gnome-gpg improvement

The gnome-gpg utility makes PGP a bit nicer to use on Gnome with the following features:

  • Present a Gnome password entry dialog for passphrase entry.
  • Allow the user to store the passphrase in the session or permanent keyring, so it can be provided automatically next time.

Unfortunately there are a few usability issues:

  • The anonymous/authenticated user radio buttons are displayed in the password entry dialog, while they aren’t needed.
  • The passphrase is prompted for even if gpg does not require it to complete the operation.
  • If the passphrase is entered incorrectly, the user is not prompted for it again like they would be with plain gpg.
  • If an incorrect passphrase is provided by gnome-keyring-daemon, you need to remove the item using gnome-keyring-manager or use the --force-passphrase command line argument.

I put together a patch to fix these issues by using gpg‘s --status-fd/--command-fd interface. Since this provides status information to gnome-gpg, it means it knows when to prompt for and send the passphrase, and when it gave the wrong passphrase.

I also swiped the zenity_util_show_dialog() function from Zenity to make the password dialog a transient of the terminal that ran it, so the passphrase dialog stays on the same desktop and can’t be obscured by that terminal.

The changes can be found here:

http://www.gnome.org/~jamesh/arch/james@jamesh.id.au/gnome-gpg–devel–0

(a Bazaar 1.x branch, since Colin was using Arch).

There are still a few issues with handling non-password prompts from gpg, but it works quite well for the basics.

3 Comments

  1. Adam Schreiber
    Posted 14 January, 2006 at 12:34 am | Permalink

    James,

    I was wondering if gnome-gpg’s functionality shouldn’t be integrated with Seahorse in some manner.

    Adam

  2. Posted 14 January, 2006 at 12:55 pm | Permalink

    Adam: gnome-gpg serves a fairly different purpose to Seahorse. It acts as a wrapper for gpg that lets you store your passphrase in the Gnome keyring. So if you have a script or program that wants to invoke gpg, you can drop in gnome-gpg instead.

    In contrast, Seahorse is designed as a GUI for performing encryption/decryption/signing/verification. It doesn’t really overlap that much.

    The one place where they could cooperate is in the names of the keys they store in gnome-keyring. If those match, then the user would only need to type their passphrase in once for both uses.

  3. Anonymous
    Posted 15 January, 2006 at 9:09 am | Permalink

    Any chance of making use of gpg-agent if available? I prefer to store my GPG passphrase in gpg-agent.