From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Barton Subject: The Answer to Life the Universe and Caching Your Passwords (it's not,42). Date: Fri, 11 Mar 2011 17:03:46 +0000 Message-ID: <4D7A55F2.4040801@manor-farm.org> Reply-To: lists@manor-farm.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from [140.186.70.92] (port=50466 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Py5l8-0001M2-Mo for emacs-orgmode@gnu.org; Fri, 11 Mar 2011 12:04:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Py5l4-0005md-5q for emacs-orgmode@gnu.org; Fri, 11 Mar 2011 12:04:11 -0500 Received: from mail.ian-barton.com ([109.74.196.44]:56049 helo=li40-130.members.linode.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Py5l3-0005jg-V6 for emacs-orgmode@gnu.org; Fri, 11 Mar 2011 12:04:10 -0500 Received: from localhost (mail.wilkesley.org [127.0.0.1]) by li40-130.members.linode.com (Postfix) with ESMTP id D06C5A064 for ; Fri, 11 Mar 2011 17:03:47 +0000 (UTC) Received: from li40-130.members.linode.com ([127.0.0.1]) by localhost (mail.manor-farm.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abiyV62YN8V8 for ; Fri, 11 Mar 2011 17:03:47 +0000 (UTC) Received: from mail.wilkesley.net (unknown [217.146.125.41]) by li40-130.members.linode.com (Postfix) with ESMTP id 98056A056 for ; Fri, 11 Mar 2011 17:03:47 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.wilkesley.net (Postfix) with ESMTP id C445811E1C for ; Fri, 11 Mar 2011 17:07:50 +0000 (GMT) Received: from mail.wilkesley.net ([127.0.0.1]) by localhost (mail.bantercat.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NSsPhcCb+JEV for ; Fri, 11 Mar 2011 17:07:50 +0000 (GMT) Received: from [192.168.0.133] (scamper.bantercat.co.uk [192.168.0.133]) by mail.wilkesley.net (Postfix) with ESMTPSA id 9CE9311E0D for ; Fri, 11 Mar 2011 17:07:50 +0000 (GMT) List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Emacs Org mode mailing list A light hearted look at getting Emacs to cache your encryption passwords. Today I decided to try out the git version of gnus. After cloning the repo and setting my .emacs to load gnus, I was prompted to enter the details for my various email accounts, currently stored in my .authinfo file. Gnus then saved these in a .authinfo.gpg file, which astute reader may realize is a gpg encrypted file. "Good", I thought that makes my system a bit more secure. Gnus then prompted me for the pas phrase for my .authinfo.gpg file for each of my accounts. When you have three or more accounts repeated typing "Richard Stallman has a very long beard" gets a bit repetitive. Less patient users may change their password to "gnus", "1234", or some other four letter word not suitable for the eyes of emacs org-mode readers. After perusing various Emacs mailing lists, which had various answers, many from denizens of this list; I worked out the gnus was using symmetric encryption. I added (setq epa-file-cache-passphrase-for-symmetric-encryption t), but still no joy. Finally I found I needed to add (setenv "GPG_AGENT_INFO" nil). Joy of joys I only had to type "Richard Stallman..." once. I went and had a cup of tea. When I got back I needed to open the org gpg file with all my passwords. I was prompted for my password. Since I had only opened the file a few minutes previously and gnupg-agent normally cached my passwords for a couple of hours, I was surprised. Further investigation revealed what many readers already know that setenv "GPG_AGENT_INFO" nil had disabled gnupg-agent. My password file is encrypted using public key encryption, not symmetric encryption, so I couldn't have password caching enabled for both types of encryption. I had to choose between typing in "Richard Stallman has a very long beard" or "Wilkesley cows only produce white milk" multiple times. Deep gloom descended. Suddenly a ray of sunshine illuminated the problem. What if I could persuade gnus to use public key encryption? A bit of digging in Emacs customization revealed I could do something like (setq auth-source-gpg-encrypt-to (quote ("ABC124"))), where ABC1234 is they key I use to encrypt my password file. This means that gnus and org both use public key encryption and I can now use gnupg-agent. So I only have to type in "Wilkesley cows only produce white milk" once and I can both read my email and open my passwords file. Happiness restored. Ian.