From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id IPZlKbEVfGZiewAAqHPOHw:P1 (envelope-from ) for ; Wed, 26 Jun 2024 13:20:49 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id IPZlKbEVfGZiewAAqHPOHw (envelope-from ) for ; Wed, 26 Jun 2024 15:20:49 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=ciiHAyXY; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1719408049; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=WQkkUSGlH7Qm36s6enm1cTFRi9Zt8qz10hEqaZp01iM=; b=YTcd1/yeLOMZxZUFCQ37SdBdCTsrh8+RhpMRp5J7lDDCmYLH0qpxbQNFi/IPb8g6r6lgKc 9y8lKKY1mnMDReW5ecNEg7AO0fJBnQQnSdIyQGHxHXqYglPyA7l9ZLiCCrgIoNduseXwmW IStCh28JfkdHyowvbFewrsI1KcNqrOWB8Y9fcdEPTNoRdJYsYrJdsRPwsXluNldNgrFFjM 7SdQiSMv8tWUX6VNI8lHMxZ9pc2PHFimk1qf/ooeCHQDYSZssEIpbxuuBswzLaq1qq8SBt YQc+ir0wBksXsj/AL42urXJvAGUPJAj78PxK+7Li20Y5F6tiUkBRosR0cKhFAg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1719408049; a=rsa-sha256; cv=none; b=if/egJ1HT9Wls3rU0u8i+2A+MgaojvwNWTDSpLcQ33uKY6JEUKV06EAng7LLM9PjLQkUKP QoaA6xPIidiFmdVJKIm2idhCuYicMU0CybD8autA1PeyRY3BXLWTpkGnrbuiPWEKGFAwjc rVFWcvqqbcQo+LjiGYAlRqhE3BGSBamCh4oyGkakV79fgCFPcTJkeUBjeCOZgCbEQonMn1 yURJrErPIarRgYM9KWyfNL2qHy8xkqHdkoin6oBhWZo6Gax+T8rAvaZ+/98CmHFP6d6Nfj 3BoqTnSOWvFbQNzADCgojwI9cpw9Wad7HfGjvxd44l+L9y96Xre/Y3kut+ZmqA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=ciiHAyXY; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 286CD77EB4 for ; Wed, 26 Jun 2024 15:20:49 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sMSZ8-0005yz-76; Wed, 26 Jun 2024 09:20:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMSZ6-0005yC-4u for emacs-orgmode@gnu.org; Wed, 26 Jun 2024 09:20:00 -0400 Received: from mout02.posteo.de ([185.67.36.66]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sMSYs-0008IV-VI for emacs-orgmode@gnu.org; Wed, 26 Jun 2024 09:19:59 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 2B5B8240104 for ; Wed, 26 Jun 2024 15:19:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1719407984; bh=UmiDz1NX78cqLoWGBX17bmeFDsLYAeqS2jTKlD0hKec=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type: From; b=ciiHAyXYM9dyqHfpw3gpgHWEhJQdnLG6ujfb+KJJVmji0h3N5ep7qB9QffAAxDFmr 2XVUpK65KNF637KMtLEk9jQuHiCn0lkKIo9U7vaII2NaeruzHQTJMcrpeSAjnUI4m4 iADSAesPrV3AOHMxZCLo3atCxLUZ4D9FJJdysxTtPuLOft2JfcAGbZpp2yO96GoflR R9rbi/0tO96hED/anZ+HazQtLiqChGie11MmvM0yU5QbpOJPGRHcKNCDvpLBZFKJLL neK/cxPZS9GpFg+OT2hEsw+ibgIRNQVzWQN0qz3TwG6wBY13vBP3veMW1MFWqa/YxS ExxXjTdgrZPXw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4W8Mk60dN6z9rxQ; Wed, 26 Jun 2024 15:19:42 +0200 (CEST) From: Ihor Radchenko To: Daniel Clemente Cc: Eli Zaretskii , emacs-orgmode@gnu.org Subject: org-crypt leaking data when encryption password is not entered twice (was: Please document the caching and its user options) In-Reply-To: References: <86ed921oxu.fsf@gnu.org> <874j9vllbp.fsf@localhost> <87o781t676.fsf@localhost> <874j9qs0wh.fsf@localhost> <87ed8mtyp0.fsf@localhost> Date: Wed, 26 Jun 2024 13:21:21 +0000 Message-ID: <87msn7kffy.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.59 X-Spam-Score: -6.59 X-Migadu-Queue-Id: 286CD77EB4 X-Migadu-Scanner: mx11.migadu.com X-TUID: WofwC2gTrnwB Daniel Clemente writes: > Sometimes org-crypt fails to reencrypt the data. E.g. if Emacs > crashes, or if you fail to type the same password twice, or of course > if you don't use (org-crypt-use-before-save-magic), etc. I do not think that there is anything left on disk if Emacs crashes. As for not typing the same password twice and not using org-crypt-use-before-save-magic, we should somehow fix this. (I am starting a new thread branch.) One simple idea is to disable backups if encryption fails. Or use `write-contents-functions' instead of `before-save-hook' - that way, Emacs will not ignore errors thrown by org-crypt and will not actually save anything if encryption fails. > At the end of the day when I do "git diff" + "git commit" sometimes I > realize there's unencrypted data and then I have to reencrypt it. In > the meantime I might have killed and reopened the buffer, thus > updating the file cache. > That may be a problem by org-encrypt and something to document in > org-crypt itself. The point is that users of org-encrypt should take > extra precautions when enabling org-element-cache-persistent. Like: > not closing buffers while the sections are unencrypted. These things should be considered bugs. And we should fix them. Cache and other libraries should not be responsible for special treatment of optional org-crypt library. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at