Both of my Linux systems were recently involved in a test of about a dozen plus replacments for OpenSuse 11.4 and Ubuntu 10.04.
After all the experimenting was over I ended up with the same operating systems but swapped with each having the OS that was on the other machine before the experimentation started. This means the last great gasp of using Gnome 2. I will have to switch to KDE or something else but not for at least another year. Gnome 3 is OUT as is Unity on Ubuntu! Everything went fine and the ~/.gnupg folders are the same except for the random_seed file. That worked before so why shouldn't it work now? Ubuntu 10.04 of course still uses gpg. and OpenSuse 11.4 uses gpg2. Then I signed the updated cookie block list for the Firefox add-on named CookieSafe which I create on the OpenSuse system. Nothing was checked on the options so I assumed I was using the default of a pass-phrase requested each time I sign a file like it did before. Less than a week went past until I signed my PAC filter files. Lo and behold instead of being requested for the pass-phrase for each of the twelve files they got signed with no questions asked. IMHO, this is an inherently dangerous situation. But searches were yielding nothing that made sense. But I tried every one of them (with a backup to scramble back to) in the hopes that one of them would give me my pass-phrase request back. The one that made the least sense was adding a certain line to the ~/xinitrc file. With OpenSuse using KMS since 11.3 I I can tell you that you should NOT create a ~/.xinitrc file. Because I have another user for damage control and for the ClamAV's AV. I tried it anyway because at that point I was getting frantic about a way to have the pinentry ask for my pass-phrase again. Predictably, when I tried to login I just got logged back out and was given the login screen. I repeated the test two more times with the exact same results of me not being able to login. So I logged in as clamaV and did: 1. started an xterm 2. su -l root 3 rm -f /home/ME/.xinitrc 4. In the xterm - control-D, control-D 5. Logged out as clamav. 6. logged in as me and put everything back the way it originally was. But I still had the problem of not being asked for my pass-phrase. At the very same URL as where they said to put the line in the ~/xinitrc file they had this line to do a test: echo "test" | gpg -ase -r 0xMYKEYID | gpg (replace MYKEYID with what ever your key is) I will ignore for the moment that you really have gpg2 on OpenSuse because gpg is just a symlink to gpg2. But the real line should be: $ echo "test" | gpg2 -ase -r 0xMYKEYID | gpg2 It doesn't matter because both work. The first may NOT work if you don't have a symlink of gpg pointing to gpg2. You get a pinentry window! So I hastily set it to require a pass-phrase again. Like I said, contents of the ~/.gnupg folder on both systems are identical except for different random_seed files. Will this work-around work for other versions of Linux that use gpg2 and a pinentry? I don't know. Is it a good idea to have it set for no pass-phrase required to sign a file with OpenPGP? I don't think so. It is NOT a good idea to do it without at least three warnings before it accepts the change and it being mandatory that you have to click / alter it to do it that way in the pinentry. Why did it do a no-phrase this time around and the first time it didn't do it that way? Again I don't know but the last time I upgreaded from 11.2 to 11.4. This time I installed 11.4 fresh. That may have made the difference. I am giving this in the hopes that if anybody else has a similar no pass-phrase required problem that it will help them. I really don't like the pinentry way becase I still haven't figured out a work-around for encrypting files from an xterm with my scripts. Yes, I set both BASH ways of keeping the history to no history in the scripts: http://www.securemecca.com/public/GnuPG/ The pass-phrase is now required for signing. Au Revoir _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
