emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
* org-crypt ?
@ 2022-06-10  4:08 David Masterson
  2022-06-11  3:35 ` Tim Cross
  2022-06-11  4:17 ` Ihor Radchenko
  0 siblings, 2 replies; 14+ messages in thread
From: David Masterson @ 2022-06-10  4:08 UTC (permalink / raw)
  To: emacs-orgmode

I think I've gotten org-crypt working, but I think some things are not
making sense (it might be just me):

1. I've set org-crypt-key to nil (symmetric encryption).
2. Can I use a different encryption key for each encrypted paragraph?
3. Does org-encrypt only ask for the key the first time?
4. Does org-decrypt only ask for the key the first time?
5. How do they know where to get the password when they don't ask?
6. Shouldn't org-crypt docs in org manual have examples?

Does this make sense -- I think I'm messing something up.
-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-10  4:08 org-crypt ? David Masterson
@ 2022-06-11  3:35 ` Tim Cross
  2022-06-11 21:29   ` David Masterson
  2022-06-11  4:17 ` Ihor Radchenko
  1 sibling, 1 reply; 14+ messages in thread
From: Tim Cross @ 2022-06-11  3:35 UTC (permalink / raw)
  To: emacs-orgmode


David Masterson <dsmasterson@gmail.com> writes:

> I think I've gotten org-crypt working, but I think some things are not
> making sense (it might be just me):
>
> 1. I've set org-crypt-key to nil (symmetric encryption).
> 2. Can I use a different encryption key for each encrypted paragraph?
> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?
> 5. How do they know where to get the password when they don't ask?
> 6. Shouldn't org-crypt docs in org manual have examples?
> Does this make sense -- I think I'm messing something up.


Warning: I have not used org-crypt for many years. These days, I just
use a .org.gpg extensions and symmetrically encrypt the whole file.
However, I think I can probably answer some of your questions -

> 2. Can I use a different encryption key for each encrypted paragraph?

According to the manual -


 
No, not with symmetric encryption. I think this can only work with
asymmetric encryption. 

If your using symmetric encryption, you typically just have one key for
all the data within the file. From the gnuPG perspective, this is just
encrypted text. It does not 'know' about different paragraphs. To have
different encryption with each paragraph, you would need to specify
different keys and there is no mechanism to do that with symmetric
encryption only asymmetric.

What is your use case where you need multiple symmetric encryption keys
in one file?

> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?

Well that can depend on your environment and how it is configured. These
days, most Linux desktops and macOS have a form of GPG Agent and/or
keyring (I'd assume similar wiht Windows, but don't use that platform).
Typically, these agents/keyrings are configured to cache passphrases for
a period of time. Sometimes, you can tell the keyring keys it has access
to without the passphrase provided your login key has been 'opened'. So
for example, the passwords for my imap accounts are in a gpg file and
I've told my keyring agent to always allow access to those keys (this
was an option in the passphrase dialogue box). 

I also think epa has support for caching of passphrases. Therefore, it
could be that Emacs is caching the key for you and it will keep it in a
session cache for a period of time or until the session is closed. 

One way to sort out where the caching is occurring might be to try
decrypting outside of Emacs just using gnupg. If it asks for the key but
does not ask when doing it within Emacs, then it is probably Emacs doing
the caching. 

> 5. How do they know where to get the password when they don't ask?

See above re: caching, keyrings and gpg agents.

> 6. Shouldn't org-crypt docs in org manual have examples?

Probably, though I don't know what else you would put in there which
isn't already there. Feel free to supply a PR or patch once you have
worked it out. However, as noted in the commentary section, org-crypt.el
is really a very light-weight wrapper around functions in epg.el, so
likely the first place to start when looking for documentation and
examples is the epa/epg/easyPG manual


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-10  4:08 org-crypt ? David Masterson
  2022-06-11  3:35 ` Tim Cross
@ 2022-06-11  4:17 ` Ihor Radchenko
  2022-06-11 21:17   ` David Masterson
  1 sibling, 1 reply; 14+ messages in thread
From: Ihor Radchenko @ 2022-06-11  4:17 UTC (permalink / raw)
  To: David Masterson; +Cc: emacs-orgmode

David Masterson <dsmasterson@gmail.com> writes:

> I think I've gotten org-crypt working, but I think some things are not
> making sense (it might be just me):
>
> 1. I've set org-crypt-key to nil (symmetric encryption).
> 2. Can I use a different encryption key for each encrypted paragraph?

