gpg-agent does not properly prompt for a passphrase within Emacs over an SSH connection. Some characters in the passphrase are missed by gpg-agent and may actually be inserted into the current Emacs buffer.
- Linux: Kubuntu 18.04.2
- Emacs: GNU Emacs 25.2.2
- SSH: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
- gnupg: gpg (GnuPG) 2.2.4, libgcrypt 1.8.1
The ASCII gpg-agent prompt appears for your passphrase. As you type the passphrase, some keystrokes are not echoed (as asterisks ***) as you type. These characters are not being received by gpg-agent.
- Create a file and encrypt it:
$ cd $HOME $ echo foo > bar $ gpg -e bar
- Demonstrate that you can decrypt this file in Emacs with EasyPG using the ASCII/curses prompt. This should succeed.
$ DISPLAY= $ emacs bar.gpg (gpg-agent prompts for the GnuPG passphase in a pop-up window) (exit emacs) $ rm bar
- Assuming everything above worked correctly, now try the same thing over an SSH connection:
$ ssh localhost $ emacs bar.gpg
gpg-agent again prompts for the passphrase using an ASCII/curses prompt. However, as you type the passphrase, asterisks do not always appear for each keystroke, only for some of the keystrokes. Authentication fails when you press Enter. (Or the Enter keystroke might not be received by gpg-agent either.)
- Try the previous test again, but this time, while typing the passphrase, press each key repeatedly until one asterisk appears. For example, if your passphrase is ABCDE, keep pressing "A" until one asterisk appears, then press "B" until the next asterisk appears, etc., until there are 5 asterisks. Authentication will succeed! However, all the extra letters get inserted into the Emacs buffer for bar.gpg. This test suggests that the characters are being misdirected on their way to gpg-agent.
My ~/.gnupg/gpg-agent file:
default-cache-ttl 1 max-cache-ttl 1
The GPG-related content in my .bashrc file:
GPG_TTY=$(tty) export GPG_TTY