From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Danjou Subject: Re: org-crypt.el security problem (From: Milan Zamazal) Date: Mon, 07 Mar 2011 12:08:10 +0100 Message-ID: References: <87bp1quc7q.fsf@keller.adm.naquadah.org> <874o7glg8q.fsf@gnu.org> <871v2kseyh.fsf@keller.adm.naquadah.org> <87wrkcnngy.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from [140.186.70.92] (port=58364 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PwYIV-0003kH-0N for emacs-orgmode@gnu.org; Mon, 07 Mar 2011 06:08:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PwYIS-0006TY-GZ for emacs-orgmode@gnu.org; Mon, 07 Mar 2011 06:08:18 -0500 Received: from prometheus.naquadah.org ([212.85.154.174]:34062 helo=mx1.naquadah.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PwYIS-0006Sh-Bl for emacs-orgmode@gnu.org; Mon, 07 Mar 2011 06:08:16 -0500 In-Reply-To: <87wrkcnngy.fsf@gnu.org> (Bastien's message of "Sun, 06 Mar 2011 18:54:53 +0100") List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Bastien Cc: emacs-orgmode@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sun, Mar 06 2011, Bastien wrote: >> What I can also suggest is to never show the encrypted block in the Org >> buffer. > > I agree this would be better. > >> This is what I do in my configuration: on Org file loading, I decrypt >> all entries. Therefore I never see the GPG block. When I save, >> everything is encrypted, written, and then re-decrypted. > > Can you share your config? NO WAY! But here it is: #+begin_src emacs-listp (org-crypt-use-before-save-magic) (defun jd:org-decrypt-everything-silently () (let ((m (buffer-modified-p))) (org-decrypt-entries) (unless m (set-buffer-modified-p nil)))) (add-hook 'org-mode-hook 'jd:org-decrypt-everything-silently) (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook 'jd:org-decrypt-every= thing-silently))) #+end_src =2D Loading org-mode on a file decrypt everything; =2D Saving encrypt everything (org-crypt-use-before-save-magic adds this); =2D After-saving we re-decrypt. Using this method with auto-save-hook should be possible. > I see: auto-save-hook would encrypt, write to ~/.#file# then decrypt the > original buffer back again -- yes? Yup. =2D-=20 Julien Danjou =E2=9D=B1 http://julien.danjou.info --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJNdLyaAAoJEGEbqVCLeKXCcM8P/29nYYxNkcv2m63Z+DU3pBt6 55nwPCt1DGi/7z6aLq0pdZsSN1sFFoBDHo0ki2eyazsux8l57ryr4Hv1zjw/yzN+ npJ1PpXeZVZdKFnJT+vUt7RJzSO0bOdg+tm1yD/3t1zCNzrXPz+/WTsYuQzkNaMo cekY16OTnWZJMu3vCW9gDSjGHXj9gkl5uwgPAlmbqlen84OsqPxRUo9w+Di+e9h6 jcg0MaN1He1cSk3XH02zXVxORYwwVEaXVetGKBTEU+vweg2R+HGiePvVYVFMRyKJ 0P9vBj6emKzJ/IYzcf4Pj9Hed6C8dETrhiRV804M4r59d6vPQ//a6/XW0NgV3BYf rUb3gNtyj6WsJYm1LKAhzYNb73HddANJ29K7iWzOMAE4jK9B0sFKEoGWxlxL0Hqo 5tCSPLqt6TJUAAKadBTAGoI9RzRRcAgMViGlMQiteBVcoEKiAidu/Ndt4rCMOtnA bzlu0u3z4jcEd3nZCRHvPJNr6VDrhDPooB4ppH8d48xy4c38xqzT0s+TX/iHC2yq b4WqmcBtbzgPDQObZwTvehzLTHJh8JFvAnzhO+yZNedJafWDdiLjAlxh7iu/PecD cox2f6nsIG97kTiIKEC41Evc4ZRtM3pR2COJat3afu5XpXeuZCjomi5HCUe3ZCmt 6QXj3kuBIBdONOT3uDGA =thna -----END PGP SIGNATURE----- --=-=-=--