From: Ken Manheimer <ken.manheimer@gmail.com>
Cc: Simon Josefsson <jas@extundo.com>, sascha schwab <schwab@suse.de>,
"Daiki Ueno \(pgg author\)" <ueno@unixuser.org>,
"Richard M. Stallman" <rms@gnu.org>,
emacs-devel@gnu.org
Subject: Re: pgg symmetric encryption patch
Date: Tue, 25 Oct 2005 17:28:37 -0400 [thread overview]
Message-ID: <2cd46e7f0510251428l7b143956m5d7635e4b38898b0@mail.gmail.com> (raw)
In-Reply-To: <m2fyqpnvmf.fsf@kenny.sha-bang.de>
[-- Attachment #1: Type: text/plain, Size: 713 bytes --]
aargh - i'm attaching it now. (i simply forgot to do so, in my previous post.)
On 10/25/05, Sascha Wilde <wilde@sha-bang.de> wrote:
> Ken Manheimer <ken.manheimer@gmail.com> wrote:
>
> > On 10/25/05, Sascha Wilde <wilde@sha-bang.de> wrote:
>
> > i'm attaching a cumulative patch,
>
> no, you didn't...
>
> guess we have some kind of tradition here. ;-)
>
> cheers
> sascha
> --
> "Anyone who slaps a 'this page is best viewed with Browser X' label on a Web
> page appears to be yearning for the bad old days, before the Web, when you had
> very little chance of reading a document written on another computer, another
> word processor, or another network." -- Tim Berners-Lee, July 1996
>
[-- Attachment #2: pgg-symmetric-06.patch --]
[-- Type: application/octet-stream, Size: 25376 bytes --]
Index: ChangeLog
===================================================================
RCS file: /cvsroot/emacs/emacs/lisp/ChangeLog,v
retrieving revision 1.8455
diff -u -r1.8455 ChangeLog
--- ChangeLog 25 Oct 2005 19:25:23 -0000 1.8455
+++ ChangeLog 25 Oct 2005 20:16:01 -0000
@@ -1,4 +1,79 @@
-2005-10-25 Romain Francoise <romain@orebokech.com>
+2005-10-12 Ken Manheimer <ken.manheimer@gmail.com>
+
+ * pgg-gpg.el
+ (pgg-gpg-select-matching-key): fixed: look at the right part of the
+ decoded armor to find the key-identifier
+ (pgg-gpg-lookup-key-owner): new function to return the
+ human-readable identifier of a key owner.
+ (pgg-gpg-lookup-id-from-key-owner): make it easy to identify the
+ key itself.
+ (pgg-gpg-decrypt-region): prompt with the key owner (rather
+ than the key value) if we have a key and can match it against a
+ secret key. also, added an XXX note pointing out fact that the
+ prompt only indicates the first matching key.
+ (pgg-add-passphrase-to-cache): <= pgg-add-passphrase-cache
+ (pgg-remove-passphrase-from-cache) <= pgg-remove-passphrase-cache
+
+ * pgg.el (pgg-decrypt): passing along 'passphrase' in call to
+ pgg-decrypt-region; i overlooked this one in my previous patch.
+ (pgg-pending-timers): a new hash for tracking the passphrase cache
+ timers, so that new ones supercede old ones.
+ (pgg-add-passphrase-to-cache): renamed from
+ `pgg-add-passphrase-cache' to reduce confusion. and modified to
+ cancel old timers when new ones are added.
+ (pgg-remove-passphrase-from-cache): renamed from
+ `pgg-remove-passphrase-cache' to reduce confusion. and modified
+ to cancel old timers when their keys are removed from the cache.
+ (pgg-cancel-timer): in mainline gnu emacs, an alias for
+ cancel-timer; in xemacs, an indirection to delete-itimer.
+ (pgg-read-passphrase-from-cache, pgg-read-passphrase): extracted
+ pgg-read-passphrase-from-cache from pgg-read-passphrase so users
+ can only check cache without risk of prompting. corrected bug in
+ notruncate behavior.
+ (pgg-read-passphrase-from-cache, pgg-read-passphrase,
+ pgg-add-passphrase-cache, pgg-remove-passphrase-cache): added
+ informative docstrings.
