Configuring for use of gpg-agent by default for Gutsy
Scott Kitterman
ubuntu at kitterman.com
Mon Jul 2 03:29:16 UTC 2007
One of the goals for KDE in Gutsy is to support S/MIME encryption/signing by
default in kmail/kontact:
https://wiki.kubuntu.org/KubuntuGutsyPlan
One of the requirements for meeting this goal is to set "use-agent" in the
~/.gnupg/gpg.conf of the user. I've done some investigation and it seems to
me that there is not a significant risk associated with just doing this
generally.
If the string is set and gnupg-agent is not installed, pgp signing/encryption
still works. All that happens is gnupg prints a warning that no running
agent can be found, but it happily asks for a passphrase using the normal CLI
interface.
The only issue I've found with using gpg-agent with an appropriate pinentry
program is a problem in debuild with the way that it destroyed the local
environment and then called debsign. This was fixed in the last devscripts
upload by Steve Kowalik (seahorse-agent will also now work with debuild).
From a KDE perspective, one side benifit of enabling agent out of the box is
that gpg signing/encryption will also work as soon as kmail has been set up
for it (i.e. set up the keys to use for signing/encryption).
There are no doubt hacks we could come up with to set "use-agent" when
kmail/kontact is installed, but it seems to me that setting it by default is
the cleanest approach with no real downside risk that I've been able to
identify.
Scott K
More information about the Ubuntu-devel-discuss
mailing list