Yes. For each individual encrypted headline contents. Just enter
different passwords when queried to encrypt.

> 3. Does org-encrypt only ask for the key the first time?

No. Strictly speaking it may depend on you GnuPG config. Not by default.

> 4. Does org-decrypt only ask for the key the first time?

Depends on your GnuPG config. AFAIK, GnuPG will not cache keys by default.

> 5. How do they know where to get the password when they don't ask?

From gpg-agent.

> 6. Shouldn't org-crypt docs in org manual have examples?

We can mention org-encrypt-entry/entries and org-decrypt-entry/entries.
Would it help?

Best,
Ihor


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-11  4:17 ` Ihor Radchenko
@ 2022-06-11 21:17   ` David Masterson
  2022-06-11 21:46     ` Ignacio Casso
  0 siblings, 1 reply; 14+ messages in thread
From: David Masterson @ 2022-06-11 21:17 UTC (permalink / raw)
  To: Ihor Radchenko; +Cc: emacs-orgmode

Ihor Radchenko <yantar92@gmail.com> writes:

> David Masterson <dsmasterson@gmail.com> writes:
>
>> I think I've gotten org-crypt working, but I think some things are not
>> making sense (it might be just me):
>>
>> 1. I've set org-crypt-key to nil (symmetric encryption).
>> 2. Can I use a different encryption key for each encrypted paragraph?
>
> Yes. For each individual encrypted headline contents. Just enter
> different passwords when queried to encrypt.
>
>> 3. Does org-encrypt only ask for the key the first time?
>
> No. Strictly speaking it may depend on you GnuPG config. Not by default.
>
>> 4. Does org-decrypt only ask for the key the first time?
>
> Depends on your GnuPG config. AFAIK, GnuPG will not cache keys by default.
>
>> 5. How do they know where to get the password when they don't ask?
>
> From gpg-agent.
>
>> 6. Shouldn't org-crypt docs in org manual have examples?
>
> We can mention org-encrypt-entry/entries and org-decrypt-entry/entries.
> Would it help?

Yes.  Also, any basic config of gpg to work with.  Also, a simple test
example to show what should happen to help users determine if their
heading the right way.

Thanks

-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-11  3:35 ` Tim Cross
@ 2022-06-11 21:29   ` David Masterson
  2022-06-12  0:28     ` Tim Cross
  0 siblings, 1 reply; 14+ messages in thread
From: David Masterson @ 2022-06-11 21:29 UTC (permalink / raw)
  To: Tim Cross; +Cc: emacs-orgmode

Tim Cross <theophilusx@gmail.com> writes:

> David Masterson <dsmasterson@gmail.com> writes:
>
>> I think I've gotten org-crypt working, but I think some things are not
>> making sense (it might be just me):
>>
>> 1. I've set org-crypt-key to nil (symmetric encryption).
>> 2. Can I use a different encryption key for each encrypted paragraph?
>> 3. Does org-encrypt only ask for the key the first time?
>> 4. Does org-decrypt only ask for the key the first time?
>> 5. How do they know where to get the password when they don't ask?
>> 6. Shouldn't org-crypt docs in org manual have examples?
>> Does this make sense -- I think I'm messing something up.
>
> Warning: I have not used org-crypt for many years. These days, I just
> use a .org.gpg extensions and symmetrically encrypt the whole file.
> However, I think I can probably answer some of your questions -

Hmm, two questions that this brings up:

1. Do you access your files on (say) iPhone?
2. Do you store your files in Git (say Github)?

>> 2. Can I use a different encryption key for each encrypted paragraph?
>
> According to the manual -
>  
> No, not with symmetric encryption. I think this can only work with
> asymmetric encryption.

This needs to be spelled out better.

> If your using symmetric encryption, you typically just have one key for
> all the data within the file. From the gnuPG perspective, this is just
> encrypted text. It does not 'know' about different paragraphs. To have
> different encryption with each paragraph, you would need to specify
> different keys and there is no mechanism to do that with symmetric
> encryption only asymmetric.

org-(en/de)crypt ??

Hmm, you're suggesting you don't use org-(en/de)crypt.  The manual
doesn't spell out very well how to do that.  Where do you put your key
for symmetric encryption?

> What is your use case where you need multiple symmetric encryption keys
> in one file?

One broken key doesn't give up the whole file.