+ (pgg-decrypt): convey provided passphrase in subordinate call to
+ pgg-decrypt-region (missed that in a prior patch)
+
+2005-10-08 Ken Manheimer <ken.manheimer+emacs@gmail.com>
+
+ * pgg.el (pgg-encrypt-region, pgg-encrypt-symmetric-region,
+ pgg-encrypt-symmetric, pgg-encrypt, pgg-decrypt-region,
+ pgg-decrypt, pgg-sign-region, pgg-sign):
+ add optional 'passphrase' argument to all these routines, so the
+ passphrase can be managed externally and then passed in to the
+ system.
+
+ * pgg.el (pgg-read-passphrase, pgg-add-passphrase-cache,
+ pgg-remove-passphrase-cache): add optional 'notruncate' argument,
+ so the passphrase cache can be used reliably with identifiers
+ besides a pgp packet's key id.
+
+ * pgg-gpg.el (pgg-pgp-encrypt-region,
+ pgg-pgp-encrypt-symmetric-region, pgg-pgp-encrypt-symmetric,
+ pgg-pgp-encrypt, pgg-pgp-decrypt-region, pgg-pgp-decrypt,
+ pgg-pgp-sign-region, pgg-pgp-sign): add optional 'passphrase'
+ argument to all these routines, so the passphrase can be managed
+ externally and passed in to the system.
+
+ * pgg-gpg.el (pgg-gpg-possibly-cache-passphrase): add optional
+ 'notruncate' argument, so the passphrase cache can be used
+ reliably with identifiers besides a pgp packet's key id.
+
+2005-10-06 Sascha Wilde <swilde@sha-bang.de>
+
+ * pgg-gpg.el (pgg-gpg-encrypt-symmetric-region): New function for
+ symmetric encryption.
+ (pgg-gpg-symmetric-key-p): New function to check for an symmetric
+ encrypted session key.
+ (pgg-gpg-decrypt-region): When decrypting a symmetric encrypted
+ message ask for the passphrase in a proper way.
+
+ * pgg.el (pgg-encrypt-symmetric,pgg-encrypt-symmetric-region):
+ New user commands for symmetric encryption.
+
+005-10-25 Romain Francoise <romain@orebokech.com>
* emacs-lisp/find-func.el (find-library-name): Also strip
extension if library name ends in .el, to take advantage of
Index: pgg.el
===================================================================
RCS file: /cvsroot/emacs/emacs/lisp/pgg.el,v
retrieving revision 1.1
diff -u -r1.1 pgg.el
--- pgg.el 24 Oct 2005 09:46:27 -0000 1.1
+++ pgg.el 25 Oct 2005 20:16:01 -0000
@@ -4,6 +4,7 @@
;; 2005 Free Software Foundation, Inc.
;; Author: Daiki Ueno <ueno@unixuser.org>
+;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP
@@ -67,26 +68,110 @@
(set-window-buffer window buffer)
(shrink-window-if-larger-than-buffer window)))
+;; XXX `pgg-display-output-buffer' is a horrible name for this function.
+;; It should be something like `pgg-situate-output-or-display-error'.
(defun pgg-display-output-buffer (start end status)
+ "Situate en/decryption results or pop up an error buffer.
+
+Text from START to END is replaced by contents of output buffer if STATUS
+is true, or else the output buffer is displayed."
(if status
- (progn
- (delete-region start end)
- (insert-buffer-substring pgg-output-buffer)
- (decode-coding-region start (point) buffer-file-coding-system))
- (let ((temp-buffer-show-function
- (function pgg-temp-buffer-show-function)))
- (with-output-to-temp-buffer pgg-echo-buffer
- (set-buffer standard-output)
- (insert-buffer-substring pgg-errors-buffer)))))
+ (pgg-situate-output start end)
+ (pgg-display-error-buffer)))
+
+(defun pgg-situate-output (start end)
+ "Place en/decryption result in place of current text from START to END."
+ (delete-region start end)
+ (insert-buffer-substring pgg-output-buffer)
+ (decode-coding-region start (point) buffer-file-coding-system))
+
+(defun pgg-display-error-buffer ()
+ "Pop up an error buffer indicating the reason for an en/decryption failure."
