Author: Abel Luck Date: To: tails-dev Subject: Re: [Tails-dev] Claws mail and GnuPG agent
Alan: > Hi,
>
> Tails currently configures GnuPG to use the agent. Unfortunately this
> is buggy and the second time the agent is called it freezes not only
> claws-mail but also metacity and thus makes the desktop unusable.
>
> I found a way to read encrypted email in claws-mail without typing the
> passphrase each time and without using the buggy agent feature. I use
> it since quite some time now and it works. I don't know however how
> safe this feature is. Once sombody have investigated this we might want
> to include it in Tails.
>
> The related configuration bits from .claws-mail/clawsrc follows:
>
> [GPG]
> use_gpg_agent=0
> store_passphrase=1
> store_passphrase_timeout=10
> passphrase_grab=1
>
> Cheers
Without commenting on the security of this particular change, this is
merely a temporary fix as gpg-agent is the future for gpg. gpg-agent
provides process isolation that ensures the secret key material isn't
handled improperly.
Unfortunately it seems most client apps don't like it :\