Page MenuHome GnuPG
Create Task
Maniphest T2026

Pinentry gnome3 should allow session storage
Closed, ResolvedPublic
Actions

Description

I tried to use pinentry-gnome3 as a replacement for gnome-keyring-daemon's
gpg-agent. I ran into an issue that is a show stopper for me, but should be a
trivial thing to fix.

pinentry-gnome3 offers the option to cache the password in secret storage,
however it uses the default "login" collection rather than the "session"
collection which is cleared on log-out.

I do not feel comfortable keeping my gpg password saved in the "login"
collection. I would feel much more comfortable with it cached in the "session"
collection like gnome-keyring-daemon does.

To store in the session collection, you just specify SECRET_COLLECTION_SESSION
instead of SECRET_COLLECTION_DEFAULT when storing the password.

For feature parity with gnome-keyring-daemon the behavior would be to cache in
session storage unless the checkbox is checked, in which case you would store in
the default collection.

Current behavior of pinentry is to not cache the password at all by default.
When the box is checked, the password is stored in the default "login" keyring.

I would be happy with either matching gnome-keyring-daemon's behavior or even
just providing me a way to cache in the session storage.

Event Timeline

war1025 added projects: Feature Request, pinentry.Jul 1 2015, 5:59 PM
war1025 added a subscriber: war1025.
neal added a subscriber: neal.Jul 2 2015, 1:13 PM

gpg agent already handles caching passwords in memory; Gnome keyring is just
used to cache the passwords on stable storage. Thus, I think the current
behavior is correct. If you disagree, please reopen and describe the behavior
that you expect.

Note: to have gpg agent cache passwords for a long time, set default-cache-ttl
and max-cache-ttl in your gpg-agent.conf to large values. To make sure the
cache is cleared when you log out, use 'gpgconf --reload gpg-agent' (or use send
SIGHUP to the right gpg-agent).

neal closed this task as Resolved.Jul 2 2015, 1:13 PM
neal claimed this task.
war1025 added a comment.Jul 2 2015, 7:20 PM

Looks like the actual issue was that gpg-agent wasn't running.

Works fine now. Thanks for your help.

war1025 reopened this task as Open.Jul 2 2015, 7:20 PM
neal added a comment.Jul 19 2015, 10:40 AM

Thanks for the feedback. Closing.

neal closed this task as Resolved.Jul 19 2015, 10:40 AM