From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ken Manheimer Newsgroups: gmane.emacs.devel Subject: Re: pgg symmetric encryption patch Date: Thu, 6 Oct 2005 18:41:14 -0400 Message-ID: <2cd46e7f0510061541w73bb6a92wb6d22829b6e804ae@mail.gmail.com> References: <20050930210649.GA22126@kenny.sha-bang.local> <2cd46e7f0510010928v8244052k2a98375e38fdd2ed@mail.gmail.com> <20051002104823.GA31722@kenny.sha-bang.local> <20051003192503.GA15503@kenny.sha-bang.local> <2cd46e7f0510031250u66ea1349yb437d539ce4027ef@mail.gmail.com> <20051004105330.GA5288@kenny.sha-bang.local> <20051005161905.GA6208@kenny.sha-bang.local> <20051006090152.GB4494@kenny.sha-bang.local> Reply-To: Ken Manheimer NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1128638581 2122 80.91.229.2 (6 Oct 2005 22:43:01 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 6 Oct 2005 22:43:01 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Oct 07 00:42:58 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1ENeQd-0003Ru-Ea for ged-emacs-devel@m.gmane.org; Fri, 07 Oct 2005 00:41:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1ENeQc-0007Di-GC for ged-emacs-devel@m.gmane.org; Thu, 06 Oct 2005 18:41:30 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1ENeQO-0007DT-Sf for emacs-devel@gnu.org; Thu, 06 Oct 2005 18:41:16 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1ENeQO-0007DH-AS for emacs-devel@gnu.org; Thu, 06 Oct 2005 18:41:16 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1ENeQO-0007DE-2a for emacs-devel@gnu.org; Thu, 06 Oct 2005 18:41:16 -0400 Original-Received: from [64.233.162.206] (helo=zproxy.gmail.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1ENeQO-0007Be-5R for emacs-devel@gnu.org; Thu, 06 Oct 2005 18:41:16 -0400 Original-Received: by zproxy.gmail.com with SMTP id k1so308221nzf for ; Thu, 06 Oct 2005 15:41:14 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NNFoRUJNnUH4MRK8cOITySMiJtyo7IGgClIoFpFT2sUczyGMIWa0VndoPLeUlPbu09k5UroPpW/3raCOv258eMEHN3PT4xQ6lrOvTTv1VMOxx6z0WxTM4nmPM6eh90Jl9BtFqT1o091OsHpabWAxVDhHRkotS8rzstnAX0UG3lU= Original-Received: by 10.36.221.73 with SMTP id t73mr133560nzg; Thu, 06 Oct 2005 15:41:14 -0700 (PDT) Original-Received: by 10.36.36.11 with HTTP; Thu, 6 Oct 2005 15:41:14 -0700 (PDT) Original-To: "Daiki Ueno (pgg author)" , "sascha schwab (symmetric encryption patches)" , "Simon Josefsson (gnus maintainer of pgg)" , "Richard M. Stallman" , emacs-devel@gnu.org In-Reply-To: <20051006090152.GB4494@kenny.sha-bang.local> Content-Disposition: inline X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:43624 Archived-At: i'm attempting to incorporate sascha's modified pgg in allout, instead of using a combination of mailcrypt and crypt++, and encountering some serious problems. the problems include some fundamental problems with pgg operation, independent of the patch, that are show-stoppers for me. i'd like to run my assessment of these things by you all and see if you can help me understand them. it's possible i'm mistaken about some, i don't understand what appear to be the choices made. all of my experiments involve the current pgg code found in the gnu.org lisp/gnus CVS. some of them (i'll try to be clear about which) involve this pgg code with sascha's most recent symmetric-key extensions patch (emacs-pgg-symmetric.patch-03) applied (by hand - couldn't get it to work using 'patch'). 1. my most serious concern is with the unpatched pgg code. the text that it encrypts is altered from the original, in order to append \r carriage returns to the text (using pgg-as-lbt / pgg-convert-lbt). the problem with this is that decryption on unix-ish platforms with anything other than pgg will result in text that is different than the original. for example, text that is encrypted with pgg-gpg and then decrypted directly using the gpg program (using the command-line, for instance) will be distorted in this way. likewise if decrypted using mailcrypt in emacs, or pgp5 or pgp in any way, etc. this is not acceptable for my purposes (and i can't figure out where it would be acceptable, but i'm not familiar with the encryption concerns for message exchange, eg for email or news). 2. i also have some fundamental problems with the way unaltered pgg's passphrase caching system is wired. i am not sure about my analysis, and would love to be corrected, and filled in about how it actually does work. (the passphrase cache routines could really use some informative docstrings.) as far as i can tell, on decryption it keys on the value of pgg-default-user-id, rather than the actual recipients of the message. this is generally useless for any messages but those encrypted with the user's public-key. and it depends on the user having set pgg-default-user-id, which seems like an unnecessary and complicating limitation. 3. this key caching problem of #2 is compounded in the context of sascha's patches, because i really can't figure what the right thing is. plus, it's not hooked up quite right in the patches: - the patched version will use the prompt for the symmetric key even when doing a public-key decryption. - pgg-gpp-encrypt-symmetric-region does not do do any key caching. this is the right thing modulo the pgg-default-user-id misorientation of the caching mechanism - but is unacceptable for my purposes, where users can particularly need the convenience of key caching for symmetric-key operation, in order to encrypt and decrypt multiple entries. 4. in the patched version, the symmetric encryption does not replace the original text with the encrypted text - it's only available in the hidden " *PGG output*" buffer, but not put in place. 5. last, another small problem with the unaltered pgg code. i stumbled and was confused when pgg failed to do a public-key encryption due to the default value of pgg-default-user-id. only on reading the code did i learn i needed to set pgg-default-user-id to the identity of my primary key. it may be that i should use my user login for that key's identity, so the default would work, i dunno. it took me a while to unravel these problems, and i stopped at that point - i don't think i can use pgg, as it stands, according to this assessment. i don't understand the reasons for the choices - maybe just because i'm unfamiliar with the regular context where it's used.=20 i may be mistaken about my assessment in some of these items, and would welcome correction and/or clarification! ken manheimer ken.manheimer@gmail.com