Portal for GPG encryption/decryption

Question

Portal for GPG encryption/decryption

Opened this issue 7 years ago · 7 comments

Heyo, I recently made Thunderbird available as a fatpak on flathub, but right now Enigmail/GnuPG functionality doesn't work. I don't want to expose the entire gpg directory, keys and all, to applications for it though if possible.

Answer 1 · 2018-10-03T18:46:00.000Z

That would be awesome! I need this in order to encrypt some sensitive data using a private/public key. Currently, I had to give the application a full access to ~.gnupg directory, which is not a good solution at all...

Answer 2 · 2019-05-11T01:17:05.000Z

Same issue while trying to do a variety of tasks in emacs, signing commits, read a password from a encrypted file, etc.

Answer 3 · 2019-05-14T02:53:28.000Z

To make progress here I'd say an application that relies on this needs to write out its API needs (and ideally make an implementation).

Answer 4 · 2021-05-04T11:39:30.000Z

seems nobody has suggested to use the Seahorse API just yet, but it may be worth a shot.

Answer 5 · 2023-02-26T13:49:15.000Z

--socket=gpg-agent was added with flatpak/flatpak#4958 in version 1.14.0.

Answer 6 · 2023-02-27T02:48:13.000Z

I don't believe that invalidates this issue. gpg-socket is a sandbox bypass and not a portal.

Answer 7 · 2023-10-20T08:43:30.000Z

@TingPing does the agent leak secret material to sandbox though? If not, the difference isn't that big.