From: David Masterson <dsmasterson@gmail.com>
To: Tim Cross <theophilusx@gmail.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: org-crypt ?
Date: Sat, 11 Jun 2022 23:19:22 -0700 [thread overview]
Message-ID: <SJ0PR03MB545563C49BED3613E0DAA6D9A2A89@SJ0PR03MB5455.namprd03.prod.outlook.com> (raw)
In-Reply-To: <87k09mwl1w.fsf@gmail.com> (Tim Cross's message of "Sun, 12 Jun 2022 14:04:45 +1000")
Tim Cross <theophilusx@gmail.com> writes:
> David Masterson <dsmasterson@gmail.com> writes:
>
>> Tim Cross <theophilusx@gmail.com> writes:
>>
>>> David Masterson <dsmasterson@gmail.com> writes:
>>>
>>>> Tim Cross <theophilusx@gmail.com> writes:
>>>>
>>>>> Warning: I have not used org-crypt for many years. These days, I just
>>>>> use a .org.gpg extensions and symmetrically encrypt the whole file.
>>>>> However, I think I can probably answer some of your questions -
>>>>
>>>> Hmm, two questions that this brings up:
>>>>
>>>> 1. Do you access your files on (say) iPhone?
>>>> 2. Do you store your files in Git (say Github)?
>>>>
>>>
>>> Well, yes and yes, but I don't tend to need to access encrypted files on
>>> iphone. I do have encrypted files in github. For example, I have a
>>> private repository of files I share across computers (Linux and macOS).
>>> Some of these files are gpg encrypted.
>>
>> Exactly the system I'm looking for! (or almost)
>>
>> I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy)
>> on the iPhone, and a Github private repository. This is complicated to
>> the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has
>> saved me a number of times on resyncing if I change things on both
>> sides. But I would like to use more encryption with this. When it's
>> secure, I'd like to roll it out on my family's iPhones as well.
>>
>
> I suspect the challenge will be in getting gnuPG support on the iphone.
> I've never tried that and don't know if there is a gnuPG version for
> iphone. That would be the first thing I'd try to verify. If you can
> encrypt/decrypt on the iphone, it should be possible to handle the
> rest.
Ah, that's the "almost" that I'm still figuring out. BeOrg can work
with symmetric encryption and org-crypt (perhaps also epa) which stores
the encrypted stuff as text in the Org file (therefore, fully Git
compatible). I'll have to look at BeOrg more about asymmetric
encryption as well as full file encryption.
> The one problem you can run into with gpg files and git is that git can
> see those as binary files. The general 'rule of thumb' is that you don't
> put binary files into git. The thinking is that binary files are
> typically generated from some text file and it is the original source
> text which you would put into git. There are also some minor technical
> issues, mainly with large binary files, which make git somewhat
> inefficient.
> The big issue however is that by default, most git forges, like github,
> have a limit on the siace of binary files they will allow in git. That
> size is reasonably large, but there is a limit which I think you have to
> pay to have increased. I've not run into that limit with encrypted
> files, but have with PDFs and other formats I wanted to include in my
> git repo.
Yeah, saw some discussion on that and shied away...
> Based on your desire to roll something out to your family, I would
> actually recommend a different route. There are some very good open
> source password managers out there. Many of them, for a very small fee
> (i.e. $12pa), will also provide a few Gb of encrypted file storage as
> well.
Been using free versions of KeePass w/ Cloud storage. Very powerful on
Windows. Reasonable elsewhere.
The family is relatively easy when I have a stable environment. That
involves full documentation with key things encrypted. I'm not sure
about having them use BeOrg yet, though.
> What I find good with some of these is that provided you select the
> right one, you have full control over the encryption (so the server the
> provider uses has your data encrypted and only you have the key) and
> they usually have mobile device support. The big benefit is that the
> mobile clients will take care of the encryption/decryption bits.
I wanted to use Keybase (encrypted cloud-based Git) which would've
covered everything, but it seems to have been bought out and died.
--
David Masterson
next prev parent reply other threads:[~2022-06-12 6:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-10 4:08 org-crypt ? David Masterson
2022-06-11 3:35 ` Tim Cross
2022-06-11 21:29 ` David Masterson
2022-06-12 0:28 ` Tim Cross
2022-06-12 1:37 ` Ihor Radchenko
2022-06-12 3:07 ` David Masterson
2022-06-12 4:04 ` Tim Cross
2022-06-12 6:19 ` David Masterson [this message]
2022-06-12 4:15 ` Ihor Radchenko
2022-06-12 5:55 ` David Masterson
2022-06-14 4:13 ` Ihor Radchenko
2022-06-11 4:17 ` Ihor Radchenko
2022-06-11 21:17 ` David Masterson
2022-06-11 21:46 ` Ignacio Casso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ0PR03MB545563C49BED3613E0DAA6D9A2A89@SJ0PR03MB5455.namprd03.prod.outlook.com \
--to=dsmasterson@gmail.com \
--cc=emacs-orgmode@gnu.org \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).