emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
* Org export to HTML with encrypted information ??
@ 2019-11-29  7:24 David Masterson
  2019-11-29  8:50 ` Colin Baxter
                   ` (3 more replies)
  0 siblings, 4 replies; 9+ messages in thread
From: David Masterson @ 2019-11-29  7:24 UTC (permalink / raw)
  To: emacs-orgmode

My use-case is this:

I'd like to use Org to write up *all* the information about my family
life (so to speak) including medical histories of my family, issues with
the house, bank accounts, financial information, etc., so that my family
has all the information to refer to when necessary in a (hopefully)
well-structured form.  Naturally, this is going to have a fair amount of
really sensitive information.  By carefully outlining the information, I
can structure the sensitive information to be in key parts of the
documents that I can then encrypt using org-crypt.

That part is straightforward.  The tricky part is that my family is not
"Emacs literate" and, so, I'm thinking the best idea is to export the
information from Org files to HTML files so that I can then present to
them as a website.  They are used to browsing the web, so this should be
more natural to them.  The problem that I'm looking for help with is how
to deal with the encrypted information?  Any suggestions?

--
David

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29  7:24 Org export to HTML with encrypted information ?? David Masterson
@ 2019-11-29  8:50 ` Colin Baxter
  2019-12-02  6:22   ` David Masterson
  2019-11-29 11:19 ` Marcin Borkowski
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 9+ messages in thread
From: Colin Baxter @ 2019-11-29  8:50 UTC (permalink / raw)
  To: David Masterson; +Cc: emacs-orgmode

>>>>> David Masterson <dsmasterson@outlook.com> writes:

    > My use-case is this: I'd like to use Org to write up *all* the
    > information about my family life (so to speak) including medical
    > histories of my family, issues with the house, bank accounts,
    > financial information, etc., so that my family has all the

I would strongly advise against including any financial or medical
information. All encryption is breakable given adequate resources. I
suggest that you would be providing sufficient motivation for someone 
to garner those resources.

-- 
Colin Baxter
www.Colin-Baxter.com

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29  7:24 Org export to HTML with encrypted information ?? David Masterson
  2019-11-29  8:50 ` Colin Baxter
@ 2019-11-29 11:19 ` Marcin Borkowski
  2019-11-29 14:27   ` George Mauer
  2019-12-21  4:19 ` stardiviner
  2019-12-21 22:50 ` David R
  3 siblings, 1 reply; 9+ messages in thread
From: Marcin Borkowski @ 2019-11-29 11:19 UTC (permalink / raw)
  To: David Masterson; +Cc: emacs-orgmode


On 2019-11-29, at 08:24, David Masterson <dsmasterson@outlook.com> wrote:

> My use-case is this:
>
> I'd like to use Org to write up *all* the information about my family
> life (so to speak) including medical histories of my family, issues with
> the house, bank accounts, financial information, etc., so that my family
> has all the information to refer to when necessary in a (hopefully)
> well-structured form.  Naturally, this is going to have a fair amount of
> really sensitive information.  By carefully outlining the information, I
> can structure the sensitive information to be in key parts of the
> documents that I can then encrypt using org-crypt.
>
> That part is straightforward.  The tricky part is that my family is not
> "Emacs literate" and, so, I'm thinking the best idea is to export the
> information from Org files to HTML files so that I can then present to
> them as a website.  They are used to browsing the web, so this should be
> more natural to them.  The problem that I'm looking for help with is how
> to deal with the encrypted information?  Any suggestions?

This is a very interesting and important question.  I don't have any
advice, but I would very much like to hear what others have to say.

While this does not answer your question (but is related): who is going
to have the password/passphrase?  Have you considered using a secret
sharing scheme?

Best,

-- 
Marcin Borkowski
http://mbork.pl

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29 11:19 ` Marcin Borkowski
@ 2019-11-29 14:27   ` George Mauer
  2019-11-30  2:57     ` wry
  0 siblings, 1 reply; 9+ messages in thread
From: George Mauer @ 2019-11-29 14:27 UTC (permalink / raw)
  To: emacs-orgmode

[-- Attachment #1: Type: text/plain, Size: 2597 bytes --]

Basic "I'm not too worried about it" level of security: stick it on a
webserver using .htaccess to demand a password. Make that password halfway
decent.

Better option: export to PDF by either exporting to HTML or latex and then
using that system's PDF export. Keep both PDF and original in a folder on
Google drive or Dropbox that is shared only with those who need access. (No
password needed at all so you won't have someone compromising you with a
crap password)

Best option: same thing but store those files in a respected password
manager like 1password or keepass. Train your family to use the password
manager. Use it as a vault for all sorts of "just in case, they should
know" info.