+ (let ((temp-buffer-show-function
+ (function pgg-temp-buffer-show-function)))
+ (with-output-to-temp-buffer pgg-echo-buffer
+ (set-buffer standard-output)
+ (insert-buffer-substring pgg-errors-buffer))))
(defvar pgg-passphrase-cache (make-vector 7 0))
-(defun pgg-read-passphrase (prompt &optional key)
- (or (and pgg-cache-passphrase
- key (setq key (pgg-truncate-key-identifier key))
- (symbol-value (intern-soft key pgg-passphrase-cache)))
+(defvar pgg-pending-timers (make-vector 7 0)
+ "Hash table for managing scheduled pgg cache management timers.
+
+We associate key and timer, so the timer can be cancelled if a new
+timeout for the key is set while an old one is still pending.")
+
+(defun pgg-read-passphrase (prompt &optional key notruncate)
+ "Using PROMPT, obtain passphrase for KEY from cache or user.
+
+Truncate the key to 8 trailing characters unless NOTRUNCATE is true
+\(default false).
+
+Custom variables `pgg-cache-passphrase' and `pgg-passphrase-cache-expiry'
+regulate cache behavior."
+ (or (pgg-read-passphrase-from-cache key notruncate)
(read-passwd prompt)))
+(defun pgg-read-passphrase-from-cache (key &optional notruncate)
+ "Obtain passphrase for KEY from time-limited passphrase cache.
+
+Truncate the key to 8 trailing characters unless NOTRUNCATE is true
+\(default false).
+
+Custom variables `pgg-cache-passphrase' and `pgg-passphrase-cache-expiry'
+regulate cache behavior."
+ (and pgg-cache-passphrase
+ key (or notruncate
+ (setq key (pgg-truncate-key-identifier key)))
+ (symbol-value (intern-soft key pgg-passphrase-cache))))
+
+(defun pgg-add-passphrase-to-cache (key passphrase &optional notruncate)
+ "Associate KEY with PASSPHRASE in time-limited passphrase cache.
+
+Truncate the key to 8 trailing characters unless NOTRUNCATE is true
+\(default false).
+
+Custom variables `pgg-cache-passphrase' and `pgg-passphrase-cache-expiry'
+regulate cache behavior."
+
+ (let* ((key (if notruncate key (pgg-truncate-key-identifier key)))
+ (interned-timer-key (intern-soft key pgg-pending-timers))
+ (old-timer (symbol-value interned-timer-key))
+ new-timer)
+ (when old-timer
+ (cancel-timer old-timer)
+ (unintern interned-timer-key pgg-pending-timers))
+ (set (intern key pgg-passphrase-cache)
+ passphrase)
+ (set (intern key pgg-pending-timers)
+ (pgg-run-at-time pgg-passphrase-cache-expiry nil
+ #'pgg-remove-passphrase-from-cache
+ key notruncate))))
+
+(defun pgg-remove-passphrase-from-cache (key &optional notruncate)
+ "Omit passphrase associated with KEY in time-limited passphrase cache.
+
+Truncate the key to 8 trailing characters unless NOTRUNCATE is true
+\(default false).
+
+This is a no-op if there is not entry for KEY (eg, it's already expired.
+
+The memory for the passphrase is filled with underscores to clear any
+references to it.
+
+Custom variables `pgg-cache-passphrase' and `pgg-passphrase-cache-expiry'
+regulate cache behavior."
+ (let* ((passphrase (pgg-read-passphrase-from-cache key notruncate))
+ (key (if notruncate key (pgg-truncate-key-identifier key)))
+ (interned-timer-key (intern-soft key pgg-pending-timers))
+ (old-timer (symbol-value interned-timer-key)))
+ (when passphrase
+ (fillarray passphrase ?_)
+ (unintern key pgg-passphrase-cache))
+ (when old-timer
+ (pgg-cancel-timer old-timer)
+ (unintern interned-timer-key pgg-pending-timers))))
+
(eval-when-compile
(defmacro pgg-run-at-time-1 (time repeat function args)
(when (featurep 'xemacs)
@@ -151,27 +236,20 @@
(eval-and-compile
(if (featurep 'xemacs)
- (defun pgg-run-at-time (time repeat function &rest args)
- "Emulating function run as `run-at-time'.
