emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Tim Cross <theophilusx@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: org-crypt ?
Date: Sat, 11 Jun 2022 13:35:26 +1000	[thread overview]
Message-ID: <871qvvesqh.fsf@gmail.com> (raw)
In-Reply-To: <SJ0PR03MB545565C9BB903C89277AD353A2A69@SJ0PR03MB5455.namprd03.prod.outlook.com>


David Masterson <dsmasterson@gmail.com> writes:

> I think I've gotten org-crypt working, but I think some things are not
> making sense (it might be just me):
>
> 1. I've set org-crypt-key to nil (symmetric encryption).
> 2. Can I use a different encryption key for each encrypted paragraph?
> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?
> 5. How do they know where to get the password when they don't ask?
> 6. Shouldn't org-crypt docs in org manual have examples?
> Does this make sense -- I think I'm messing something up.


Warning: I have not used org-crypt for many years. These days, I just
use a .org.gpg extensions and symmetrically encrypt the whole file.
However, I think I can probably answer some of your questions -

> 2. Can I use a different encryption key for each encrypted paragraph?

According to the manual -


 
No, not with symmetric encryption. I think this can only work with
asymmetric encryption. 

If your using symmetric encryption, you typically just have one key for
all the data within the file. From the gnuPG perspective, this is just
encrypted text. It does not 'know' about different paragraphs. To have
different encryption with each paragraph, you would need to specify
different keys and there is no mechanism to do that with symmetric
encryption only asymmetric.

What is your use case where you need multiple symmetric encryption keys
in one file?

> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?

Well that can depend on your environment and how it is configured. These
days, most Linux desktops and macOS have a form of GPG Agent and/or
keyring (I'd assume similar wiht Windows, but don't use that platform).
Typically, these agents/keyrings are configured to cache passphrases for
a period of time. Sometimes, you can tell the keyring keys it has access
to without the passphrase provided your login key has been 'opened'. So
for example, the passwords for my imap accounts are in a gpg file and
I've told my keyring agent to always allow access to those keys (this
was an option in the passphrase dialogue box). 

I also think epa has support for caching of passphrases. Therefore, it
could be that Emacs is caching the key for you and it will keep it in a
session cache for a period of time or until the session is closed. 

One way to sort out where the caching is occurring might be to try
decrypting outside of Emacs just using gnupg. If it asks for the key but
does not ask when doing it within Emacs, then it is probably Emacs doing
the caching. 

> 5. How do they know where to get the password when they don't ask?

See above re: caching, keyrings and gpg agents.

> 6. Shouldn't org-crypt docs in org manual have examples?

Probably, though I don't know what else you would put in there which
isn't already there. Feel free to supply a PR or patch once you have
worked it out. However, as noted in the commentary section, org-crypt.el
is really a very light-weight wrapper around functions in epg.el, so
likely the first place to start when looking for documentation and
examples is the epa/epg/easyPG manual


  reply	other threads:[~2022-06-11  4:20 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-10  4:08 org-crypt ? David Masterson
2022-06-11  3:35 ` Tim Cross [this message]
2022-06-11 21:29   ` David Masterson
2022-06-12  0:28     ` Tim Cross
2022-06-12  1:37       ` Ihor Radchenko
2022-06-12  3:07       ` David Masterson
2022-06-12  4:04         ` Tim Cross
2022-06-12  6:19           ` David Masterson
2022-06-12  4:15         ` Ihor Radchenko
2022-06-12  5:55           ` David Masterson
2022-06-14  4:13             ` Ihor Radchenko
2022-06-11  4:17 ` Ihor Radchenko
2022-06-11 21:17   ` David Masterson
2022-06-11 21:46     ` Ignacio Casso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=871qvvesqh.fsf@gmail.com \
    --to=theophilusx@gmail.com \
    --cc=emacs-orgmode@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).