>> 6. Shouldn't org-crypt docs in org manual have examples?
>
> Probably, though I don't know what else you would put in there which
> isn't already there. Feel free to supply a PR or patch once you have
> worked it out. However, as noted in the commentary section, org-crypt.el
> is really a very light-weight wrapper around functions in epg.el, so
> likely the first place to start when looking for documentation and
> examples is the epa/epg/easyPG manual

Not good at writing these days, buy I'll consider.

-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-11 21:17   ` David Masterson
@ 2022-06-11 21:46     ` Ignacio Casso
  0 siblings, 0 replies; 14+ messages in thread
From: Ignacio Casso @ 2022-06-11 21:46 UTC (permalink / raw)
  To: David Masterson; +Cc: Ihor Radchenko, emacs-orgmode

Hello,

I'll take this chance to bring this up again, since it's also an issue
concerning org-crypt and it may be relevant if you decide to update
org-crypt's documentation:
https://lists.gnu.org/archive/html/emacs-orgmode/2021-12/msg00675.html.

Regards,

Ignacio

David Masterson <dsmasterson@gmail.com> writes:

> Ihor Radchenko <yantar92@gmail.com> writes:
>
>> David Masterson <dsmasterson@gmail.com> writes:
>>
>>> I think I've gotten org-crypt working, but I think some things are not
>>> making sense (it might be just me):
>>>
>>> 1. I've set org-crypt-key to nil (symmetric encryption).
>>> 2. Can I use a different encryption key for each encrypted paragraph?
>>
>> Yes. For each individual encrypted headline contents. Just enter
>> different passwords when queried to encrypt.
>>
>>> 3. Does org-encrypt only ask for the key the first time?
>>
>> No. Strictly speaking it may depend on you GnuPG config. Not by default.
>>
>>> 4. Does org-decrypt only ask for the key the first time?
>>
>> Depends on your GnuPG config. AFAIK, GnuPG will not cache keys by default.
>>
>>> 5. How do they know where to get the password when they don't ask?
>>
>> From gpg-agent.
>>
>>> 6. Shouldn't org-crypt docs in org manual have examples?
>>
>> We can mention org-encrypt-entry/entries and org-decrypt-entry/entries.
>> Would it help?
>
> Yes.  Also, any basic config of gpg to work with.  Also, a simple test
> example to show what should happen to help users determine if their
> heading the right way.
>
> Thanks



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-11 21:29   ` David Masterson
@ 2022-06-12  0:28     ` Tim Cross
  2022-06-12  1:37       ` Ihor Radchenko
  2022-06-12  3:07       ` David Masterson
  0 siblings, 2 replies; 14+ messages in thread
From: Tim Cross @ 2022-06-12  0:28 UTC (permalink / raw)
  To: David Masterson; +Cc: emacs-orgmode


David Masterson <dsmasterson@gmail.com> writes:

> Tim Cross <theophilusx@gmail.com> writes:
>
>> David Masterson <dsmasterson@gmail.com> writes:
>>
>>> I think I've gotten org-crypt working, but I think some things are not
>>> making sense (it might be just me):
>>>
>>> 1. I've set org-crypt-key to nil (symmetric encryption).
>>> 2. Can I use a different encryption key for each encrypted paragraph?
>>> 3. Does org-encrypt only ask for the key the first time?
>>> 4. Does org-decrypt only ask for the key the first time?
>>> 5. How do they know where to get the password when they don't ask?
>>> 6. Shouldn't org-crypt docs in org manual have examples?
>>> Does this make sense -- I think I'm messing something up.
>>
>> Warning: I have not used org-crypt for many years. These days, I just
>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>> However, I think I can probably answer some of your questions -
>
> Hmm, two questions that this brings up:
>
> 1. Do you access your files on (say) iPhone?
> 2. Do you store your files in Git (say Github)?
>

Well, yes and yes, but I don't tend to need to access encrypted files on
iphone. I do have encrypted files in github. For example, I have a
private repository of files I share across computers (Linux and macOS).
Some of these files are gpg encrypted. 

>>> 2. Can I use a different encryption key for each encrypted paragraph?
>>
>> According to the manual -
>>  
>> No, not with symmetric encryption. I think this can only work with
>> asymmetric encryption.
>
> This needs to be spelled out better.

Ihor's response to this indicates I'm incorrect here. As I stated
earlier, it has been a long time since I used org-crypt, so I'd trust
his advice more. However, from a technical perspective, I don't
understand how gnupg or org-crypto can prompt to get the different keys
and know which chunk to apply which key to, but that is my limited
technical expertise more than anything else. With asymmetric encryption,
you specify the key name, so it knows which key belongs with each
encrypted chunk. I don't see in the code how this is handled for
symmetric encryption where no key name is specified. 