In theory, you could even automate things to work on a deadman's switch.
Have a system that pings you via email, SMS, or another communications
mechanism weekly. If you don't respond within a few days, it automatically
shares the aforementioned files using gdrive, Dropbox, 1password, etc (not
email though - email is not secure)

On Fri, Nov 29, 2019, 5:56 AM Marcin Borkowski <mbork@mbork.pl> wrote:

>
> On 2019-11-29, at 08:24, David Masterson <dsmasterson@outlook.com> wrote:
>
> > My use-case is this:
> >
> > I'd like to use Org to write up *all* the information about my family
> > life (so to speak) including medical histories of my family, issues with
> > the house, bank accounts, financial information, etc., so that my family
> > has all the information to refer to when necessary in a (hopefully)
> > well-structured form.  Naturally, this is going to have a fair amount of
> > really sensitive information.  By carefully outlining the information, I
> > can structure the sensitive information to be in key parts of the
> > documents that I can then encrypt using org-crypt.
> >
> > That part is straightforward.  The tricky part is that my family is not
> > "Emacs literate" and, so, I'm thinking the best idea is to export the
> > information from Org files to HTML files so that I can then present to
> > them as a website.  They are used to browsing the web, so this should be
> > more natural to them.  The problem that I'm looking for help with is how
> > to deal with the encrypted information?  Any suggestions?
>
> This is a very interesting and important question.  I don't have any
> advice, but I would very much like to hear what others have to say.
>
> While this does not answer your question (but is related): who is going
> to have the password/passphrase?  Have you considered using a secret
> sharing scheme?
>
> Best,
>
> --
> Marcin Borkowski
> http://mbork.pl
>
>

[-- Attachment #2: Type: text/html, Size: 3507 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29 14:27   ` George Mauer
@ 2019-11-30  2:57     ` wry
  2019-12-02  6:20       ` David Masterson
  0 siblings, 1 reply; 9+ messages in thread
From: wry @ 2019-11-30  2:57 UTC (permalink / raw)
  To: emacs-orgmode

Hi,
Here's a simpler flow. See if it would support your use case:

Modern PDF readers support password
encryption. org-latex-export-to-pdf, then encrypt the file and share
it with your family. If you want to keep it offline, give them USB
drives. It's not too late to get black Friday deals on the 2.0 sticks.

Write the password on a sticky note and stick it on your fridge. 

If you're worried about the integrity of the org file on your own
computer, make it a .gpg file instead, and stick something like:

# -*- mode:org; epa-file-encrypt-to: ("your@email.com") -*-

at the top.

Nick

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-30  2:57     ` wry
@ 2019-12-02  6:20       ` David Masterson
  0 siblings, 0 replies; 9+ messages in thread
From: David Masterson @ 2019-12-02  6:20 UTC (permalink / raw)
  To: wry; +Cc: emacs-orgmode

wry@mm.st writes:

> Hi,
> Here's a simpler flow. See if it would support your use case:
>
> Modern PDF readers support password
> encryption. org-latex-export-to-pdf, then encrypt the file and share
> it with your family. If you want to keep it offline, give them USB
> drives. It's not too late to get black Friday deals on the 2.0 sticks.
>
> Write the password on a sticky note and stick it on your fridge. 
>
> If you're worried about the integrity of the org file on your own
> computer, make it a .gpg file instead, and stick something like:
>
> # -*- mode:org; epa-file-encrypt-to: ("your@email.com") -*-
>
> at the top.

This is an interesting idea that I'm considering, but it kind of assumes
that the data is (mostly) static.  Updating the information gets a
little tedious, but it is doable.  Encryption into the cloud makes it a
little easier to keep it up-to-date for the family as I change the data.

--
David

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29  8:50 ` Colin Baxter
@ 2019-12-02  6:22   ` David Masterson
  0 siblings, 0 replies; 9+ messages in thread
From: David Masterson @ 2019-12-02  6:22 UTC (permalink / raw)
  To: Colin Baxter; +Cc: emacs-orgmode

Colin Baxter <m43cap@yandex.com> writes:

>>>>>> David Masterson <dsmasterson@outlook.com> writes:
>
>     > My use-case is this: I'd like to use Org to write up *all* the
>     > information about my family life (so to speak) including medical
>     > histories of my family, issues with the house, bank accounts,
>     > financial information, etc., so that my family has all the
>
> I would strongly advise against including any financial or medical
> information. All encryption is breakable given adequate resources. I
> suggest that you would be providing sufficient motivation for someone 
> to garner those resources.

