Page MenuHome GnuPG
Create Task
Maniphest T3205

Fall back to private keys without passwords if no TTY is available
Closed, WontfixPublic
Actions

Description

I'm trying to use gpg under a few other layers in Git Annex, to decrypt a secret encrypted to multiple private keys. I have two of the possible decrypting keys installed: one protected by a passphrase, and the other not.

When I run my command, GPG insists on reaching up to the TTY from deep in whatever script is calling it and prompting for a passphrase for one of the keys, even though the other key is available without a passphrase.

Dropping no-tty in gpg.conf, or running the script without a controlling TTY just makes GPG die because it can't get to the TTY.

But if I ctrl+D through GPG's password prompts, GPG will fall back and use the other key that doesn't require a password.

GPG should be smart enough to try all the keys it has that aren't password-protected, before bothering the user for a password.

And if there is no controlling TTY, or no-tty is set, GPG should treat it as if the user canceled the passphrase prompt or didn't get a valid passphrase, instead of dying before trying the other keys.

I eventually had to delete the passphrase-protected key to get the script to run without hanging waiting for a passphrase, which is silly.

Details

Version
1.4.16

Event Timeline

interfect created this task.Jun 14 2017, 6:27 AM
justus closed this task as Wontfix.Jun 14 2017, 8:51 AM
justus claimed this task.
justus added a subscriber: justus.

This is a feature request for the 'classic' branch. We will not implement any new features there. Please switch to GnuPG 'modern'.

interfect added a comment.Jun 15 2017, 9:11 AM

So does the "modern" branch actually have this feature? And which version
in particular would you recommend I test? I don't seem to have any newer
build available in my distro (Ubuntu 14.04), as this version is what I'm
getting when I run "gpg".

If the "modern" branch doesn't have the feature, I would request it be
implemented there.