1

I use mu4e and Emacs for email, as well as GPG for credentials and mu4e-send-delay for delayed sending.

Sometimes the GPG prompt for the encryption password is overwritten by another message in the mini-buffer, and GPG gets the wrong password. The mini-buffer shows Blocking call to accept-process-output with quit inhibited! and a pop-up dialog says Buffer *temp* modified, kill anyway?. A copy of the message is saved in the home directory with filepath ~/*message*-20191031-185747.

This pop-up appears as many times as the number of emails to send and comes again after the value of mu4e-send-delay-timer (60 seconds in my case).

The only solution I found (from How to force Emacs or pinentry to forget wrong GPG password?) was to kill the GPG agent with gpgconf --kill gpg-agent and restart Emacs. Either of them alone is not enough, I need to do both. Then I get prompted for a GPG password.

I am using GNU Emacs 26.3, gpg 2.2.17, and macOS Mojave 10.14.6.

How can I set up Emacs, mu4e, and GPG to be more user-friendly, maybe with a pop-up to request the password, and setting GPG to forget wrong passwords?

miguelmorin
  • 1,751
  • 11
  • 33
  • what os are you using? I still have a response on other question pending, but time has been very scarce lately. – Muihlinn Nov 02 '19 at 18:16
  • I updated the question. @Muihlinn, yes, the question is similar to a question in a comment in https://emacs.stackexchange.com/questions/52837/how-to-force-emacs-or-pinentry-to-forget-wrong-gpg-password . – miguelmorin Nov 03 '19 at 10:26

1 Answers1

2

This was intended as a comment, but it's too long, hopefully it will give you some hints.

Right now I don't have a mac to try OSX configs, but this is what I have now:

pinentry:

pinentry-program /usr/bin/pinentry
#pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 14400
max-cache-ttl 28800
enable-ssh-support

Modify your cache times as you prefer.

It reprompts if the password is wrong. At least in linux it blocks until you pass a correct password for a number of times out of emacs.

Also I have lock-once in .gpg.conf, which I'm not sure if it was needed for this or for some other stuff.

As mu4e is concerned, it doesn't need any configuration beyond the getters/senders helpers, which in my case are mbsync and msmtp. I have a set of encrypted files with the passwords of each account.

.mstmprc looks like this:

account a : domain
from a@domain.net
user a@domain.net
passwordeval "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.pwds/a-domain.gpg"

similarly, on .mbsync.rc:

IMAPAccount domain
Host imap.domain.net
User a@domain.net
PassCmd "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.pwds/a-domain.gpg"

This decouples the gpg needs from the minibuffer, making the apps to collect their data from the encrypted files allowing the agent to handle the heavy lifting without reprompting while the cache times allows. This also works fine with .authinfo.gpg files

More than probably you shouldn't have pinentry emacs package active.

On the delayed send, cannot tell you, never used it.

This is how it works in my machine and laptop, I'm not a security maven, so I'm sure that it could be improved in many ways.

Muihlinn
  • 2,576
  • 1
  • 14
  • 22
  • Thank you Muihlinn. I've been overwhelmed for a bit and haven't tried this yet; I'm hoping I will by next weekend, and if it all works I'll set up a new bounty. – miguelmorin Apr 13 '20 at 10:08