An issue I am concerned about.  I'm considering the tradeoffs and,
ultimately, may go with a USB key mechanism, but it would make the
process flow more tedious.

--
David

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29  7:24 Org export to HTML with encrypted information ?? David Masterson
  2019-11-29  8:50 ` Colin Baxter
  2019-11-29 11:19 ` Marcin Borkowski
@ 2019-12-21  4:19 ` stardiviner
  2019-12-21 22:50 ` David R
  3 siblings, 0 replies; 9+ messages in thread
From: stardiviner @ 2019-12-21  4:19 UTC (permalink / raw)
  To: emacs-orgmode


David Masterson <dsmasterson@outlook.com> writes:

> My use-case is this:
>
> I'd like to use Org to write up *all* the information about my family
> life (so to speak) including medical histories of my family, issues with
> the house, bank accounts, financial information, etc., so that my family
> has all the information to refer to when necessary in a (hopefully)
> well-structured form.  Naturally, this is going to have a fair amount of
> really sensitive information.  By carefully outlining the information, I
> can structure the sensitive information to be in key parts of the
> documents that I can then encrypt using org-crypt.
>
> That part is straightforward.  The tricky part is that my family is not
> "Emacs literate" and, so, I'm thinking the best idea is to export the
> information from Org files to HTML files so that I can then present to
> them as a website.  They are used to browsing the web, so this should be
> more natural to them.  The problem that I'm looking for help with is how
> to deal with the encrypted information?  Any suggestions?

I have same needs for my all-in-Org knowledge database. I will keep some
personal information in some public Org files but encrypt Org headlines with
org-crypt too.

My idea is still use org-export-to-html. And use JavaScript to decrypt the
encrypted contents. That will have more control on your hand. More choices.

-- 
[ stardiviner ]
       I try to make every word tell the meaning what I want to express.

       Blog: https://stardiviner.github.io/
       IRC(freenode): stardiviner, Matrix: stardiviner
       GPG: F09F650D7D674819892591401B5DF1C95AE89AC3
      

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: Org export to HTML with encrypted information ??
  2019-11-29  7:24 Org export to HTML with encrypted information ?? David Masterson
                   ` (2 preceding siblings ...)
  2019-12-21  4:19 ` stardiviner
@ 2019-12-21 22:50 ` David R
  3 siblings, 0 replies; 9+ messages in thread
From: David R @ 2019-12-21 22:50 UTC (permalink / raw)
  To: emacs-orgmode list

[-- Attachment #1: Type: text/plain, Size: 1388 bytes --]

On Thursday, November 28, 2019, David Masterson <dsmasterson@outlook.com>
wrote:
> My use-case is this:
>
> I'd like to use Org to write up *all* the information about my family
> life (so to speak) including medical histories of my family, issues with
> the house, bank accounts, financial information, etc., so that my family
> has all the information to refer to when necessary in a (hopefully)
> well-structured form.  Naturally, this is going to have a fair amount of
> really sensitive information.  By carefully outlining the information, I
> can structure the sensitive information to be in key parts of the
> documents that I can then encrypt using org-crypt.
>
> That part is straightforward.  The tricky part is that my family is not
> "Emacs literate" and, so, I'm thinking the best idea is to export the
> information from Org files to HTML files so that I can then present to
> them as a website.  They are used to browsing the web, so this should be
> more natural to them.  The problem that I'm looking for help with is how
> to deal with the encrypted information?  Any suggestions?
>


I'd very strongly suggest that this question about sensitive information be
100% handled by handwritten paper documents stored in a safe-deposit box.
Don't allow digital-anything to become involved, at any step.

Non-sensitive information: Do whatever you like.

-- 
-- 
David Rogers

[-- Attachment #2: Type: text/html, Size: 1624 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2019-12-21 22:50 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-29  7:24 Org export to HTML with encrypted information ?? David Masterson
2019-11-29  8:50 ` Colin Baxter
2019-12-02  6:22   ` David Masterson
2019-11-29 11:19 ` Marcin Borkowski
2019-11-29 14:27   ` George Mauer
2019-11-30  2:57     ` wry
2019-12-02  6:20       ` David Masterson
2019-12-21  4:19 ` stardiviner
2019-12-21 22:50 ` David R

Code repositories for project(s) associated with this inbox:

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).