From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adam Spiers Subject: Re: org-crypt.el --- Public key encryption for org-mode entries Date: Sat, 29 Dec 2007 20:19:04 +0000 Message-ID: <20071229201904.GA10722@atlantic.linksys.moosehall> References: Reply-To: Adam Spiers Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1J8i9D-0002EE-Qg for emacs-orgmode@gnu.org; Sat, 29 Dec 2007 15:19:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1J8i9D-0002CG-0o for emacs-orgmode@gnu.org; Sat, 29 Dec 2007 15:19:07 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1J8i9C-0002C1-LZ for emacs-orgmode@gnu.org; Sat, 29 Dec 2007 15:19:06 -0500 Received: from mail.beimborn.com ([70.84.38.100]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1J8i9C-0008Iq-EH for emacs-orgmode@gnu.org; Sat, 29 Dec 2007 15:19:06 -0500 Received: from mail.beimborn.com (localhost.localdomain [127.0.0.1]) by mail.beimborn.com (8.12.11.20060308/8.12.8) with ESMTP id lBTKJ5l3002228 for ; Sat, 29 Dec 2007 14:19:05 -0600 Received: from localhost (localhost [[UNIX: localhost]]) by mail.beimborn.com (8.12.11.20060308/8.12.11/Submit) id lBTKJ5no002215 for emacs-orgmode@gnu.org; Sat, 29 Dec 2007 20:19:05 GMT Content-Disposition: inline In-Reply-To: List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: emacs-orgmode@gnu.org On Fri, Sep 28, 2007 at 11:48:34PM -0400, John Wiegley wrote: > The following code is preliminary, but gets the job done in my simple tests. > Now's the time to beat down on, and refine, the user interface and behavior. [snipped] I gave this a go and the basic functionality works fine for me, thanks! As you are obviously aware from the above, there are issues with the interface; here's an independent perspective on the gaps which I would personally prefer to see prioritised first: - Only text before, not after, the CRYPTKEY property gets encrypted. - I couldn't get property inheritance to work at all via (setq org-use-property-inheritance '("CRYPTKEY")) (as per my other post in the last hour, this is not possible via the normal Customization UI) but maybe I'm misunderstanding something about how it's supposed to work. The goal would be to support encryption of a whole subtree, e.g. * PROJECT top s3kr1t! :PROPERTIES: :CRYPTKEY: 7A2F2DDC :END: Here beginneth the classified dossier. ** If anyone sees this it means Global Thermonuclear War *** How about a nice game of chess? ** (and the universe might implode too) - org-decrypt-entry leaves a PGP block in there - is that necessary? - Local variable-based customisation of `after-save-hook' is not ideal because it overrides any global hooks. - Unless I'm missing something, shouldn't it be `before-save-hook' instead? Currently, you save the buffer, it encrypts entries, then you have to hit save again. - Ideally the user would never see the PGP blocks from within emacs, only by looking at the raw file saved on disk. Could a first appromixation to this could be achieved by having `before-save-hook' encrypt all entries, and `after-save-hook' decrypt them all again? It may be worth observing that despite your comment: ;; If you want encryption to be manual, use `M-x ;; org-encrypt-entries'. Note that in this version -- mainly because I ;; don't know epg.el better -- you will be asked for your password for ;; every entry that needs encryption. I did not experience this; this is almost certainly because I already had a GPG agent daemon running, `use-agent' in my ~/.gnupg/options, and emacs was invoked from a shell in such a way as to guarantee that it inherited the correct value of $GPG_AGENT_INFO. So from a usability perspective it is not a particularly pressing issue that you have coded it this way. Hope this is of use, and thanks again for putting 0.1 out there! Adam