With symmetric encryption, the key is really just the passphrase. GnuPG
asks you for the key (passpharase) and it uses that to encrypt/decrypt
the data. With asymmetric, there is a public and private pair and an
associated 'name'. When encrypting, it knows or asks for the key name
and uses the public key and for decrypting, the private key, which most
often (but not always) has a passphrase used to unlock it. 
>
>> If your using symmetric encryption, you typically just have one key for
>> all the data within the file. From the gnuPG perspective, this is just
>> encrypted text. It does not 'know' about different paragraphs. To have
>> different encryption with each paragraph, you would need to specify
>> different keys and there is no mechanism to do that with symmetric
>> encryption only asymmetric.
>
> org-(en/de)crypt ??

Determining which parts are encrypted isn't hard. However, how do you
know which key to associate with each bit? The only solution I can see
is to attempt every known symetric key to each chunk until one works and
if none of the known ones work, ask for another one. This could be how
it works, but that seems extremely inefficient and difficult to manage
to me. 

The other problem is how to prompt for the key. Lets say you have 10
encrypted items in an org file, each encrypted with a different
symmetric key. Org has to ask the user for the key for each one. What
goes into the prompt to give the user an idea which of the 10 different
keys to enter? I guess it could say "Entger key for chunk 1:" and "Enter
key for chunk2":, but I'm not sure that is good. The system could use
the section heading, but I didn't see anything to indicate it would do
that when scanning the code, but perhaps I missed it. 


>
> Hmm, you're suggesting you don't use org-(en/de)crypt.  The manual
> doesn't spell out very well how to do that.  Where do you put your key
> for symmetric encryption?
>

With symmetric encryhption, there is no 'key' to put anywhere. The key
is the password/passphrase. You only have a 'key' with asymmetric
encryption, where you have two files, the private and public key. These
are managed by gnupg in the .gnupg directory (typically). 

One thing which you may find helpful is to look at the 3 separate layers
involved with org-crypt as they all have their own manual and each layer
provides some of the information you are after i.e.

- Encryption/decryption and key management is largely handled by gnupg.
The documentation associated with gnupg is pretty good and will likely
answer many of your questions. 

- The interface to gnupg from within Emacs is managed by easyPG, which
basically consists of two libraries - epa, whihc provides the Emacs
interface layer for gnupg and epg, which provides a library that can be
used by Emacs packages to access gnupg. This is primarily what org-crypt
uses. The easyPG manual is pretty good and contains some good
information.

- org-crypt, which is a very light-weight wrapper around the epg
functions. It provides the basic integration between org and easyPG. 

>> What is your use case where you need multiple symmetric encryption keys
>> in one file?
>
> One broken key doesn't give up the whole file.
>

That might be a false sense of security. The big weakness with symmetric
encryption is they key/passphrase. It suffers from the same problem of
passwords (which are mostly 'human'). If one of your keys is weak enough
it has been broken, the odds are pretty high that the others will be as
well. The likelihood with symmetric encrytion is higher because
everything is based on the key/passphrase you supply. With asymmetric
encryption, the key is not related to the passphrase. To breach the key,
someone needs to either get hold of the private key and the passphrase
(assuming it has a passphrase, which is normal practice for secure
setup) or they need to crack the very strong key. 

For that use case, I would use asymmetric rather than symmetric
encryuption. 

>>> 6. Shouldn't org-crypt docs in org manual have examples?
>>
>> Probably, though I don't know what else you would put in there which
>> isn't already there. Feel free to supply a PR or patch once you have
>> worked it out. However, as noted in the commentary section, org-crypt.el
>> is really a very light-weight wrapper around functions in epg.el, so
>> likely the first place to start when looking for documentation and
>> examples is the epa/epg/easyPG manual
>
> Not good at writing these days, buy I'll consider.

Please do. Often the best documentation comes from end users rather than
developers. The developer is often too close to the code, which makes it
harder for them to appreciate what users don't understand/know. For a
user, the challenges they encounter are often 'fresher' and puts them in
a better place to explain things. People on the list will provide
feedback to help clarify and improve what you write. 

I would highly recommend looking at the easyPG and gnuPG documentation.
It is quite likely all that needs to be done to improve the
documentation is add some appropriate links to the documentation for
those two projects. 