+ (progn
+ (defun pgg-run-at-time (time repeat function &rest args)
+ "Emulating function run as `run-at-time'.
TIME should be nil meaning now, or a number of seconds from now.
Return an itimer object which can be used in either `delete-itimer'
or `cancel-timer'."
- (pgg-run-at-time-1 time repeat function args))
- (defalias 'pgg-run-at-time 'run-at-time)))
-
-(defun pgg-add-passphrase-cache (key passphrase)
- (setq key (pgg-truncate-key-identifier key))
- (set (intern key pgg-passphrase-cache)
- passphrase)
- (pgg-run-at-time pgg-passphrase-cache-expiry nil
- #'pgg-remove-passphrase-cache
- key))
-
-(defun pgg-remove-passphrase-cache (key)
- (let ((passphrase (symbol-value (intern-soft key pgg-passphrase-cache))))
- (when passphrase
- (fillarray passphrase ?_)
- (unintern key pgg-passphrase-cache))))
+ (pgg-run-at-time-1 time repeat function args))
+ (defun pgg-cancel-timer (timer)
+ "Emulate cancel-timer for xemacs."
+ (let ((delete-itimer 'delete-itimer))
+ (funcall delete-itimer timer)))
+ )
+ (defalias 'pgg-run-at-time 'run-at-time)
+ (defalias 'pgg-cancel-timer 'cancel-timer)))
(defmacro pgg-convert-lbt-region (start end lbt)
`(let ((pgg-conversion-end (set-marker (make-marker) ,end)))
@@ -222,93 +300,156 @@
;;;
;;;###autoload
-(defun pgg-encrypt-region (start end rcpts &optional sign)
+(defun pgg-encrypt-region (start end rcpts &optional sign passphrase)
"Encrypt the current region between START and END for RCPTS.
-If optional argument SIGN is non-nil, do a combined sign and encrypt."
+
+If optional argument SIGN is non-nil, do a combined sign and encrypt.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive
(list (region-beginning)(region-end)
(split-string (read-string "Recipients: ") "[ \t,]+")))
(let ((status
(pgg-save-coding-system start end
(pgg-invoke "encrypt-region" (or pgg-scheme pgg-default-scheme)
- (point-min) (point-max) rcpts sign))))
+ (point-min) (point-max) rcpts sign passphrase))))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
;;;###autoload
-(defun pgg-encrypt (rcpts &optional sign start end)
+(defun pgg-encrypt-symmetric-region (start end &optional passphrase)
+ "Encrypt the current region between START and END symmetric with passphrase.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+cache or user."
+ (interactive "r")
+ (let ((status
+ (pgg-save-coding-system start end
+ (pgg-invoke "encrypt-symmetric-region"
+ (or pgg-scheme pgg-default-scheme)
+ (point-min) (point-max) passphrase))))
+ (when (interactive-p)
+ (pgg-display-output-buffer start end status))
+ status))
+
+;;;###autoload
+(defun pgg-encrypt-symmetric (&optional start end passphrase)
+ "Encrypt the current buffer using a symmetric, rather than key-pair, cipher.
+
+If optional arguments START and END are specified, only encrypt within
+the region.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
+ (interactive)
+ (let* ((start (or start (point-min)))
+ (end (or end (point-max)))
+ (status (pgg-encrypt-symmetric-region start end passphrase)))
+ (when (interactive-p)
+ (pgg-display-output-buffer start end status))
+ status))
+
+;;;###autoload
+(defun pgg-encrypt (rcpts &optional sign start end passphrase)
"Encrypt the current buffer for RCPTS.
+
If optional argument SIGN is non-nil, do a combined sign and encrypt.
+
If optional arguments START and END are specified, only encrypt within
-the region."
+the region.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive (list (split-string (read-string "Recipients: ") "[ \t,]+")))
(let* ((start (or start (point-min)))
(end (or end (point-max)))
- (status (pgg-encrypt-region start end rcpts sign)))
+ (status (pgg-encrypt-region start end rcpts sign passphrase)))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
;;;###autoload
-(defun pgg-decrypt-region (start end)
- "Decrypt the current region between START and END."
