I'm building a web mail application using gpgme.
In this enviroment, it is obviously impossible to use the default pinentry.
Because gpgme_set_passphrase_cb() cannot be used, I have written my own
pinentry for use by this application.
I cannot use a running gpg-agent because the web mail application is acting on
behalf of thousands of different users, forbidding to keep one gpg-agent
permanently running for every user. Thus currently for every request involving
GnuPG action I'd have to:
1st: start gpg-agent --pinentry-program (my own pinentry)
2nd: do all the stuff with gpgme (using --gnupghome to access the keys and
settings for the user I'm currently acting for)
3rd: kill the gpg-agent process
This is an unnecessary overhead (and another re-inventing the wheel) because
gpg2/gpgsm already knows how to start gpg-agent on the fly.
If gpg2 would honor a --pinentry-program option, or if gpg-agent would honor a
PINENTRY_PROGRAM environment variable or alike, the already existing feature
that gpg-agent is called and killed by gpgsm/gpg2 could be used, making the use
of gpgme much easier.
Other, more general solutions would be to invent an environment variable
GPG_AGENT_OPTIONS_FILE that could be used to tell an on-the-fly started
gpg-agent to an options file different from the default one, or an environment
variable GPG_AGENT_OPTIONS containing addition options (overriding those given
in the options file but not those given on the command line of gpg-agent.)
Thank you very much to all developers for the great work you are doing with
GnuPG and related software.