From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id oJioNx8YpGKwMwEAbAwnHQ (envelope-from ) for ; Sat, 11 Jun 2022 06:20:48 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id cNalNh8YpGKEQAAAG6o9tA (envelope-from ) for ; Sat, 11 Jun 2022 06:20:47 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7549A137AB for ; Sat, 11 Jun 2022 06:20:47 +0200 (CEST) Received: from localhost ([::1]:57578 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nzscA-0005fO-K1 for larch@yhetil.org; Sat, 11 Jun 2022 00:20:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33872) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzsbh-0005fF-L0 for emacs-orgmode@gnu.org; Sat, 11 Jun 2022 00:20:17 -0400 Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]:35421) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nzsbf-0005dv-Tm for emacs-orgmode@gnu.org; Sat, 11 Jun 2022 00:20:17 -0400 Received: by mail-pl1-x629.google.com with SMTP id o6so844763plg.2 for ; Fri, 10 Jun 2022 21:20:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:subject:date:in-reply-to:message-id :mime-version; bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=; b=na93MRi8uZ0+Ov74WGcIGVs5rQB5LhBh70mFHxWxIm82Z+14uQgXV4EIOVgAIaNbqE tUmCEq8KzW+UWT/VO7kfq/6wamfxQBQQsSsJp/F0dYB3KalTa5LQsGR7+LHGy9e83lUn hF2o3Skq45mo1VdBK6k7vrzVOVRqtCTQAgtzTQNRMLbLtTyDMOlk9QUKwOPTbLtRk2Rl HY9Ocwi8uTQyPm62YjSMHgzza+i6hbBS7slQSbZMglKjuCHKcx86CTgHcpu/FKc2Fuqx tWSoEWrJaq2tiSJV8uukuhmoE9DzRWR321MxlkRUZITPih36Cctl3L0Op7gmatyv++Zr Ke0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:subject:date :in-reply-to:message-id:mime-version; bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=; b=uzluMoQx7fu2eGsylZBzTJyLF58vG4l5FfkVcUCysG5ukI+dfeV9D56JK+oBaQtcmx sEvgBhZAXbyz11OdBacd050lFr2kL/oDkzjq2cz7gPdYk+ocLaiezh2Qk6Fgqadgqcoi anq3P8o/UjLUT5dBcEDY7z4XUIirqOs02DKxvOftLqGmnMmbGbZrnK6SJOAsm+eTB7Cc vydz09+X6felnwfIS91foaYE8N+RUDNDb7oqumSlw1h2DxhvjripF7Wq0Vb+cDerVjfr ynHd+RQtYj6UAlum1DF6o4HOQ6p+xaPQFSRRIebA7bpFijh7Y9LADCV4t2DbPj64O3R/ Evyg== X-Gm-Message-State: AOAM5331C3PoJSYrcQgacq09lqEAqONSb1cUrUkOF45iDvSvYsAJVjC9 p/5UhL17m8BFy1VOHn9iEdnjwF5sMzk= X-Google-Smtp-Source: ABdhPJzfV6ETwAs26IfwC3uENduLp8xsm9actAVub2QM2nOiM7J7U3yE4mY+LDmcmNvygcsA7IZHrQ== X-Received: by 2002:a17:902:f641:b0:15f:21f8:92a1 with SMTP id m1-20020a170902f64100b0015f21f892a1mr49631734plg.56.1654921213884; Fri, 10 Jun 2022 21:20:13 -0700 (PDT) Received: from dingbat (2001-44b8-31f2-bb00-358b-7027-65fe-0462.static.ipv6.internode.on.net. [2001:44b8:31f2:bb00:358b:7027:65fe:462]) by smtp.gmail.com with ESMTPSA id z28-20020a62d11c000000b0051bc44f26d9sm421957pfg.23.2022.06.10.21.20.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jun 2022 21:20:13 -0700 (PDT) References: User-agent: mu4e 1.7.26; emacs 28.1.50 From: Tim Cross To: emacs-orgmode@gnu.org Subject: Re: org-crypt ? Date: Sat, 11 Jun 2022 13:35:26 +1000 In-reply-to: Message-ID: <871qvvesqh.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::629; envelope-from=theophilusx@gmail.com; helo=mail-pl1-x629.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654921247; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=; b=RtkoXRd08uUkKtEa4EZYaxPPb/CdPHTkOg2nKziYt+U3dRrXt7Eb5xvjvzqd4l2Eh+CYHr zRY/Ip9CnRF3IWmIEY7Q04OXrYiuSugdAVo1qLK+wmaGYyaPkt5aTDRZTh5DNMC9W2CvmT WNt3e/P1kS462DL2NOzWur5fZh00krqjlEFbYj5lPC3y13U5Oo0FVV2+7Ex7SQxmdrsOwE f5XSzCrJKR2fsyR3AUspTWhGoBujkdIVi7Rl+3kO3W32aOBrG26cRl5kPt442W/U9JGn2v sFxpyM8g2bB6lZkVb8yTrUe8tECU+mR9Okfq5oxd+rEc2vEFG2OoBOQ4tuVcvg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654921247; a=rsa-sha256; cv=none; b=f65YWBs80xXr/w99wWJHWTHYqz7KieXn/MTEFB6rB1x84rNKPIcGunQCTNVxi0+MsQ07Bu dcP6Y7ue+JYBvsAsvNmDzZqf4ma2J5jRUUhpCpUnEN6pHdW5JbEKB3c4BybJYPAsNmo/4H