After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 742094 - Support GnuPG-2.1.x
Support GnuPG-2.1.x
Product: gnome-keyring
Classification: Core
Component: gpg-agent
git master
Other Linux
: Normal normal
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on: 750514
Blocks: 745843
Reported: 2014-12-29 17:02 UTC by Armin K.
Modified: 2015-10-07 11:59 UTC
See Also:
GNOME target: ---
GNOME version: ---

Description Armin K. 2014-12-29 17:02:06 UTC
According to the GnuPG-2.1 announcement [1], the GPG_AGENT_INFO variable isn't used anymore and the socket is hardcoded to ~/.gnupg/S.gpg-agent (aka $GNUPG_HOME/S.gpg-agent).

I am not really sure what needs to be done for gnome-keyring gpg-agent to work with gnupg-2.1, but it would be nice to get this done in the near future since it doesn't currently work.
Comment 1 Stef Walter 2015-04-09 06:53:14 UTC
Ideally a pinentry program would be written, that allows the following:

 * Prompting via gnome-shell
 * Optionally caching the password.

One thing that seems to be missing is getting a full keyid in the pinentry for use when caching. In theory one can "screen scrape" a short keyid this out of the prompt message ... but that's pretty fragile.

So a bit of additional work to have gpg2 pass an assuan OPTION with the keyid or a unique identifier, if that's preferrable. The absence of which would indicate that the passphrase does not belong to a stable entity (like a key).

Links to stuff that would be used:

 * System prompt API:
 * Caching passphrases with libsecret:
 * Assuan protocol:
Comment 2 Stef Walter 2015-04-09 06:53:37 UTC
This is what assuan sorta looks like:

OPTION ttyname=/dev/pts/1
OPTION ttytype=xterm-256color
OPTION lc-ctype=en_US.UTF-8
OPTION lc-messages=en_US.UTF-8
OPTION default-ok=_OK
OPTION default-cancel=_Cancel
OPTION default-prompt=PIN:
OPTION touch-file=/data/.gnupg/S.gpg-agent
SETDESC You need a passphrase to unlock the secret key for user:%0A"Stef Walter <>"%0A1024-bit DSA key, ID D92765AF, created 2002-01-24%0A
SETPROMPT Passphrase
SETERROR Invalid passphrase; please try again
Comment 3 Stef Walter 2015-04-09 06:54:11 UTC
Once such a pinentry program exists, we would figure out a way to make it active while a GNOME session is running. The gpg-agent code in gnome-keyring would be removed.
Comment 4 Stef Walter 2015-04-09 06:55:07 UTC
Previous discussion:
Comment 5 Neal H. Walfield 2015-04-15 07:41:22 UTC
A stable identifier is now provided with requests for the passphrase.  The relevant command is SETKEYINFO.  Please see the GnuPG bug report about this feature request for more details: .
Comment 6 Pacho Ramos 2015-05-15 10:03:51 UTC
Looks like gnupg upstream has implemented a gnome3 pinentry... maybe the "solution" would then be to remove the gnome-keyring gpg-agent... :/;a=commit;h=be87785005d256b7f3dacc607ba5ea0a14de8593
Comment 7 Luis Henrique Mello 2015-09-24 13:06:14 UTC
Blocker bug has been fixed.
Comment 8 Stef Walter 2015-10-07 11:59:26 UTC
This is solved in gnome-keyring 3.18.0. gnome-keyring no longer ships a gpg-agent.