* [BUG] org-crypt: CRYPTKEY property does not work as expected [9.5.1 (9.5.1-g36086a @ /home/ignacio/.emacs.d/elpa/org-9.5.1/)]
@ 2021-12-29 19:39 Ignacio Casso
0 siblings, 0 replies; only message in thread
From: Ignacio Casso @ 2021-12-29 19:39 UTC (permalink / raw)
I think I have found a bug in org-crypt, or that org-crypt documentation
is not clear enough. The following configuration snippet in the
org-crypt section of the org manual, as well as the docstring for
org-crypt-key, suggest that a key value of nil can be used to specify
(setq org-crypt-key nil)
;; GPG key to use for encryption
;; Either the Key ID or set to nil to use symmetric encryption.
The same section of the manual, and again the docstring for
org-crypt-key, suggest that the value of org-crypt-key can be overridden
with the CRYPTKEY property.
However, if I set in my configuration org-crypt-key to nil, to use
symmetric encryption by default, and try to override it in a heading
setting the CRYPTKEY property to one of my keys, it still uses symmetric
encryption and prompts me for a password.
And if I set in my configuration org-crypt-key to one of my keys, to use
it by default, and try to override it in a heading setting the CRYPTKEY
property to nil to use symmetric encryption, it still uses my key and
does not prompt me for a password.
In both cases, if I use as key value a string that does not match any
key instead of nil (e.g, the empty string ""), which also means
symmetric encryption if epa-file-encrypt-to is not set according to the
docstring of org-crypt-key, everything works as expected.
So maybe that is the only value that should be used to specify symmetric
encryption when you want to combine it with asymmetric encryption
depending of the file or entry, but if that is the case I think the
documentation does not insist on that fact enough. It's true that the
docstring for org-crypt-key does say "If this variable is nil, always
use symmetric encryption, unconditionally.", and that "unconditionally"
could be interpreted as even if a CRYPTKEY property has been set, but
for me that is not clear enough and I only considered that
interpretation after having this issue and debugging it for a while.
To exhibit the behaviour exposed, the following simple org and init
files and playing around with the value of org-crypt-key suffice:
* Encrypted heading 1 :crypt:
This text should be encrypted using <some-key>, regardless of the
value of org-crypt-key
* Encrypted heading 2 :crypt:
This text should be encrypted using symmetric encryption,
regardless of the value of org-crypt-key
(add-to-list 'org-tags-exclude-from-inheritance "crypt")
(customize-set-variable org-crypt-disable-auto-save t)
(setq org-crypt-key nil)
;; (setq org-crypt-key "<some-key-id>")
Emacs : GNU Emacs 26.3 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.24.14)
of 2020-03-26, modified by Debian
Package: Org mode version 9.5.1 (9.5.1-g36086a @ /home/ignacio/.emacs.d/elpa/org-9.5.1/)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-12-29 20:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-29 19:39 [BUG] org-crypt: CRYPTKEY property does not work as expected [9.5.1 (9.5.1-g36086a @ /home/ignacio/.emacs.d/elpa/org-9.5.1/)] Ignacio Casso
Code repositories for project(s) associated with this inbox:
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).