+(defun pgg-decrypt-region (start end &optional passphrase)
+ "Decrypt the current region between START and END.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive "r")
(let* ((buf (current-buffer))
(status
(pgg-save-coding-system start end
(pgg-invoke "decrypt-region" (or pgg-scheme pgg-default-scheme)
- (point-min) (point-max)))))
+ (point-min) (point-max) passphrase))))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
;;;###autoload
-(defun pgg-decrypt (&optional start end)
+(defun pgg-decrypt (&optional start end passphrase)
"Decrypt the current buffer.
+
If optional arguments START and END are specified, only decrypt within
-the region."
+the region.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive "")
(let* ((start (or start (point-min)))
(end (or end (point-max)))
- (status (pgg-decrypt-region start end)))
+ (status (pgg-decrypt-region start end passphrase)))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
;;;###autoload
-(defun pgg-sign-region (start end &optional cleartext)
+(defun pgg-sign-region (start end &optional cleartext passphrase)
"Make the signature from text between START and END.
+
If the optional 3rd argument CLEARTEXT is non-nil, it does not create
a detached signature.
+
If this function is called interactively, CLEARTEXT is enabled
-and the the output is displayed."
+and the the output is displayed.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive "r")
(let ((status (pgg-save-coding-system start end
(pgg-invoke "sign-region" (or pgg-scheme pgg-default-scheme)
(point-min) (point-max)
- (or (interactive-p) cleartext)))))
+ (or (interactive-p) cleartext)
+ passphrase))))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
;;;###autoload
-(defun pgg-sign (&optional cleartext start end)
+(defun pgg-sign (&optional cleartext start end passphrase)
"Sign the current buffer.
+
If the optional argument CLEARTEXT is non-nil, it does not create a
detached signature.
+
If optional arguments START and END are specified, only sign data
within the region.
+
If this function is called interactively, CLEARTEXT is enabled
-and the the output is displayed."
+and the the output is displayed.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(interactive "")
(let* ((start (or start (point-min)))
(end (or end (point-max)))
- (status (pgg-sign-region start end (or (interactive-p) cleartext))))
+ (status (pgg-sign-region start end
+ (or (interactive-p) cleartext)
+ passphrase)))
(when (interactive-p)
(pgg-display-output-buffer start end status))
status))
-
+
;;;###autoload
(defun pgg-verify-region (start end &optional signature fetch)
"Verify the current region between START and END.
Index: pgg-gpg.el
===================================================================
RCS file: /cvsroot/emacs/emacs/lisp/pgg-gpg.el,v
retrieving revision 1.1
diff -u -r1.1 pgg-gpg.el
--- pgg-gpg.el 24 Oct 2005 09:46:27 -0000 1.1
+++ pgg-gpg.el 25 Oct 2005 20:16:01 -0000
@@ -4,6 +4,7 @@
;; 2005 Free Software Foundation, Inc.
;; Author: Daiki Ueno <ueno@unixuser.org>
+;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG
@@ -96,19 +97,20 @@
(delete-file output-file-name))
(set-default-file-modes orig-mode))))
-(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key)
+(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
(if (and pgg-cache-passphrase
(progn
(goto-char (point-min))
(re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t)))
- (pgg-add-passphrase-cache
+ (pgg-add-passphrase-to-cache
(or key
(progn
(goto-char (point-min))
(if (re-search-forward
"^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
(substring (match-string 0) -8))))
- passphrase)))
+ passphrase
+ notruncate)))
(defvar pgg-gpg-all-secret-keys 'unknown)
@@ -139,18 +141,53 @@
nil t)
(substring (match-string 2) 8)))))
-(defun pgg-gpg-encrypt-region (start end recipients &optional sign)
+(defun pgg-gpg-lookup-key-owner (string &optional all)
+ "Search keys associated with STRING and return owner of identified key.
+
+The value may be just the bare key id, or it may be a combination of the
+user name associated with the key and the key id, with the key id enclosed
+in \"<...>\" angle brackets.
+
+Optional ALL non-nil means search all keys, including secret keys."
