From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id o5CVD9SFpWJ9EgEAbAwnHQ (envelope-from ) for ; Sun, 12 Jun 2022 08:21:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id +CB+DtSFpWIKnAAAauVa8A (envelope-from ) for ; Sun, 12 Jun 2022 08:21:08 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BD81360BC for ; Sun, 12 Jun 2022 08:21:07 +0200 (CEST) Received: from localhost ([::1]:37486 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o0GyA-00008E-UI for larch@yhetil.org; Sun, 12 Jun 2022 02:21:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34000) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0Gwb-000083-6g for emacs-orgmode@gnu.org; Sun, 12 Jun 2022 02:19:29 -0400 Received: from mail-bn8nam12olkn2013.outbound.protection.outlook.com ([40.92.21.13]:49703 helo=NAM12-BN8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0GwZ-0001AE-2l for emacs-orgmode@gnu.org; Sun, 12 Jun 2022 02:19:28 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W6Pw5XzlW4+eozi8BAYGIFxDOXASV+lB8YXc6007yXQZnOQSxBcsfcuKtv34HjL0w56os3SkpKqXlfXN7L74aJJLXF/QSAj8Es8WTQwQVHp4d8OJ3fM6Ej0mG0p24c/0gETGSz0FSaye+uA3UabDAvvEZBCCiSvYT0A8B8vbByJoCINd+lyTNSdzMERz0TDf7LiBDvQ3F+toMbwjPvc7jnsKJLfB5JqqPOk9AUjFspwipjCAggLxxlFEMK/td9/DmqyK7O3IFofgNzlFd0MMLrpMFXzwHqyICl1yu5damblcysmlrkbNrO3jl39+OHlrOgFPuvJK3UUBMAHGR1YnSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AWZNwKylIS760MrWVG9dad1H90BiVNab4C/AXslBjwU=; b=etf7MDWJyMddmKh5i6EgIXRyhF8eVZ2uMmiZGjgATMAkDgzwwUPo6N4BtuqBBHDmWsLPRjkoGXMKlOYF2PCgz5yLkOWK+FH1O9kdEMYRoOPeU4QXLNQ3BAtsKHFORoWt9cseKzznJqqAct5L/CZomCLu3HLayhLjhCdlMMkqPjgmeL0ULSOuj3vmmlt+uMIvPc0z42c/ZcaFd1oiqJwFs8e9P9j8Lh5bj/nU9PTJZ1N2vyeJAwmD7MzDBMrrnHXQZVdIMkHkmtLBVqOY9tbqLU/+nlwA+zWezLPZ66Swob9Rzew7xgbxHZDz+Yh/M6gb12u3eaTKUO51dlcgUkh1EQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AWZNwKylIS760MrWVG9dad1H90BiVNab4C/AXslBjwU=; b=rJ9MpeIQFfYHjXNvAOiKd8vgYy9Pg1aM1jt8tPncHNC+2i41YSsz8zMUxQV5jABidZWLVRNXloUAp+M88o8lUWnAZgoTxZ/ZvMEdeRIuM1W84lffUQAVxC2zGwN+zI+EKHhCCwLxhza6qlBr6MGa2Hz4pfMjjk+7kaLLjGpRck5eARc89p8VoFgzaQY2gSj4t8u3Flc05NCHnwZK3zifohG9qrvOMSkLZE0cWPE+ICzNEUQdXg3p5Itux9koGuf84B2IIDgHGQHUzAN9brLI4ORhWU9ifOhbsOpQqzWNVqPNqHpo/Y9VrR78Tb70uOTN4Hyue1N3kmtZo+r18N8JnA== Received: from SJ0PR03MB5455.namprd03.prod.outlook.com (2603:10b6:a03:27b::11) by DM4PR03MB6976.namprd03.prod.outlook.com (2603:10b6:8:43::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.15; Sun, 12 Jun 2022 06:19:24 +0000 Received: from SJ0PR03MB5455.namprd03.prod.outlook.com ([fe80::7c01:f3c4:11c6:4050]) by SJ0PR03MB5455.namprd03.prod.outlook.com ([fe80::7c01:f3c4:11c6:4050%8]) with mapi id 15.20.5332.017; Sun, 12 Jun 2022 06:19:24 +0000 From: David Masterson To: Tim Cross Cc: emacs-orgmode@gnu.org Subject: Re: org-crypt ? References: <871qvvesqh.fsf@gmail.com> <871qvuy8vn.fsf@gmail.com> <87k09mwl1w.fsf@gmail.com> Date: Sat, 11 Jun 2022 23:19:22 -0700 In-Reply-To: <87k09mwl1w.fsf@gmail.com> (Tim Cross's message of "Sun, 12 Jun 2022 14:04:45 +1000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) Content-Type: text/plain X-TMN: [A73tXwqfRs05X2lPOOL8r7esUZXhR1j6Gn0aifzoCkITSLp5NHZz6BJe6bE79gqN] X-ClientProxiedBy: SJ0PR03CA0015.namprd03.prod.outlook.com (2603:10b6:a03:33a::20) To SJ0PR03MB5455.namprd03.prod.outlook.com (2603:10b6:a03:27b::11) X-Microsoft-Original-Message-ID: <87pmjes8t1.fsf@gmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 2 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 816b6b3a-6fad-43dc-957f-08da4c3b7ef1 X-MS-TrafficTypeDiagnostic: DM4PR03MB6976:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rJnvKyShi9EjaA21JuqX6FXGbfNaEs8EcPlgmQdiRK8yh1weWMArLmr+lZA8y78Nqj7cMNUmDX1hs/lSo8Bb1cgTmVUaoV6yl4JZHApfkL5AWGZl1UgL3uKJYEa+8v2oNfwc6Wse3EJM0+hmUW1QtUwpYFTKRG14Fmq1wtJGX2hsQOKCoGgoJatRtXyo9Ub0Px1oY9+ZeNlcgktWwD+7T7JkQjLu28xHkquO5wqQ7Xb3L05J7ZyKqFTFk7hpWI0fXgiC3+2LpcXvjr/ypdAWWgbnRifv6B3aiU3chcaE6VMLPCqeZbdKrnatD3i8fTY1Er4PZRk8XD1c0k6QzHZ50JJptle+tTlkFkmGfs2tEaBWiwZTPq7btmJU5K6TysYaziAT5ATfWo5s5AZmaBTRh9hoHpvZfddf/hzfTIO+XBet/pb4qDHE16KEPcO+Fy/cPsyInoAAdY990GNQzIUDd9/nhhnfrhtsO7lFH24Im/cwGmQPv4n+97sL9b23P9gDAowmH/ihfe1kbrO1Isle5aGm+sk+M5jj3U+tvtHX/n4ukDYgMI9h/yWCGCAmV5aAkQolBJ2VD0/5l8xsu+ABdg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VkYR0oa58kRIdRDpR8JW0qI23ixXTGmw3MujP6Qv3dMcv/muQUXLZ2E5uey6?= =?us-ascii?Q?SSC1SNYKu/kgANkn+uH/cdpJnEVSZoFOEdenVXUFMdzbCqWRb8Kv3t+idakZ?= =?us-ascii?Q?pXMAw2VYt1ZnczzKMX3J0eMb5sP4kt3jPdL3vZpqtQ36W8h+5vnQEb0usRaD?= =?us-ascii?Q?irLNL4mJ6IzNUc3zFQ3Ptz4dIn+P2nWiai1/zxgGPJBr4zHIGrslAtdak2yo?= =?us-ascii?Q?Fjz+jZMwV2tDl+O68mxdc7VtOOVuIO0awsevMq2V3buN2+sfs4uZr72FeRfB?= =?us-ascii?Q?0OJPze0Bjx6RPatpINr8mDS4F+CGZn56DeCWMAUTrJuDUhs242fuUurgSWQp?= =?us-ascii?Q?/djRsJ6fComBV7QgulnHftrikpXzWUjVdBn7jFbV/JY2enO5bJ0XXFR2k59F?= =?us-ascii?Q?4ub6zwmX4GNwNTZiBTmeMvRloJ9xcgYmSL6ujn/6SNDuC98/MH6BDdTodmAy?= =?us-ascii?Q?u3xrTJlWm5Sk2AehcNHBtzxHKFtgVmiEaDfVjFyuYXexPShdIn+on6V9Esdv?= =?us-ascii?Q?eVRc0528L6mf6x99uXi6W9i1RHZGBcXU7Zai9iDviEjXd10NGgBRqB7x7Xou?= =?us-ascii?Q?unym+Kn6ErZbCWNonU6NJb339sgr6uRE7iewh6DdzegiBHqKdKRn/O/dCKiS?= =?us-ascii?Q?GKcVhkuOIzGpRKUgKhIzIMv/rOZC7fkRIY0ag2DubUXXwz+eDGqY/764iw7d?= =?us-ascii?Q?pnuqvi63515OQ+0WK3vC0AsOuqGuj+0UfVqmFdevK4Mnzd52R5H5haJOSUZx?= =?us-ascii?Q?QRe0V+9QSgJr51Ac8Q75uMkjJJNGPvVoq5YRK2IC61TzSP6rngRj28qVwiY5?= =?us-ascii?Q?gHOVOAU06IEvAictHJSXU7zVDSBYysBMVJlUW0fsjLNBrTDI/fR+nHBCr/+S?= =?us-ascii?Q?UjT0QmAXtpcD4L29bXRUc20bCsvO4BR9uvculmS1LtxYdkH34ulVueEk9M9B?= =?us-ascii?Q?Gz9CAyve3dh8hrTiagu6cc/U45FZ/ytb93fUpK2UFWWRR74Ep/ym7qvJ0CUc?= =?us-ascii?Q?/+/nauQSRqXYLNtQFZ/O2CGVSMHRtF83YcTtRhelHBkQtFOkATIxgm9QVmyH?= =?us-ascii?Q?1XJC5PpGhNAkRkI/bJVmi/6UXdPmlwZxeXh/7Tok0vEL9+L7LEOoRKLpybgi?= =?us-ascii?Q?TV+FJQLPL4MIW+SVf5rmJoVqu0dBBhLbeL1+nWxTYoc6DOly3KB1yReDed+Y?= =?us-ascii?Q?ZKTFqKFQ+jODwDt+JTaKwqZZ9TNu70Kf5OK63Dzi7xelH7FC0I+99pqjOjXV?= =?us-ascii?Q?eKGQZCiqXsOyI6DERcEcvzJydzD2Aw92TD4FWhGM9+6+EaZFK7v+cB1v7Bpu?= =?us-ascii?Q?UWy4X5pGNvjQHACoKnxMpdWBy1R0mLg519zyqYG+JeWRwlp7yI4eY5Lc28SP?