From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bastien <bzg@altern.org>
Subject: Re: org-crypt.el security problem (From: Milan Zamazal)
Date: Sun, 06 Mar 2011 11:01:41 +0100
Message-ID: <874o7glg8q.fsf@gnu.org>
References: <m27hce7wn3.fsf@pmade.com> <87bp1quc7q.fsf@keller.adm.naquadah.org>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from [140.186.70.92] (port=32779 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PwAml-0002n0-PV
	for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:02:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bastienguerry@googlemail.com>) id 1PwAmk-0005En-JH
	for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:01:59 -0500
Received: from mail-ww0-f49.google.com ([74.125.82.49]:53464)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bastienguerry@googlemail.com>) id 1PwAmk-0005Eh-9c
	for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:01:58 -0500
Received: by wwj40 with SMTP id 40so3526692wwj.30
	for <emacs-orgmode@gnu.org>; Sun, 06 Mar 2011 02:01:57 -0800 (PST)
In-Reply-To: <87bp1quc7q.fsf@keller.adm.naquadah.org> (Julien Danjou's message
	of "Fri, 04 Mar 2011 16:39:21 +0100")
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: Julien Danjou <julien@danjou.info>
Cc: emacs-orgmode@gnu.org

Hi Julien,

Julien Danjou <julien@danjou.info> writes:

> On Fri, Mar 04 2011, Peter Jones wrote:
>
>> Hopefully there's an autosave hook where you can encrypt the headings
>> and save to disk using a temporary buffer without having to alter the
>> current buffer and interrupt the user by encrypting a heading that is
>> being edited.
>
> I've recently added caching of encrypted text, so that org-crypt will
> not recrypt the text once again if it has not been modified, but reuse
> the previous crypting value.

I've seen org-encrypt-string but I don't see we could use it for the 
problem at hand.  

Also, the purpose is to encrypt the auto-saved buffer and *not* the
visited buffer -- which I don't know how to do.  

> That could be used to automagically re-encrypt all text before
> auto-saving.

Please let us know if you can think of a better fix than the warning!

Thanks,

-- 
 Bastien