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  0:28     ` Tim Cross
@ 2022-06-12  1:37       ` Ihor Radchenko
  2022-06-12  3:07       ` David Masterson
  1 sibling, 0 replies; 14+ messages in thread
From: Ihor Radchenko @ 2022-06-12  1:37 UTC (permalink / raw)
  To: Tim Cross; +Cc: David Masterson, emacs-orgmode

Tim Cross <theophilusx@gmail.com> writes:

> Ihor's response to this indicates I'm incorrect here. As I stated
> earlier, it has been a long time since I used org-crypt, so I'd trust
> his advice more. However, from a technical perspective, I don't
> understand how gnupg or org-crypto can prompt to get the different keys
> and know which chunk to apply which key to, but that is my limited
> technical expertise more than anything else. With asymmetric encryption,
> you specify the key name, so it knows which key belongs with each
> encrypted chunk. I don't see in the code how this is handled for
> symmetric encryption where no key name is specified. 

If you run M-x org-decrypt-entry, the prompt will be for that entry. It
is up to the user to figure out which key is the key to be used there.

If you run M-x org-decrypt-entries, it simply runs org-decrypt-entry on
each encrypted headline appearing in the buffer. From top to bottom. No
indication will be done about which headline is being processed at any
given point. The user may need to count.

Of course, the last scenario is not very user-friendly, but I doubt that
many users really use different symmetric encryption keys on different
headings in a single file. Nobody bothered enough to implement a more
verbose prompt.

>>> Probably, though I don't know what else you would put in there which
>>> isn't already there. Feel free to supply a PR or patch once you have
>>> worked it out. However, as noted in the commentary section, org-crypt.el
>>> is really a very light-weight wrapper around functions in epg.el, so
>>> likely the first place to start when looking for documentation and
>>> examples is the epa/epg/easyPG manual
>>
>> Not good at writing these days, buy I'll consider.
>
> Please do. Often the best documentation comes from end users rather than
> developers. The developer is often too close to the code, which makes it
> harder for them to appreciate what users don't understand/know. For a
> user, the challenges they encounter are often 'fresher' and puts them in
> a better place to explain things. People on the list will provide
> feedback to help clarify and improve what you write. 

Fully agree. It is too easy to skip "obvious" things in documentation
when you know ins and outs of the code.

Best,
Ihor


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  0:28     ` Tim Cross
  2022-06-12  1:37       ` Ihor Radchenko
@ 2022-06-12  3:07       ` David Masterson
  2022-06-12  4:04         ` Tim Cross
  2022-06-12  4:15         ` Ihor Radchenko
  1 sibling, 2 replies; 14+ messages in thread
From: David Masterson @ 2022-06-12  3:07 UTC (permalink / raw)
  To: Tim Cross; +Cc: emacs-orgmode

Tim Cross <theophilusx@gmail.com> writes:

> David Masterson <dsmasterson@gmail.com> writes:
>
>> Tim Cross <theophilusx@gmail.com> writes:
>>
>>> Warning: I have not used org-crypt for many years. These days, I just
>>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>>> However, I think I can probably answer some of your questions -
>>
>> Hmm, two questions that this brings up:
>>
>> 1. Do you access your files on (say) iPhone?
>> 2. Do you store your files in Git (say Github)?
>>
>
> Well, yes and yes, but I don't tend to need to access encrypted files on
> iphone. I do have encrypted files in github. For example, I have a
> private repository of files I share across computers (Linux and macOS).
> Some of these files are gpg encrypted.

Exactly the system I'm looking for! (or almost)

I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy)
on the iPhone, and a Github private repository.  This is complicated to
the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has
saved me a number of times on resyncing if I change things on both
sides.  But I would like to use more encryption with this.  When it's
secure, I'd like to roll it out on my family's iPhones as well.

> Determining which parts are encrypted isn't hard. However, how do you
> know which key to associate with each bit? The only solution I can see
> is to attempt every known symetric key to each chunk until one works and
> if none of the known ones work, ask for another one. This could be how
> it works, but that seems extremely inefficient and difficult to manage
> to me. 
>
> The other problem is how to prompt for the key. Lets say you have 10
> encrypted items in an org file, each encrypted with a different
> symmetric key. Org has to ask the user for the key for each one. What
> goes into the prompt to give the user an idea which of the 10 different
> keys to enter? I guess it could say "Entger key for chunk 1:" and "Enter
> key for chunk2":, but I'm not sure that is good. The system could use
> the section heading, but I didn't see anything to indicate it would do
> that when scanning the code, but perhaps I missed it. 
>
>
>>
>> Hmm, you're suggesting you don't use org-(en/de)crypt.  The manual
>> doesn't spell out very well how to do that.  Where do you put your key
>> for symmetric encryption?
>>
>
> With symmetric encryhption, there is no 'key' to put anywhere. The key
> is the password/passphrase. You only have a 'key' with asymmetric
> encryption, where you have two files, the private and public key. These
> are managed by gnupg in the .gnupg directory (typically).