+ (let ((args (list "--with-colons" "--no-greeting" "--batch"
+ (if all "--list-secret-keys" "--list-keys")
+ string))
+ (key-regexp (concat "^\\(sec\\|pub\\)"
+ ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*"
+ ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):"))
+ )
+ (with-temp-buffer
+ (apply #'call-process pgg-gpg-program nil t nil args)
+ (goto-char (point-min))
+ (if (re-search-forward key-regexp
+ nil t)
+ (match-string 3)))))
+
+(defun pgg-gpg-key-id-from-key-owner (key-owner)
+ (cond ((not key-owner) nil)
+ ;; Extract bare key id from outermost paired angle brackets, if any:
+ ((string-match "[^<]*<\\(.+\\)>[^>]*" key-owner)
+ (substring key-owner (match-beginning 1)(match-end 1)))
+ (key-owner))
+ )
+
+(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
"Encrypt the current region between START and END.
-If optional argument SIGN is non-nil, do a combined sign and encrypt."
+
+If optional argument SIGN is non-nil, do a combined sign and encrypt.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (when sign
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- pgg-gpg-user-id)))
+ (passphrase (or passphrase
+ (when sign
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: "
+ pgg-gpg-user-id)
+ pgg-gpg-user-id))))
(args
(append
- (list "--batch" "--armor" "--always-trust" "--encrypt")
+ (list "--batch" "--textmode" "--armor" "--always-trust" "--encrypt")
(if sign (list "--sign" "--local-user" pgg-gpg-user-id))
(if recipients
(apply #'nconc
@@ -169,19 +206,46 @@
(pgg-gpg-possibly-cache-passphrase passphrase)))
(pgg-process-when-success)))
-(defun pgg-gpg-decrypt-region (start end)
- "Decrypt the current region between START and END."
+(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
+ "Encrypt the current region between START and END with symmetric cipher.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
+ (let* ((passphrase (or passphrase
+ (pgg-read-passphrase
+ "GnuPG passphrase for symmetric encryption: ")))
+ (args
+ (append (list "--batch" "--textmode" "--armor" "--symmetric" ))))
+ (pgg-as-lbt start end 'CRLF
+ (pgg-gpg-process-region start end passphrase pgg-gpg-program args))
+ (pgg-process-when-success)))
+
+(defun pgg-gpg-decrypt-region (start end &optional passphrase)
+ "Decrypt the current region between START and END.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(let* ((current-buffer (current-buffer))
(message-keys (with-temp-buffer
(insert-buffer-substring current-buffer)
(pgg-decode-armor-region (point-min) (point-max))))
(secret-keys (pgg-gpg-lookup-all-secret-keys))
+ ;; XXX the user is stuck if they need to use the passphrase for
+ ;; any but the first secret key for which the message is
+ ;; encrypted. ideally, we would incrementally give them a
+ ;; chance with subsequent keys each time they fail with one.
(key (pgg-gpg-select-matching-key message-keys secret-keys))
- (pgg-gpg-user-id (or key pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- pgg-gpg-user-id))
+ (key-owner (and key (pgg-gpg-lookup-key-owner key t)))
+ (key-id (pgg-gpg-key-id-from-key-owner key-owner))
+ (pgg-gpg-user-id (or key-id key
+ pgg-gpg-user-id pgg-default-user-id))
+ (passphrase (or passphrase
+ (pgg-read-passphrase
+ (format (if (pgg-gpg-symmetric-key-p message-keys)
+ "Passphrase for symmetric decryption: "
+ "GnuPG passphrase for %s: ")
+ (or key-owner "??"))