= =?us-ascii?Q?9caBg5winNwiGuPSX1V77yrSl95bKS6jloR1dhCpxJFeeWaVfVRqO3E+2K9t?= =?us-ascii?Q?zoXRll+6w8I4fmILiLbHxApHhbvA3zGjHH5lQIOtW6Q73jQHCBbjuAO3MbQe?= =?us-ascii?Q?3EnuGOdvi9Al1QADehC0VXs+tNhfSFVUgxyZgrdmJBVCOiCxXFSQmgJfEQ?= =?us-ascii?Q?=3D=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 816b6b3a-6fad-43dc-957f-08da4c3b7ef1 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR03MB5455.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jun 2022 06:19:24.5076 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR03MB6976 Received-SPF: pass client-ip=40.92.21.13; envelope-from=outlook_98C99531806B1C22@outlook.com; helo=NAM12-BN8-obe.outbound.protection.outlook.com X-Spam_score_int: 6 X-Spam_score: 0.6 X-Spam_bar: / X-Spam_report: (0.6 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1655014867; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=AWZNwKylIS760MrWVG9dad1H90BiVNab4C/AXslBjwU=; b=RIfBxMpqZpU6PCJ/GPlgXa+KbnXbK1O4ylOW+oPAQja87ch07ajiJxP0SsBB4Xh3Z57Wxl it86SJf3onkspecp6gvLwlDjp5NVjyiQeuKM55BAt1bpqSyF22CU3jyps6Oc9xGgNUyjxO q4A65cnYWf+H0ISVkxGQsAovNzmwWo/W9gSm+YTVAOPigLgk2xDJPrnbgeWxovZPIyG2RZ Bv5+zISeiLyekkaFcJdGBkI17RucFzDM/kNb4vGoMiuYZYiAgyZzT7SCiUGNHkSbdBraC9 PO+DAbLVROj/sIqK6iT6KOD+CcAAeP0coSZEz9faW46d1gbNAjQfUQWCF6QHHA== ARC-Seal: i=2; s=key1; d=yhetil.org; t=1655014867; a=rsa-sha256; cv=pass; b=PXh1gGgDZ5cSNOY5bPD46LUTveDRwBrZAWBFfL1SFEWxWcwrzXMNu/fA7ZnMihYwGDFs1G /7Qr5to5jhYDEwNIPwZqA2YslJurk7ewjqqXNvnsRVRaEW+bBrAulArALpvOPfiFIsCwGH klpYEoR0n2YsnsDLpVfflJj1qtP6lEdy7xAUnmnQnJ9JPdRXbASjp0oPfQzwJ72pTE5rxy jsS/ULWWt1O29d5gZi8VJdLaCEEBlFR2PLdmgWEUiLUOxhItBSh+UWX+aw/2YosAqb64m4 FjidoNYzySZCN5VDiSYwun8Nzx6cSvneyQe3bvxiVS64PaLcL40XhX2ODD+eUw== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=outlook.com header.s=selector1 header.b=rJ9MpeIQ; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.29 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=outlook.com header.s=selector1 header.b=rJ9MpeIQ; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: BD81360BC X-Spam-Score: -0.29 X-Migadu-Scanner: scn0.migadu.com X-TUID: s3ICTbF23DWo Tim Cross writes: > David Masterson writes: > >> Tim Cross writes: >> >>> David Masterson writes: >>> >>>> Tim Cross writes: >>>> >>>>> Warning: I have not used org-crypt for many years. These days, I just >>>>> use a .org.gpg extensions and symmetrically encrypt the whole file. >>>>> However, I think I can probably answer some of your questions - >>>> >>>> Hmm, two questions that this brings up: >>>> >>>> 1. Do you access your files on (say) iPhone? >>>> 2. Do you store your files in Git (say Github)? >>>> >>> >>> Well, yes and yes, but I don't tend to need to access encrypted files on >>> iphone. I do have encrypted files in github. For example, I have a >>> private repository of files I share across computers (Linux and macOS). >>> Some of these files are gpg encrypted. >> >> Exactly the system I'm looking for! (or