Problem with my terminology, I guess.

> One thing which you may find helpful is to look at the 3 separate layers
> involved with org-crypt as they all have their own manual and each layer
> provides some of the information you are after i.e.
>
> - Encryption/decryption and key management is largely handled by gnupg.
> The documentation associated with gnupg is pretty good and will likely
> answer many of your questions.

Hmm. Okay.

> - The interface to gnupg from within Emacs is managed by easyPG, which
> basically consists of two libraries - epa, which provides the Emacs
> interface layer for gnupg and epg, which provides a library that can be
> used by Emacs packages to access gnupg. This is primarily what org-crypt
> uses. The easyPG manual is pretty good and contains some good
> information.

Okay.

> - org-crypt, which is a very light-weight wrapper around the epg
> functions. It provides the basic integration between org and easyPG. 

Org-crypt needs more documentation to point to the other two as well as
provide a simple example to help people know if they are on the right
track.

>>> What is your use case where you need multiple symmetric encryption keys
>>> in one file?
>>
>> One broken key doesn't give up the whole file.
>>
>
> That might be a false sense of security. The big weakness with symmetric
> encryption is they key/passphrase. It suffers from the same problem of
> passwords (which are mostly 'human'). If one of your keys is weak enough
> it has been broken, the odds are pretty high that the others will be as
> well. The likelihood with symmetric encrytion is higher because
> everything is based on the key/passphrase you supply. With asymmetric
> encryption, the key is not related to the passphrase. To breach the key,
> someone needs to either get hold of the private key and the passphrase
> (assuming it has a passphrase, which is normal practice for secure
> setup) or they need to crack the very strong key. 
>
> For that use case, I would use asymmetric rather than symmetric
> encryuption.

Hmm.  Point taken.  I have to work on understanding asymmetric
encryption with org-crypt more.

Thanks
-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  3:07       ` David Masterson
@ 2022-06-12  4:04         ` Tim Cross
  2022-06-12  6:19           ` David Masterson
  2022-06-12  4:15         ` Ihor Radchenko
  1 sibling, 1 reply; 14+ messages in thread
From: Tim Cross @ 2022-06-12  4:04 UTC (permalink / raw)
  To: David Masterson; +Cc: emacs-orgmode


David Masterson <dsmasterson@gmail.com> writes:

> Tim Cross <theophilusx@gmail.com> writes:
>
>> David Masterson <dsmasterson@gmail.com> writes:
>>
>>> Tim Cross <theophilusx@gmail.com> writes:
>>>
>>>> Warning: I have not used org-crypt for many years. These days, I just
>>>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>>>> However, I think I can probably answer some of your questions -
>>>
>>> Hmm, two questions that this brings up:
>>>
>>> 1. Do you access your files on (say) iPhone?
>>> 2. Do you store your files in Git (say Github)?
>>>
>>
>> Well, yes and yes, but I don't tend to need to access encrypted files on
>> iphone. I do have encrypted files in github. For example, I have a
>> private repository of files I share across computers (Linux and macOS).
>> Some of these files are gpg encrypted.
>
> Exactly the system I'm looking for! (or almost)
>
> I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy)
> on the iPhone, and a Github private repository.  This is complicated to
> the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has
> saved me a number of times on resyncing if I change things on both
> sides.  But I would like to use more encryption with this.  When it's
> secure, I'd like to roll it out on my family's iPhones as well.
>

I suspect the challenge will be in getting gnuPG support on the iphone.
I've never tried that and don't know if there is a gnuPG version for
iphone. That would be the first thing I'd try to verify. If you can
encrypt/decrypt on the iphone, it should be possible to handle the rest. 

The one problem you can run into with gpg files and git is that git can
see those as binary files. The general 'rule of thumb' is that you don't
put binary files into git. The thinking is that binary files are
typically generated from some text file and it is the original source
text which you would put into git. There are also some minor technical
issues, mainly with large binary files, which make git somewhat
inefficient. 

