From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Danjou Subject: Re: org-crypt.el security problem (From: Milan Zamazal) Date: Sun, 06 Mar 2011 11:47:34 +0100 Message-ID: <871v2kseyh.fsf@keller.adm.naquadah.org> References: <87bp1quc7q.fsf@keller.adm.naquadah.org> <874o7glg8q.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from [140.186.70.92] (port=34494 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PwBVD-0000VE-Li for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:47:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PwBVC-0001nd-DF for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:47:55 -0500 Received: from prometheus.naquadah.org ([212.85.154.174]:53721 helo=mx1.naquadah.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PwBVC-0001nJ-5C for emacs-orgmode@gnu.org; Sun, 06 Mar 2011 05:47:54 -0500 In-Reply-To: <874o7glg8q.fsf@gnu.org> (Bastien's message of "Sun, 06 Mar 2011 11:01:41 +0100") List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Bastien Cc: emacs-orgmode@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sun, Mar 06 2011, Bastien wrote: > I've seen org-encrypt-string but I don't see we could use it for the=20 > problem at hand.=20=20 Just saying that if you don't use it, youe re-encryption on auto-save will ask the user for its passphrase if he is not using any agent. > Also, the purpose is to encrypt the auto-saved buffer and *not* the > visited buffer -- which I don't know how to do.=20=20 Add org-encrypt-entries to auto-save-hook and org-decrypt-entries-which were-not-decryped to after-auto-save-hook=E2=80=A6 which does not seems to exist. :) What I can also suggest is to never show the encrypted block in the Org buffer. This is what I do in my configuration: on Org file loading, I decrypt all entries. Therefore I never see the GPG block. When I save, everything is encrypted, written, and then re-decrypted. Using org-crypt this way, it would be easy to fix auto-save-hook. With the current way on letting the user decrypt heading by heading, it does not seems that easy. :) =2D-=20 Julien Danjou =E2=9D=B1 http://julien.danjou.info --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJNc2ZGAAoJEGEbqVCLeKXCz4AP/jzyjxnvsui2Yu3h5CqYNEps qlEvWfXuHXn0p5/la7oYnPbLrw3CNyCV4/MPcGrRJGzVeK+JS4r3FyUYOwpeby1l i4gx+9SHVWclsocGa5tXIDN1kBJ7JY6GesIFD6S8sH5PCO2cxd+hkv2SHM6wu3N4 SswixeGDmJiwqUbpRJXdIDMlZSlo+A8747lLRXRJa5bmw7IZpFU175i7tOgsxWGf 4JJAi8pFSaen5+3TDqxqRno/gNIQdl2dTY1pPxixcjrZkpUxF7i9YAffoAJMOlEI Fpcp8bLlNqmzuZJys8hevRZUBPPVf354bW7OdYt9e4iamg2TL8KiOLUD5smlqX3w qUVIRyyQ1RcJla5MvhEx66vVLdFWMgxsJg0pOdsZ/EvYLc82wPhFmR5YSEJ8+pp5 VRrGO2LUkyXhyQaUg8u2CJIG1zjDvDURxtR1shQRepvCV/maXmFFM4GD1GauACXM N1p5YsnBguP+jMMYNddfc9uYlrQ3Hc4h5sXp54HXQFhIR+jVHcDrhamvZUmpF8o5 jpj0GH0GSLtJ2p6WZFCxK8fK3NfjA3xuw6Fa7v2+lW30dGTLg0kzFQmKrQF0vqhq vF2QVRScvSfqLTo+kGtJQgAjmvrvqWyXsorSG3HMVUbJ9Kz+4d/H4/4RaOjtA3X0 AM3VeZaGhXMiLQITTpjA =Nfx5 -----END PGP SIGNATURE----- --=-=-=--