almost) >> >> I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy) >> on the iPhone, and a Github private repository. This is complicated to >> the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has >> saved me a number of times on resyncing if I change things on both >> sides. But I would like to use more encryption with this. When it's >> secure, I'd like to roll it out on my family's iPhones as well. >> > > I suspect the challenge will be in getting gnuPG support on the iphone. > I've never tried that and don't know if there is a gnuPG version for > iphone. That would be the first thing I'd try to verify. If you can > encrypt/decrypt on the iphone, it should be possible to handle the > rest. Ah, that's the "almost" that I'm still figuring out. BeOrg can work with symmetric encryption and org-crypt (perhaps also epa) which stores the encrypted stuff as text in the Org file (therefore, fully Git compatible). I'll have to look at BeOrg more about asymmetric encryption as well as full file encryption. > The one problem you can run into with gpg files and git is that git can > see those as binary files. The general 'rule of thumb' is that you don't > put binary files into git. The thinking is that binary files are > typically generated from some text file and it is the original source > text which you would put into git. There are also some minor technical > issues, mainly with large binary files, which make git somewhat > inefficient. > The big issue however is that by default, most git forges, like github, > have a limit on the siace of binary files they will allow in git. That > size is reasonably large, but there is a limit which I think you have to > pay to have increased. I've not run into that limit with encrypted > files, but have with PDFs and other formats I wanted to include in my > git repo. Yeah, saw some discussion on that and shied away... > Based on your desire to roll something out to your family, I would > actually recommend a different route. There are some very good open > source password managers out there. Many of them, for a very small fee > (i.e. $12pa), will also provide a few Gb of encrypted file storage as > well. Been using free versions of KeePass w/ Cloud storage. Very powerful on Windows. Reasonable elsewhere. The family is relatively easy when I have a stable environment. That involves full documentation with key things encrypted. I'm not sure about having them use BeOrg yet, though. > What I find good with some of these is that provided you select the > right one, you have full control over the encryption (so the server the > provider uses has your data encrypted and only you have the key) and > they usually have mobile device support. The big benefit is that the > mobile clients will take care of the encryption/decryption bits. I wanted to use Keybase (encrypted cloud-based Git) which would've covered everything, but it seems to have been bought out and died. -- David Masterson