The big issue however is that by default, most git forges, like github,
have a limit on the siace of binary files they will allow in git. That
size is reasonably large, but there is a limit which I think you have to
pay to have increased. I've not run into that limit with encrypted
files, but have with PDFs and other formats I wanted to include in my
git repo. 

<snip>

>
> Hmm.  Point taken.  I have to work on understanding asymmetric
> encryption with org-crypt more.
>

The main downside with asymmetric encryption is that if you want
different keys you have to create lots of different keys and manage them
securely. With symmetric encryption, you just have to remember
passwords/passphrases. The big advantage with asymmetric is that
encryption and decryption are separated. Someone can have your public
key and can encrypt data which only you (or whomever has the private
key) can decrypt.

Based on your desire to roll something out to your family, I would
actually recommend a different route. There are some very good open
source password managers out there. Many of them, for a very small fee
(i.e. $12pa), will also provide a few Gb of encrypted file storage as
well. 

What I find good with some of these is that provided you select the
right one, you have full control over the encryption (so the server the
provider uses has your data encrypted and only you have the key) and
they usually have mobile device support. The big benefit is that the
mobile clients will take care of the encryption/decryption bits. 

Personally, I've been using ipassword for years, but if I was setting
things up now from scratch, I would be chekcing out bitwarden and
keypass (as well as some others) as possible alternatives. These
password managers have grown to be  alot more than just password
managers. They typically have some support for encrypted files as well
as 'secure notes'. The basic architecture of many (especailly the open
source ones) is basically the same as your outlined use case - benefit
is they have taken care of all the nitty gritty stuff and most of them
are based on the same technology (i.e. gnupg under the hood). The other
benefit is you also often get support for 2FA/OTP, hardware keys like
yubikey etc. Such solutions are also often easier for family members who
may not be as technical oriented to learn/use.  

I also used lastpass at one of the businesses I worked for. While it was
a pretty good product when it was first released, I would no longer
recommend them. The quality and reliability seems ot have dropped off
significantly once they were sold to LogMeIn.

I did use borg, though not so much since I retired. It worked OK, but I
really just used it to manage tasks and keep notes using my tablet or
iphone (I usually used my ipad for meetings). However, since retirement
and no longer needing to interact with 'enterprise' environments, my
macbook and ipad are pretty much dust collectors! Everything these days
is just on my Linux system. 



^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  3:07       ` David Masterson
  2022-06-12  4:04         ` Tim Cross
@ 2022-06-12  4:15         ` Ihor Radchenko
  2022-06-12  5:55           ` David Masterson
  1 sibling, 1 reply; 14+ messages in thread
From: Ihor Radchenko @ 2022-06-12  4:15 UTC (permalink / raw)
  To: David Masterson; +Cc: Tim Cross, emacs-orgmode

David Masterson <dsmasterson@gmail.com> writes:

>> For that use case, I would use asymmetric rather than symmetric
>> encryuption.
>
> Hmm.  Point taken.  I have to work on understanding asymmetric
> encryption with org-crypt more.

You just need to set org-crypt-key to your key name.

Best,
Ihor


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  4:15         ` Ihor Radchenko
@ 2022-06-12  5:55           ` David Masterson
  2022-06-14  4:13             ` Ihor Radchenko
  0 siblings, 1 reply; 14+ messages in thread
From: David Masterson @ 2022-06-12  5:55 UTC (permalink / raw)
  To: Ihor Radchenko; +Cc: Tim Cross, emacs-orgmode

Ihor Radchenko <yantar92@gmail.com> writes:

> David Masterson <dsmasterson@gmail.com> writes:
>
>>> For that use case, I would use asymmetric rather than symmetric
>>> encryuption.
>>
>> Hmm.  Point taken.  I have to work on understanding asymmetric
>> encryption with org-crypt more.
>
> You just need to set org-crypt-key to your key name.
>

As well as setup GnuPG properly...  ;-)

-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  4:04         ` Tim Cross
@ 2022-06-12  6:19           ` David Masterson
  0 siblings, 0 replies; 14+ messages in thread
From: David Masterson @ 2022-06-12  6:19 UTC (permalink / raw)
  To: Tim Cross; +Cc: emacs-orgmode

Tim Cross <theophilusx@gmail.com> writes:

