GPG decrypting should not be intrusive

[®om]

As soon as you receive a gpg encrypted message, it asks for decrypting private key (and freeze gajim). If you are not present in front of the computer, gajim is frozen potentially for several hours (and will not receive new messages).

In my opinion, when receiving an encrypted message and the key is not unlocked, it should only add a button "decrypt" in conversation box, and asks for passphrase only when clicking on it.

[anonymous]

Moreover, if you are doing something else, it is very intrusive to have to enter the passphrase before doing anything else. And if it is not you on the computer (your girlfriend for example), the only thing that person can do is cancel the passphrase asking (they don't know your passphrase), but in that case the received message is lost…

[anonymous]

I assume you are using gpg-agent for passphrase handling. There are two possibilities: Configure Gajim to cache the passphrase on its own (do not use gpg-agent), Gajim will then ask for the passphrase when connecting and cache it for the duration of being online. The second solution is to configure gpg-agent to cache the passphrase for a longer period of time by editing ~/.gnupg/gpg-agent.conf. See "man gpg-agent" for more information.

I don't know if an option for decrypting "manually" is a good solution. I mean, it's not the jabber client's responsibility to keep a message "safe" as soon as it reached you (as soon as it is going to be displayed in the chat window). Leaving your client online while being away (i.e. not sitting in front of your computer), you have to keep it safe on your own (lock the desktop). So your secret key's passphrase may well be cached in the meantime.

[asterix]

I don't know which version of Gajim you use (the field of your ticket is not filled ...) But recent version don't freeze when asking GPG password

[anonymous]

I use gajim 0.12.1 (Ubuntu Jaunty).

Is the passphrase cached by gajim is encrypted somewhere, or in clear?

I would prefer gajim to not be intrusive and keep the encrypted message until clicking on a button "decrypt" (less intrusive if you are doing something else).

[asterix]

use latest release : 0.12.3.

passphrase is never stored on disk, only in RAM (in clear)

now if you use gpg-agent, Gajim doesn't control anything: We ask him the passphrase, and he give it to us if he as it, or asks you if it hasn't, but we cannot know what gpg-agent is going to do. Maybe you can configure your gpg-agent to be less intrusive

[puleglot@…]

But why gajim goes offline after some time if passphrase does not entered? And why is asks for passphrase every time the cache ttl of gpg-agent is expired while there is no any gpg-enabled conversations opened or no incoming encrypted messages?

[asterix]

gpg key is used when you send a presence (because presence are signed to announce you use GPG) so each time you change your status, goes or come from idle, gpg key is needed.

If you want, you can disable that with gpg_sign_presence advanced option.