Carsten Dominik writes: > On Oct 13, 2010, at 2:23 AM, Greg Troxel wrote: > >> I am trying to test encryption for MobileOrg via a beta from Richard. >> (We're still playing the 'convince itunes to let you run code on your >> own phone game', so this report is preliminary about what Org itself >> is doing.) I have successfully viewed my org files and retrieved a captured note From the phone into emacs. This note is about release_7.01h-672-g7e29685, so I have your commit 9755e09bbcd630b6d0e20dbf6342bf1c1e66c819. >> I have in .emacs-local.el: >> >> (setq org-mobile-use-encryption t) >> (setq org-mobile-encryption-password "mypasswd") >> >> and I did org-mobile-push. I found that there was an old agendas.org >> that was not encrypted, and it seems that org-mobile-push omits >> agendas.org if org-mobile-use-encryption is t, but still creates it >> when >> nil. > > I have not been able to reproduce this. Apparently when in encryption mode the copy of the encrypted version agendas.org fails because it's trying to go to a file named by the tramp syntax instead of interpreting it as remote: Agenda written to Org file /home/gdt/orgtmpcrypt /ssh:foo.example.com:/usr/home/gdt/ORG/agendas.org: No such file or directory 3148034372:error:02001002:system library:fopen:No such file or directory:/n0/gdt/NetBSD-5/src/crypto/dist/openssl/crypto/bio/bss_file.c:355:fopen('/ssh:foo.example.com:/usr/home/gdt/ORG/agendas.org','w') I read the code and I don't follow how the invocation of copy-file is different in the encrypted case. >> checksums.dat is in cleartext. This seems ok, but could be a missed >> opportunity for some integrity protection. > > I have a technical reason to not encrypt it - so unless there is > someone who really needs it encrypted, I want to keep it like this. That seems fine - the filenames are staying cleartext. My point, not well made, was that encryption does not give you integrity protection. It seems the concern motivating this work is confidentiality, but in cryptography it's considered good practice to also provide integrity, via HMAC-SHA1 or a combined confidentiality/integrity mode. But for org files on servers we believe are not messing with them, this is probably in the 'best is the enemy of the good' category. And if we want integrity (I know, ENOPATCH), then it's probably best to do it outright, so I withdraw my complaint about checksums.dat being in cleartext. >> I'm not sure this level of paranoia is warranted, but typical >> encrypting filesystems also encrypt the filenames. It probably >> suffices to just warn the user that the filenames of org files will >> still be exposed in the DAV area. > > I have just put this information into the manual. Thanks. minor issues: ~/orgtmpcrypt seems to not always get cleaned up when I push/pull. After a push, I found it to contain my index.org, unencrypted and 644 in my homedir. Probably this should go in org-directory instead which presumably would be protected as the user wants. During a pull that got a note, emacs asked me about visiting a buffer whose file (orgcrypttmp) had changed contents. I'll see if I can reproduce that. Thanks for working on org-mobile-crypt.