> David Masterson <dsmasterson@gmail.com> writes:
>
>> Tim Cross <theophilusx@gmail.com> writes:
>>
>>> David Masterson <dsmasterson@gmail.com> writes:
>>>
>>>> Tim Cross <theophilusx@gmail.com> writes:
>>>>
>>>>> Warning: I have not used org-crypt for many years. These days, I just
>>>>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>>>>> However, I think I can probably answer some of your questions -
>>>>
>>>> Hmm, two questions that this brings up:
>>>>
>>>> 1. Do you access your files on (say) iPhone?
>>>> 2. Do you store your files in Git (say Github)?
>>>>
>>>
>>> Well, yes and yes, but I don't tend to need to access encrypted files on
>>> iphone. I do have encrypted files in github. For example, I have a
>>> private repository of files I share across computers (Linux and macOS).
>>> Some of these files are gpg encrypted.
>>
>> Exactly the system I'm looking for! (or almost)
>>
>> I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy)
>> on the iPhone, and a Github private repository.  This is complicated to
>> the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has
>> saved me a number of times on resyncing if I change things on both
>> sides.  But I would like to use more encryption with this.  When it's
>> secure, I'd like to roll it out on my family's iPhones as well.
>>
>
> I suspect the challenge will be in getting gnuPG support on the iphone.
> I've never tried that and don't know if there is a gnuPG version for
> iphone. That would be the first thing I'd try to verify. If you can
> encrypt/decrypt on the iphone, it should be possible to handle the
> rest.

Ah, that's the "almost" that I'm still figuring out.  BeOrg can work
with symmetric encryption and org-crypt (perhaps also epa) which stores
the encrypted stuff as text in the Org file (therefore, fully Git
compatible).  I'll have to look at BeOrg more about asymmetric
encryption as well as full file encryption.

> The one problem you can run into with gpg files and git is that git can
> see those as binary files. The general 'rule of thumb' is that you don't
> put binary files into git. The thinking is that binary files are
> typically generated from some text file and it is the original source
> text which you would put into git. There are also some minor technical
> issues, mainly with large binary files, which make git somewhat
> inefficient.

> The big issue however is that by default, most git forges, like github,
> have a limit on the siace of binary files they will allow in git. That
> size is reasonably large, but there is a limit which I think you have to
> pay to have increased. I've not run into that limit with encrypted
> files, but have with PDFs and other formats I wanted to include in my
> git repo. 

Yeah, saw some discussion on that and shied away...

> Based on your desire to roll something out to your family, I would
> actually recommend a different route. There are some very good open
> source password managers out there. Many of them, for a very small fee
> (i.e. $12pa), will also provide a few Gb of encrypted file storage as
> well.

Been using free versions of KeePass w/ Cloud storage.  Very powerful on
Windows.  Reasonable elsewhere.

The family is relatively easy when I have a stable environment.  That
involves full documentation with key things encrypted. I'm not sure
about having them use BeOrg yet, though.

> What I find good with some of these is that provided you select the
> right one, you have full control over the encryption (so the server the
> provider uses has your data encrypted and only you have the key) and
> they usually have mobile device support. The big benefit is that the
> mobile clients will take care of the encryption/decryption bits.

I wanted to use Keybase (encrypted cloud-based Git) which would've
covered everything, but it seems to have been bought out and died.

-- 
David Masterson


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: org-crypt ?
  2022-06-12  5:55           ` David Masterson
@ 2022-06-14  4:13             ` Ihor Radchenko
  0 siblings, 0 replies; 14+ messages in thread
From: Ihor Radchenko @ 2022-06-14  4:13 UTC (permalink / raw)
  To: David Masterson; +Cc: Tim Cross, emacs-orgmode

David Masterson <dsmasterson@gmail.com> writes:

>> You just need to set org-crypt-key to your key name.
>>
>
> As well as setup GnuPG properly...  ;-)

I remeber using https://wiki.gentoo.org/wiki/GnuPG as a reference.

Best,
Ihor


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2022-06-14  4:13 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-10  4:08 org-crypt ? David Masterson
2022-06-11  3:35 ` Tim Cross
2022-06-11 21:29   ` David Masterson
2022-06-12  0:28     ` Tim Cross
2022-06-12  1:37       ` Ihor Radchenko
2022-06-12  3:07       ` David Masterson
2022-06-12  4:04         ` Tim Cross
2022-06-12  6:19           ` David Masterson
2022-06-12  4:15         ` Ihor Radchenko
2022-06-12  5:55           ` David Masterson
2022-06-14  4:13             ` Ihor Radchenko
2022-06-11  4:17 ` Ihor Radchenko
2022-06-11 21:17   ` David Masterson
2022-06-11 21:46     ` Ignacio Casso

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).