apr 2016 at 16:24, Julien Cubizolles wrote:
>> there must be something wrong with my setup: keychain complains:
>>
>> * Adding 1 gpg key(s): 370D5DFF
>> * Error: Problem adding (is pinentry installed?); giving up
>
> Which version(s) of pinentry do you have installed?
I have pinentry-gnome3, pinentry-curses, pinentry-tty, and I try with
all 3 of them, setup with update-alternatives. The error remains the
same.
> And is this error from your .profile (i.e. console login)
yes (from .bash_profile actually)
> or is it when you try manually?
also, running:
--8<---------------cut here---------------start------------->8---
keychain --eval --agents ssh,gpg id_rsa MYGPGKEY
--8<---------------cut here---------------end--------------->8---
in a non login shell.
Regards,
Julien.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
[not found] ` <2120266e262744119e766b3f19fd807c@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
@ 2016-04-28 7:34 ` Eric S Fraga
2016-04-28 20:57 ` Julien Cubizolles
0 siblings, 1 reply; 10+ messages in thread
From: Eric S Fraga @ 2016-04-28 7:34 UTC (permalink / raw)
To: Julien Cubizolles; +Cc: emacs-orgmode@gnu.org
On Wednesday, 27 Apr 2016 at 19:23, Julien Cubizolles wrote:
> also, running:
>
> keychain --eval --agents ssh,gpg id_rsa MYGPGKEY
>
> in a non login shell.
The only thing I can think of is that maybe you have not installed all
the relevant packages for the agents or that the permissions on the
various directories (.ssh, .gnupg) are incorrectly set?
Maybe ask on the bug system for keychain mentioned in the man page?
--
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.90.1, Org release_8.3.3-535-g7213aa
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: org-passwords.el and encryption
2016-04-28 7:34 ` Eric S Fraga
@ 2016-04-28 20:57 ` Julien Cubizolles
0 siblings, 0 replies; 10+ messages in thread
From: Julien Cubizolles @ 2016-04-28 20:57 UTC (permalink / raw)
To: emacs-orgmode@gnu.org, Eric S Fraga
Eric S Fraga <e.fraga@ucl.ac.uk> writes:
> On Wednesday, 27 Apr 2016 at 19:23, Julien Cubizolles wrote:
>> also, running:
>>
>> keychain --eval --agents ssh,gpg id_rsa MYGPGKEY
>>
>> in a non login shell.
>
> The only thing I can think of is that maybe you have not installed all
> the relevant packages for the agents or that the permissions on the
> various directories (.ssh, .gnupg) are incorrectly set?
Actually I noticed another weird behaviour: the problem disappears when
I log onto the machine via ssh from another one. The keychain commands
in the .bash_profile correctly activates ssh-agent and gpg-agent. I have
the same setup on two machines and login into 2 via ssh from 1 works
whereas login into 2 from 2 doesn't (and vice-versa). Maybe something
different in the environment variables. I'll investigate.
> Maybe ask on the bug system for keychain mentioned in the man page?
I will.
Regards,
Julien.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-04-28 20:58 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-12 10:50 org-passwords.el and encryption Julien Cubizolles
2016-03-12 11:06 ` Eric S Fraga
2016-03-14 5:07 ` Julien Cubizolles
2016-04-27 9:57 ` Julien Cubizolles
[not found] ` <b73fb254715948c184bd36568dac3ac9@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
2016-04-27 11:19 ` Eric S Fraga
2016-04-27 16:24 ` Julien Cubizolles
[not found] ` <5c0fae869af046c9bc65aeae572a7693@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
2016-04-27 18:28 ` Eric S Fraga
2016-04-27 19:23 ` Julien Cubizolles
[not found] ` <2120266e262744119e766b3f19fd807c@HE1PR01MB1898.eurprd01.prod.exchangelabs.com>
2016-04-28 7:34 ` Eric S Fraga
2016-04-28 20:57 ` Julien Cubizolles
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).