Skip to content

Providing Context Flags in the High Level API #196

New issue
New issue
Open
Open
Providing Context Flags in the High Level API#196
@eric-simpliphy

Description

@eric-simpliphy
eric-simpliphy
opened on Apr 16, 2025

There are a number of context flags that can be provided to the GPGME library.

Specifically, I'm interested in setting the no-symkey-cache flag so the symmetric key is not cached by the gpg agent. This way a successful decryption at one point in time with the right passphrase doesn't allow a successful decryption later even when the wrong passphrase is specified. This is similar to issue #142 although I think that is for asymmetric encryption. I have seen some folks configuring gpg agent to have a 0 TTL to work around this issue but I would ideally like my code to work the same regardless of the system configuration.

My problem is I want to use the the high level API, but there is no way to set these flags via that high-level API. The Context object is created within the decrypt method with no hook to adjust the context flags.

There are other options that are accepted by the high level API and passed through to the context. I'm wondering if we can allow flags to be one of those. I'm thinking:

GPGME::Crpyto.new flags: { 'no-symkey-cache': true }

Then internally when decrypting (and other operations) it would:

options.delete(:flags)&.each do |flag, val|
  ctx.set_ctx_flag flag, val
end

This would allow these flags to be used without leaving the nice interface of the high level API. I would be interested in doing the legwork in making this patch if you are open to it as it would get rid of a monkey-patch in my app.

Also, I think the values have to be something like '1' since they are passed directly to the C bindings. If we impl this, should the high level API should convert from true to '1' so the flags are more high level if we are exposing these flags more to the high level API?

Alternatively would it be better to not pass through any flag but just support this one specific flag via a new option on GPGME::Crypto and we add the other flags as needs come up?

Side note, if anyone else needs a monkey-patch to disable this cache in the meantime mine is:

module Ext::GpgmeCacheDisable
  def new options={}
    blk = ->(ctx) {
      ctx.set_ctx_flag "no-symkey-cache", "1"
      block_given? ? yield(ctx) : ctx
    }
    super options, &blk
  end
end
GPGME::Ctx.singleton_class.prepend Ext::GpgmeCacheDisable

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions