From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id sMiGMpBupWIezgAAbAwnHQ (envelope-from ) for ; Sun, 12 Jun 2022 06:41:52 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 4KiQMZBupWI7bAAAG6o9tA (envelope-from ) for ; Sun, 12 Jun 2022 06:41:52 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3C2858505 for ; Sun, 12 Jun 2022 06:41:52 +0200 (CEST) Received: from localhost ([::1]:59114 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o0FQ7-0001Us-AD for larch@yhetil.org; Sun, 12 Jun 2022 00:41:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54138) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0FPR-0001UG-R4 for emacs-orgmode@gnu.org; Sun, 12 Jun 2022 00:41:10 -0400 Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]:33766) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o0FPO-0005LA-Et for emacs-orgmode@gnu.org; Sun, 12 Jun 2022 00:41:09 -0400 Received: by mail-pg1-x533.google.com with SMTP id r71so2829801pgr.0 for ; Sat, 11 Jun 2022 21:41:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version; bh=IktAdjjH+WvZRe1zxJcxPLFvPD4K6N40A/JkHRAZA6E=; b=MkYjx0k9YkrlV2Kx08Rh33sYyzX2VRdDgjEWzqw5qzUidHypxTz8gzHZNo0W0WZ/sP RjC6c8X/Dp8fv8imVS7dsTVkRCUfn1CHAIbXSJNau7SP37Je84bIq+Sk/R6GtWWaSZbt LDLf/bL1yHR15C4sWGfrwAFGUc/eF4Hlfbei8qBd0cS2EIuBWbavS2fhLxDbZGBxq6gy eoly3OvTzBo0GV7ToxD3u6VTfRS4GO7PLsWF2gRNKHSf423MjY82AAg8Bfu7Rdi8fkSs iIxj4PQhEzITDUkdHdFbfV12LAYJ+B4UGrnCoajZbJJ8zfwwJbzYB5uZvefO8M/3hTE9 9ZPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version; bh=IktAdjjH+WvZRe1zxJcxPLFvPD4K6N40A/JkHRAZA6E=; b=XXHp3kIffDZNKKAG8n+JIHF+HISGVaNPuYoMVSEMwCg1IcseoHA6rqEdln7LaEm9X4 tJx6xdC60a53IexEqH8iHQkwL1htCPNWqtjVKGMg0fHWAUHkRm3M7he9HhuFG4tSUfaV oMrw4tAZ4baOLHTtBxJVOjCW7hQHC4LL2hyaJMlCrS2ozcAUnqZnqsYuNSZN4my1cS0z NkG59YfdNydb4AKblxNeUA21n1lLuPrUO0qumDetrWtMTbANMvN8/selHhFhp5jhD0XH B0LUJ9z+6rCY7VjOwdJ8pC1/wKejxCFqx2d7XJNdpDPVVq53zEHjwKolg26OEtphzHZZ fwNQ== X-Gm-Message-State: AOAM533BTmjBsogmKJugLfPNmLq17Y9Ki6ejVFyYLbbb9nJ5/3oj4M8w HmFN6H99qFbbr502S9TCam8UrYQ4X2g= X-Google-Smtp-Source: ABdhPJx4fZ9YbXUXJeN7/KBT7pTp/wihjLCoqOuFRI2mMLN0uJS6dyhvvWuFCOPS+l7H0OaCt3jqTg== X-Received: by 2002:a65:6c07:0:b0:3f2:5efb:6c7 with SMTP id y7-20020a656c07000000b003f25efb06c7mr46800218pgu.496.1655008864597; Sat, 11 Jun 2022 21:41:04 -0700 (PDT) Received: from dingbat (2001-44b8-31f2-bb00-63fa-329c-dbc6-d47e.static.ipv6.internode.on.net. [2001:44b8:31f2:bb00:63fa:329c:dbc6:d47e]) by smtp.gmail.com with ESMTPSA id bl2-20020a17090b098200b001e30a16c609sm2350016pjb.21.2022.06.11.21.41.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Jun 2022 21:41:03 -0700 (PDT) References: <871qvvesqh.fsf@gmail.com> <871qvuy8vn.fsf@gmail.com> User-agent: mu4e 1.7.27; emacs 28.1.50 From: Tim Cross To: David Masterson Cc: emacs-orgmode@gnu.org Subject: Re: org-crypt ? Date: Sun, 12 Jun 2022 14:04:45 +1000 In-reply-to: Message-ID: <87k09mwl1w.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::533; envelope-from=theophilusx@gmail.com; helo=mail-pg1-x533.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1655008912; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=IktAdjjH+WvZRe1zxJcxPLFvPD4K6N40A/JkHRAZA6E=; b=b6/d/UWjkUPmzjFc1I9xOG3qbco5N0bp7udZigDoQwG9nU6i8rFbwGzdPyLMzzqwKtTpCi 4pHLIy4hS3z1fgDVpAi9Zl/JU8AYh//Aq4q69HMckIf+Hi/MtkgbWxGAlQCI57DmT/2h0O TgXOiWEpmG9qJjW24MFaqTGMZ7mCZFQzhvfnegpGnJDTKiT2q7kvPzD5ibJuBcJKCdquuL aXHCE35hdtaRaBidIgHiK/N7Y4i4BVQ+Yo/FK7IsgCDUbqyRVM8FiKaCRybgxPJg7zwcHG 48Rp00TJzaIOTVi3PC8ze46INltUHz2fP9FHmhdJ6QrKZYMKIhTVXyteCZFJXg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1655008912; a=rsa-sha256; cv=none; b=qu9LYQgHTK9rU91qO/OG0ZBMlOXFoEZ9h1yWgYQSXVfq1LzW01jXOtZpkryVQVPcjQJpr4 8OPrFF16q4uerik8QNDZletfiypD7b59P13OfTmI9vjXGK+rSG+nCyzc8MfgkfDZUR4HmG akOq65IUUgJmFOLPOyVwMijxmM8nmUCYe1x3fP2MN5w0cGHtXxaJwzQ70kREQQB/ZdVUfx jJUlwNf2B5j3xpOFXuhHtqbk+A8OXY7uugcbAi7YAihULstGjrXkZMTJDHaIaGnBxCLnXY q6wCNyE5OayrXC0AM/BoqM9n9yXgUJrz8cA2Ma9OBRirQb2OY4hjUm5/lOZBhQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=MkYjx0k9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.48 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=MkYjx0k9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 3C2858505 X-Spam-Score: -6.48 X-Migadu-Scanner: scn0.migadu.com X-TUID: sHdDkgCmA+lq David Masterson writes: > Tim Cross writes: > >> David Masterson writes: >> >>> Tim Cross writes: >>> >>>> Warning: I have not used org-crypt for many years. These days, I just >>>> use a .org.gpg extensions and symmetrically encrypt the whole file. >>>> However, I think I can probably answer some of your questions - >>> >>> Hmm, two questions that this brings up: >>> >>> 1. Do you access your files on (say) iPhone? >>> 2. Do you store your files in Git (say Github)? >>> >> >> Well, yes and yes, but I don't tend to need to access encrypted files on >> iphone. I do have encrypted files in github. For example, I have a >> private repository of files I share across computers (Linux and macOS). >> Some of these files are gpg encrypted. > > Exactly the system I'm looking for! (or almost) > > I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy) > on the iPhone, and a Github private repository. This is complicated to > the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has > saved me a number of times on resyncing if I change things on both > sides. But I would like to use more encryption with this. When it's > secure, I'd like to roll it out on my family's iPhones as well. > I suspect the challenge will be in getting gnuPG support on the iphone. I've never tried that and don't know if there is a gnuPG version for iphone. That would be the first thing I'd try to verify. If you can encrypt/decrypt on the iphone, it should be possible to handle the rest. The one problem you can run into with gpg files and git is that git can see those as binary files. The general 'rule of thumb' is that you don't put binary files into git. The thinking is that binary files are typically generated from some text file and it is the original source text which you would put into git. There are also some minor technical issues, mainly with large binary files, which make git somewhat inefficient. The big issue however is that by default, most git forges, like github, have a limit on the siace of binary files they will allow in git. That size is reasonably large, but there is a limit which I think you have to pay to have increased. I've not run into that limit with encrypted files, but have with PDFs and other formats I wanted to include in my git repo. > > Hmm. Point taken. I have to work on understanding asymmetric > encryption with org-crypt more. > The main downside with asymmetric encryption is that if you want different keys you have to create lots of different keys and manage them securely. With symmetric encryption, you just have to remember passwords/passphrases. The big advantage with asymmetric is that encryption and decryption are separated. Someone can have your public key and can encrypt data which only you (or whomever has the private key) can decrypt. Based on your desire to roll something out to your family, I would actually recommend a different route. There are some very good open source password managers out there. Many of them, for a very small fee (i.e. $12pa), will also provide a few Gb of encrypted file storage as well. What I find good with some of these is that provided you select the right one, you have full control over the encryption (so the server the provider uses has your data encrypted and only you have the key) and they usually have mobile device support. The big benefit is that the mobile clients will take care of the encryption/decryption bits. Personally, I've been using ipassword for years, but if I was setting things up now from scratch, I would be chekcing out bitwarden and keypass (as well as some others) as possible alternatives. These password managers have grown to be alot more than just password managers. They typically have some support for encrypted files as well as 'secure notes'. The basic architecture of many (especailly the open source ones) is basically the same as your outlined use case - benefit is they have taken care of all the nitty gritty stuff and most of them are based on the same technology (i.e. gnupg under the hood). The other benefit is you also often get support for 2FA/OTP, hardware keys like yubikey etc. Such solutions are also often easier for family members who may not be as technical oriented to learn/use. I also used lastpass at one of the businesses I worked for. While it was a pretty good product when it was first released, I would no longer recommend them. The quality and reliability seems ot have dropped off significantly once they were sold to LogMeIn. I did use borg, though not so much since I retired. It worked OK, but I really just used it to manage tasks and keep notes using my tablet or iphone (I usually used my ipad for meetings). However, since retirement and no longer needing to interact with 'enterprise' environments, my macbook and ipad are pretty much dust collectors! Everything these days is just on my Linux system.