damn! i'm absolutely sure i attached it that time. (i even ditched the first attachment and reattached a new copy, when i noticed a revision to add.) i'm going to try again as an attachment, and if it doesn't go through i'll send it inline. ---------- Forwarded message ---------- From: Ken Manheimer Date: Oct 8, 2005 2:31 PM Subject: Re: pgg symmetric encryption patch To: Simon Josefsson , Ken Manheimer , "sascha schwab (symmetric encryption patches)" , "Daiki Ueno (pgg author)" , "Richard M. Stallman" , emacs-devel@gnu.org On 10/8/05, Sascha Wilde wrote: > On Sat, Oct 08, 2005 at 10:48:27AM +0200, Simon Josefsson wrote: > > It seems you are making some progress here. For simplicity, could you > > post the complete patch (preferably in unified diff format) against > > Emacs CVS you want to have installed? Unless somebody else has > > already taken care of this... > > I attached the complete patch against the latest cvs checkout. i've got another take on the cumulative patch, with the addition of some refinements i would like to add. the patch is against the gnu.org repository, and incorporates recent checkins there as of a few minutes ago. here are the details of my further refinements, which are included in this patch. their purpose is to enable external management of the passphrases, including prompting and caching, while still using the pgg encryption and cache mechanisms. the changes have two thrusts: - extend the (generic pgg and gpg scheme) encryption and decryption routines to take an optional passphrase argument, and when provided, use its value instead of prompting for the passphrase - extend the passphrase caching and prompting routines to take an optional 'notruncate' argument, to enable caching of passphrases for keys besides those that have the format of the short pgp packet key id. i think that these, together, will enable me to do the passphrase handling and extend it to symmetric keys, while still leveraging the features of the pgg mechanism (in particular, passphrase expiration). i am pretty sure it's all backwards compatible - all the additional functionality hinges on using the new optional arguments, there should be no operational changes if you don't use them. (i am very puzzled about why the passphrase cache was restricted to the length of the short pgp packet key ids. seems like you want to couple the passphrases with the user identity for which the message is being encoded, in the case of key-pair ciphers, or some arbitrary string for symmetric ciphers - eg, file name is what i want to use for symmetric keys in allout, since the symmetric keys are associated with the files. but once again i don't know the pgp territory well enough to wade in, and want to minimize the chance of inadvertantly breaking anything. if this approach is deemed to be fine, i can easily provide an additional patch to adjust the pgg-pgp and pgg-pgp5 modules similarly. ken ken.manheimer@gmail.com