Re: pgg symmetric encryption patch

[Sascha Wilde <wilde@sha-bang.de>]

[-- Attachment #1.1.1: Type: text/plain, Size: 2242 bytes --]

On Thu, Oct 06, 2005 at 06:41:14PM -0400, Ken Manheimer wrote:

> which) involve this pgg code with sascha's most recent symmetric-key
> extensions patch (emacs-pgg-symmetric.patch-03) applied (by hand -
> couldn't get it to work using 'patch').

hmm, strange, I just applied the patch to a fresh GNU emacs cvs
checkout w/o any problems -- only one changelog hunk failed, no
wonder, the changelogs are constantly changing...  ;-)
 
> 1. my most serious concern is with the unpatched pgg code.  the text that
>    it encrypts is altered from the original, in order to append \r carriage
>    returns to the text (using pgg-as-lbt / pgg-convert-lbt).
> 
>    the problem with this is that decryption on unix-ish platforms with
>    anything other than pgg will result in text that is different than the
>    original.

This is supposed to be a feature, not a bug. 
But read on, there actually _is_ a bug in PGG...

Please note RfC 2440  5.9.:

The last sentence gives a short summary on the subject

   Text data is stored with <CR><LF> text endings (i.e. network-normal
   line endings).  These should be converted to native line endings by
   the receiving software.

As PGG tries to implement RfC conform OpenPGP, and it handles is text,
not binary data, this always applies.

Please read also on the `--textmode' option of gpg.

THE BUG: pgg does the newline conversion by it self (I'm not quite
sure why) but fails to tell the backend (gpg) that it should operate
in textmode, so the Data Packet is tagged as binary, not text data...

Please try if the appended patch (only against pgg-gpg.el) fixes this
issue.

[passphrase caching]

As I'm short of time, I'll look into this issues later, sorry...

> 4. in the patched version, the symmetric encryption does not replace the
>    original text with the encrypted text - it's only available in the
>    hidden " *PGG output*" buffer, but not put in place.

I think, you want to use `pgg-encrypt-symmetric-region', which
encapsulates the backend function `pgg-gpg-encrypt-symmetric-region'
and puts the encrypted text in place.

cheers
sascha
-- 
Sascha Wilde

A conclusion is simply the place where someone got tired of thinking.

[-- Attachment #1.1.2: pgg-gpg_textmode.patch --]
[-- Type: text/plain, Size: 3075 bytes --]

*** pgg-gpg.el	09 Aug 2005 12:53:45 +0200	1.6
--- pgg-gpg.el	07 Okt 2005 11:47:44 +0200	
***************
*** 4,9 ****
--- 4,10 ----
  ;;   2005 Free Software Foundation, Inc.
  
  ;; Author: Daiki Ueno <ueno@unixuser.org>
+ ;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
  ;; Created: 1999/10/28
  ;; Keywords: PGP, OpenPGP, GnuPG
  
***************
*** 150,156 ****
  	     pgg-gpg-user-id)))
  	 (args
  	  (append
! 	   (list "--batch" "--armor" "--always-trust" "--encrypt")
  	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
  	   (if recipients
  	       (apply #'nconc
--- 151,157 ----
  	     pgg-gpg-user-id)))
  	 (args
  	  (append
! 	   (list "--batch" "--textmode" "--armor" "--always-trust" "--encrypt")
  	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
  	   (if recipients
  	       (apply #'nconc
***************
*** 169,174 ****
--- 170,185 ----
  	(pgg-gpg-possibly-cache-passphrase passphrase)))
      (pgg-process-when-success)))
  
+ (defun pgg-gpg-encrypt-symmetric-region (start end)
+   "Encrypt the current region between START and END with symmetric cipher."
+   (let* ((passphrase
+ 	  (pgg-read-passphrase "GnuPG passphrase for symmetric encryption: "))
+ 	 (args
+ 	  (append (list "--batch" "--textmode" "--armor" "--symmetric" ))))
+     (pgg-as-lbt start end 'CRLF
+       (pgg-gpg-process-region start end passphrase pgg-gpg-program args))    
+     (pgg-process-when-success)))
+ 
  (defun pgg-gpg-decrypt-region (start end)
    "Decrypt the current region between START and END."
    (let* ((current-buffer (current-buffer))
***************
*** 180,186 ****
  	 (pgg-gpg-user-id (or key pgg-gpg-user-id pgg-default-user-id))
  	 (passphrase
  	  (pgg-read-passphrase
! 	   (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
  	   pgg-gpg-user-id))
  	 (args '("--batch" "--decrypt")))
      (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
--- 191,200 ----
  	 (pgg-gpg-user-id (or key pgg-gpg-user-id pgg-default-user-id))
  	 (passphrase
  	  (pgg-read-passphrase
! 	   (format (if (pgg-gpg-symmetric-key-p message-keys)
! 		       "Passphrase for symmetric dencryption: "
! 		       "GnuPG passphrase for %s: ")
! 		   pgg-gpg-user-id)
  	   pgg-gpg-user-id))
  	 (args '("--batch" "--decrypt")))
      (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
***************
*** 189,194 ****
--- 203,215 ----
        (goto-char (point-min))
        (re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))
  
+ (defun pgg-gpg-symmetric-key-p (message-keys)
+   "Check if MESSAGE-KEYS contains a symmetric encryption indicator."
+   (dolist (key message-keys result)
+     (when (and (eq (car key) 3)
+ 	       (member '(symmetric-key-algorithm) key))
+       (setq result key))))
+ 
  (defun pgg-gpg-select-matching-key (message-keys secret-keys)
    "Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
    (loop for message-key in message-keys

[-- Attachment #1.2: Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel