From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ramon Diaz-Uriarte Subject: Off-topic: *.gpg files and EasyPG Date: Fri, 30 Dec 2011 15:26:53 +0100 Message-ID: <877h1e879u.wl%rdiaz02@gmail.com> Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Return-path: Received: from eggs.gnu.org ([140.186.70.92]:55605) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgdQB-0000Vp-MI for Emacs-orgmode@gnu.org; Fri, 30 Dec 2011 09:27:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RgdQ9-00051H-W3 for Emacs-orgmode@gnu.org; Fri, 30 Dec 2011 09:26:59 -0500 Received: from mail-we0-f169.google.com ([74.125.82.169]:63037) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgdQ9-00051B-Rg for Emacs-orgmode@gnu.org; Fri, 30 Dec 2011 09:26:57 -0500 Received: by werf1 with SMTP id f1so8636773wer.0 for ; Fri, 30 Dec 2011 06:26:56 -0800 (PST) List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Emacs-orgmode Dear All, Apologies if this is totally off-topic, but I think many people use org-mode + EasyPG to encrypt *.org.gpg files, and I could not think of a more knowledgeable list than this one ;-). * Summary: If an encrypted buffer is killed right when it is being opened (when you just typed the password), the contents of the encrypted buffer are left, as plain text, in other buffer(s). * Details: I routinely use org mode with EasyPG. Yesterday, after realizing that sometimes I leave a gpg buffer open for longer than I should, I figured I'd set a timer so that any buffers that end with *.gpg are killed periodically. This seems to work OK, except if the buffer is killed right at the moment when it is being visited; i.e., right after you have entered the password. If that happens, the contents of the encrypted file are left, as plain text, in one of the other buffers (often *Scratch* or *Messages*, if those exist, or some other buffer, and oftentimes one which is not currently visible). ** Reproducible example 1. I have the following code in my .emacs: ----------- ;; from ;; http://stackoverflow.com/questions/5097561/killing-buffers-whose-names-start-with-a-particular-string (require 'cl) (defun is-killable-buffer (buffer) (let ((name (buffer-name buffer))) (string-match ".*\\.gpg$" name))) (defun kill-killable-buffers () (loop for buffer being the buffers do (and (is-killable-buffer buffer) (kill-buffer buffer)))) (run-at-time t 120 'kill-killable-buffers) ------------- 2. Now, create a *.gpg file, put something in there, and save it so symmetric encryption is used. 3. Change the interval when kill-killable-buffers runs. Set it at 1: (run-at-time t 1 'kill-killable-buffers) and evaluate the expression. 4. Try to visit the gpg file. As soon as you enter the password, the buffer is killed. So you never see it being opened. You do see the message Wrong type argument: stringp, nil But the contents, as decrypted, plain text, will be left in one of your other buffers; might be *Messages* or *Scratch* or *ESS* if you have it, but it could also be any other buffer you are visiting. If the contents end in another buffer you are visiting (say, buffer "abc.txt"), and you do not notice what happened, when you save abc.txt all the contents of the encrypted file end up in a plain text file. ** Questions. 1. Is this the way it should be? In particular, dumping the unencrypted content on another, "normal" buffer, seems worrisome. 2. Suppose the contents end up in *Scratch* or *Messages*. How serious a problem is this? Of course, if anybody has physical access to the machine while you are not there that is a problem. But I understand that the content of those buffers is never saved? And it cannot be accessed remotely? The reason for question 2. is that if those are not worrisome, then it might make sense to use the approach of having a timer to kill the gpg buffers periodically, and have it run in an emacs process that is dedicated, exclusively, to opening the gpg file(s). Best, -- Ramon Diaz-Uriarte Department of Biochemistry, Lab B-25. Facultad de Medicina (UAM) Arzobispo Morcillo, 4 28029 Madrid Spain Phone: +34-91-497-2412 Email: rdiaz02@gmail.com ramon.diaz@iib.uam.es http://ligarto.org/rdiaz