XT7AlfG8NNa6HSgQAibOe34347q84TrfFXl2WaFC3XplxEGLip8HYRu9sVkGDMjGoPGMm8 eD3sfh4YONIIEYsh3EFTZ3cYcHU8hDTOFx4nDfedwMipw2Lv9pG3FsLNrnHUzyBJyfSRCS y+IpGbftjie9kUFV0wAmR+wzz4U35SUv+YVcj8PcWd0mqr5MUieGB1HLKL6fpw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=na93MRi8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -7.98 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=na93MRi8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7549A137AB X-Spam-Score: -7.98 X-Migadu-Scanner: scn0.migadu.com X-TUID: t1yr4X7DtqAY David Masterson writes: > I think I've gotten org-crypt working, but I think some things are not > making sense (it might be just me): > > 1. I've set org-crypt-key to nil (symmetric encryption). > 2. Can I use a different encryption key for each encrypted paragraph? > 3. Does org-encrypt only ask for the key the first time? > 4. Does org-decrypt only ask for the key the first time? > 5. How do they know where to get the password when they don't ask? > 6. Shouldn't org-crypt docs in org manual have examples? > Does this make sense -- I think I'm messing something up. Warning: I have not used org-crypt for many years. These days, I just use a .org.gpg extensions and symmetrically encrypt the whole file. However, I think I can probably answer some of your questions - > 2. Can I use a different encryption key for each encrypted paragraph? According to the manual - No, not with symmetric encryption. I think this can only work with asymmetric encryption. If your using symmetric encryption, you typically just have one key for all the data within the file. From the gnuPG perspective, this is just encrypted text. It does not 'know' about different paragraphs. To have different encryption with each paragraph, you would need to specify different keys and there is no mechanism to do that with symmetric encryption only asymmetric. What is your use case where you need multiple symmetric encryption keys in one file? > 3. Does org-encrypt only ask for the key the first time? > 4. Does org-decrypt only ask for the key the first time? Well that can depend on your environment and how it is configured. These days, most Linux desktops and macOS have a form of GPG Agent and/or keyring (I'd assume similar wiht Windows, but don't use that platform). Typically, these agents/keyrings are configured to cache passphrases for a period of time. Sometimes, you can tell the keyring keys it has access to without the passphrase provided your login key has been 'opened'. So for example, the passwords for my imap accounts are in a gpg file and I've told my keyring agent to always allow access to those keys (this was an option in the passphrase dialogue box). I also think epa has support for caching of passphrases. Therefore, it could be that Emacs is caching the key for you and it will keep it in a session cache for a period of time or until the session is closed. One way to sort out where the caching is occurring might be to try decrypting outside of Emacs just using gnupg. If it asks for the key but does not ask when doing it within Emacs, then it is probably Emacs doing the caching. > 5. How do they know where to get the password when they don't ask? See above re: caching, keyrings and gpg agents. > 6. Shouldn't org-crypt docs in org manual have examples? Probably, though I don't know what else you would put in there which isn't already there. Feel free to supply a PR or patch once you have worked it out. However, as noted in the commentary section, org-crypt.el is really a very light-weight wrapper around functions in epg.el, so likely the first place to start when looking for documentation and examples is the epa/epg/easyPG manual