more frustration
Paul Rubin
phr@netcom.com
Mon, 28 Aug 2000 19:28:40 -0700 (PDT)
This is a similar situation as before, but I'm once again frustrated
with gpg, so I want to urge again that its user interface be changed.
(I've had similar problems with pgp, so it's not a gpg-specific issue).
Gpg and pgp have lots of well-implemented complicated features but
they both can make it unbelievably difficult to do what should be the
simplest thing in the world: get a public key from your friend, and
use it to send him an encrypted message.
I got a key from my friend and imported it to my public key ring.
Fine. This is a semi-secure machine. Semi-secure means that all
files and network activity are assumed to be monitored by an attacker,
but the attacker won't alter my files even if he reads them. I think
this is the right security model for most shared machines. It means I
have to use reasonable precautions about what kinds of messages I can
compose on it (no problem) and it also means that **I can't have any
private keys on it whatsoever**. Having no private keys means I can't
locally sign my friend's public key, but that's ok--I got it from him
directly and I don't need further authentication for it. An attacker
able to alter my local keyring can also alter my gpg executable, so
I've decided to trust the local keyring.
Again, I want to encrypt a message with my friend's key, this time
after composing the message in emacs. So I pipe the region through
"gpg -ear [friends-name]" and it totally fails because the
stdin/stdout are not connected to a tty in emacs. When I do it in a
shell window, it complains that the key is unsigned and makes me type
"yes" to confirm that I really want to use the key. I don't see *any*
way to turn off that interaction, unless I sign the key, which is
inconvenient and also useless on a semi-secure machine. It means I
can't do the encryption under control of a script, which is really
want I want. --batch, --yes, and --quiet don't do it. --yes doesn't
convince gpg to believe the key (it only answers yes to "most"
questions). --batch and/or --quiet turn off the interaction, but gpg
then just plain refuses to do the encryption because the key is not
signed. And maddeningly, I got idea of trying --completes-needed=0
only to have gpg tell me that completes-needed must be > 0. That
really seems a bug to me. It's ok for the default to be 1, but if I
explicitly specify --completes-needed=0, gpg should believe that I
know what I'm doing and give me what I ask for, instead of imposing
its assumptions on me.
Would it be possible to fix the --completes-needed=0 bug, or
alternatively, maybe add an --override-warnings flag (or even a
--i-know-what-im-doing-so-stop-bothering-me or a
--yes-and-i-really-mean-yes-to-ALL-questions flag), that TOTALLY turns
off the interaction and just makes gpg do what I tell it, without
asking questions?
Thanks
Paul
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org