emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Tim Cross <theophilusx@gmail.com>
To: David Masterson <dsmasterson@gmail.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: org-crypt ?
Date: Sun, 12 Jun 2022 10:28:47 +1000	[thread overview]
Message-ID: <871qvuy8vn.fsf@gmail.com> (raw)
In-Reply-To: <SJ0PR03MB545560D9F5556E878062BD89A2A99@SJ0PR03MB5455.namprd03.prod.outlook.com>

David Masterson <dsmasterson@gmail.com> writes:

> Tim Cross <theophilusx@gmail.com> writes:
>> David Masterson <dsmasterson@gmail.com> writes:
>>> I think I've gotten org-crypt working, but I think some things are not
>>> making sense (it might be just me):
>>> 1. I've set org-crypt-key to nil (symmetric encryption).
>>> 2. Can I use a different encryption key for each encrypted paragraph?
>>> 3. Does org-encrypt only ask for the key the first time?
>>> 4. Does org-decrypt only ask for the key the first time?
>>> 5. How do they know where to get the password when they don't ask?
>>> 6. Shouldn't org-crypt docs in org manual have examples?
>>> Does this make sense -- I think I'm messing something up.
>> Warning: I have not used org-crypt for many years. These days, I just
>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>> However, I think I can probably answer some of your questions -
> Hmm, two questions that this brings up:
> 1. Do you access your files on (say) iPhone?
> 2. Do you store your files in Git (say Github)?

Well, yes and yes, but I don't tend to need to access encrypted files on
iphone. I do have encrypted files in github. For example, I have a
private repository of files I share across computers (Linux and macOS).
Some of these files are gpg encrypted. 

>>> 2. Can I use a different encryption key for each encrypted paragraph?
>> According to the manual -
>> No, not with symmetric encryption. I think this can only work with
>> asymmetric encryption.
> This needs to be spelled out better.

Ihor's response to this indicates I'm incorrect here. As I stated
earlier, it has been a long time since I used org-crypt, so I'd trust
his advice more. However, from a technical perspective, I don't
understand how gnupg or org-crypto can prompt to get the different keys
and know which chunk to apply which key to, but that is my limited
technical expertise more than anything else. With asymmetric encryption,
you specify the key name, so it knows which key belongs with each
encrypted chunk. I don't see in the code how this is handled for
symmetric encryption where no key name is specified. 

With symmetric encryption, the key is really just the passphrase. GnuPG
asks you for the key (passpharase) and it uses that to encrypt/decrypt
the data. With asymmetric, there is a public and private pair and an
associated 'name'. When encrypting, it knows or asks for the key name
and uses the public key and for decrypting, the private key, which most
often (but not always) has a passphrase used to unlock it. 
>> If your using symmetric encryption, you typically just have one key for
>> all the data within the file. From the gnuPG perspective, this is just
>> encrypted text. It does not 'know' about different paragraphs. To have
>> different encryption with each paragraph, you would need to specify
>> different keys and there is no mechanism to do that with symmetric
>> encryption only asymmetric.
> org-(en/de)crypt ??

Determining which parts are encrypted isn't hard. However, how do you
know which key to associate with each bit? The only solution I can see
is to attempt every known symetric key to each chunk until one works and
if none of the known ones work, ask for another one. This could be how
it works, but that seems extremely inefficient and difficult to manage
to me. 

The other problem is how to prompt for the key. Lets say you have 10
encrypted items in an org file, each encrypted with a different
symmetric key. Org has to ask the user for the key for each one. What
goes into the prompt to give the user an idea which of the 10 different
keys to enter? I guess it could say "Entger key for chunk 1:" and "Enter
key for chunk2":, but I'm not sure that is good. The system could use
the section heading, but I didn't see anything to indicate it would do
that when scanning the code, but perhaps I missed it. 

> Hmm, you're suggesting you don't use org-(en/de)crypt.  The manual
> doesn't spell out very well how to do that.  Where do you put your key
> for symmetric encryption?

With symmetric encryhption, there is no 'key' to put anywhere. The key
is the password/passphrase. You only have a 'key' with asymmetric
encryption, where you have two files, the private and public key. These
are managed by gnupg in the .gnupg directory (typically). 

One thing which you may find helpful is to look at the 3 separate layers
involved with org-crypt as they all have their own manual and each layer
provides some of the information you are after i.e.

- Encryption/decryption and key management is largely handled by gnupg.
The documentation associated with gnupg is pretty good and will likely
answer many of your questions. 

- The interface to gnupg from within Emacs is managed by easyPG, which
basically consists of two libraries - epa, whihc provides the Emacs
interface layer for gnupg and epg, which provides a library that can be
used by Emacs packages to access gnupg. This is primarily what org-crypt
uses. The easyPG manual is pretty good and contains some good

- org-crypt, which is a very light-weight wrapper around the epg
functions. It provides the basic integration between org and easyPG. 

>> What is your use case where you need multiple symmetric encryption keys
>> in one file?
> One broken key doesn't give up the whole file.

That might be a false sense of security. The big weakness with symmetric
encryption is they key/passphrase. It suffers from the same problem of
passwords (which are mostly 'human'). If one of your keys is weak enough
it has been broken, the odds are pretty high that the others will be as
well. The likelihood with symmetric encrytion is higher because
everything is based on the key/passphrase you supply. With asymmetric
encryption, the key is not related to the passphrase. To breach the key,
someone needs to either get hold of the private key and the passphrase
(assuming it has a passphrase, which is normal practice for secure
setup) or they need to crack the very strong key. 

For that use case, I would use asymmetric rather than symmetric

>>> 6. Shouldn't org-crypt docs in org manual have examples?
>> Probably, though I don't know what else you would put in there which
>> isn't already there. Feel free to supply a PR or patch once you have
>> worked it out. However, as noted in the commentary section, org-crypt.el
>> is really a very light-weight wrapper around functions in epg.el, so
>> likely the first place to start when looking for documentation and
>> examples is the epa/epg/easyPG manual
> Not good at writing these days, buy I'll consider.

Please do. Often the best documentation comes from end users rather than
developers. The developer is often too close to the code, which makes it
harder for them to appreciate what users don't understand/know. For a
user, the challenges they encounter are often 'fresher' and puts them in
a better place to explain things. People on the list will provide
feedback to help clarify and improve what you write. 

I would highly recommend looking at the easyPG and gnuPG documentation.
It is quite likely all that needs to be done to improve the
documentation is add some appropriate links to the documentation for
those two projects. 

  reply	other threads:[~2022-06-12  1:21 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-10  4:08 org-crypt ? David Masterson
2022-06-11  3:35 ` Tim Cross
2022-06-11 21:29   ` David Masterson
2022-06-12  0:28     ` Tim Cross [this message]
2022-06-12  1:37       ` Ihor Radchenko
2022-06-12  3:07       ` David Masterson
2022-06-12  4:04         ` Tim Cross
2022-06-12  6:19           ` David Masterson
2022-06-12  4:15         ` Ihor Radchenko
2022-06-12  5:55           ` David Masterson
2022-06-14  4:13             ` Ihor Radchenko
2022-06-11  4:17 ` Ihor Radchenko
2022-06-11 21:17   ` David Masterson
2022-06-11 21:46     ` Ignacio Casso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=871qvuy8vn.fsf@gmail.com \
    --to=theophilusx@gmail.com \
    --cc=dsmasterson@gmail.com \
    --cc=emacs-orgmode@gnu.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).