+ pgg-gpg-user-id)))
(args '("--batch" "--decrypt")))
(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(with-current-buffer pgg-errors-buffer
@@ -189,21 +253,31 @@
(goto-char (point-min))
(re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))
+;;;###autoload
+(defun pgg-gpg-symmetric-key-p (message-keys)
+ "True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
+ (let (result)
+ (dolist (key message-keys result)
+ (when (and (eq (car key) 3)
+ (member '(symmetric-key-algorithm) key))
+ (setq result key)))))
+
(defun pgg-gpg-select-matching-key (message-keys secret-keys)
"Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
(loop for message-key in message-keys
for message-key-id = (and (equal (car message-key) 1)
- (cdr (assq 'key-identifier message-key)))
+ (cdr (assq 'key-identifier
+ (cdr message-key))))
for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
when (and key (member key secret-keys)) return key))
-(defun pgg-gpg-sign-region (start end &optional cleartext)
+(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
"Make detached signature from text between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- pgg-gpg-user-id))
+ (passphrase (or passphrase
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ pgg-gpg-user-id)))
(args
(list (if cleartext "--clearsign" "--detach-sign")
"--armor" "--batch" "--verbose"
[-- Attachment #3: Type: text/plain, Size: 142 bytes --]
_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
next prev parent reply other threads:[~2005-10-25 21:28 UTC|newest]
Thread overview: 156+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-30 17:24 new version of allout.el - patch and ChangeLog Ken Manheimer
2005-09-30 21:06 ` Sascha Wilde
2005-09-30 21:52 ` Ken Manheimer
2005-10-01 8:20 ` Andreas Schwab
2005-10-01 12:41 ` Reiner Steib
2005-10-01 23:54 ` James Cloos
2005-10-01 16:28 ` Ken Manheimer
2005-10-02 10:48 ` Sascha Wilde
2005-10-02 14:23 ` Ken Manheimer
2005-10-02 20:31 ` Richard M. Stallman
2005-10-03 19:25 ` pgg symmetric encryption patch (was: new version of allout.el - patch and ChangeLog) Sascha Wilde
2005-10-03 19:50 ` Ken Manheimer
2005-10-04 10:53 ` Sascha Wilde
2005-10-04 12:46 ` pgg symmetric encryption patch Stefan Monnier
2005-10-05 16:19 ` Sascha Wilde
2005-10-05 19:16 ` Ken Manheimer
2005-10-10 4:15 ` Richard M. Stallman
2005-10-06 2:18 ` Daiki Ueno
2005-10-06 9:01 ` Sascha Wilde
2005-10-06 22:41 ` Ken Manheimer
2005-10-07 10:00 ` Sascha Wilde
2005-10-07 18:06 ` Ken Manheimer
2005-10-07 21:49 ` Sascha Wilde
2005-10-08 8:48 ` Simon Josefsson
2005-10-08 10:36 ` Sascha Wilde
2005-10-08 11:14 ` Simon Josefsson
2005-10-08 12:56 ` Ken Manheimer
2005-10-08 22:56 ` Richard M. Stallman
2005-10-10 21:50 ` Ken Manheimer
2005-10-11 14:44 ` Richard M. Stallman
2005-10-08 13:43 ` Sascha Wilde
2005-10-08 18:31 ` Ken Manheimer
2005-10-08 19:16 ` Ken Manheimer
2005-10-10 21:15 ` Ken Manheimer
2005-10-10 21:16 ` Ken Manheimer
2005-10-12 23:47 ` Ken Manheimer
2005-10-20 14:08 ` Ken Manheimer
2005-10-20 14:12 ` Simon Josefsson
2005-10-20 14:30 ` Ken Manheimer
2005-10-20 14:42 ` Sascha Wilde
2005-10-25 7:23 ` Sascha Wilde
2005-10-25 20:26 ` Ken Manheimer
2005-10-25 21:18 ` Sascha Wilde
2005-10-25 21:28 ` Ken Manheimer [this message]
2005-10-26 9:57 ` Sascha Wilde
2005-10-26 15:45 ` Ken Manheimer
2005-10-27 7:37 ` Sascha Wilde
2005-10-29 11:42 ` Eli Zaretskii
2005-10-29 19:50 ` Ken Manheimer
2005-10-31 17:30 ` Ken Manheimer
2005-11-04 14:45 ` Eli Zaretskii
2005-10-20 18:07 ` Relocating pgg*.el (was: pgg symmetric encryption patch) Reiner Steib
2005-10-20 22:22 ` Kim F. Storm
2005-10-21 4:49 ` Richard M. Stallman
2005-10-20 23:38 ` pgg symmetric encryption patch Richard M. Stallman
2005-10-21 7:07 ` Simon Josefsson
2006-03-18 21:17 ` Small patch to enable use of gpg-agent with pgg Sascha Wilde
2006-03-18 23:30 ` Daniel Pittman
2006-03-19 0:46 ` Miles Bader
2006-03-19 3:45 ` Daniel Pittman
2006-03-19 18:28 ` Miles Bader
2006-03-19 9:49 ` Sascha Wilde
2006-03-19 17:30 ` Sascha Wilde
2006-03-21 14:32 ` Simon Josefsson
2006-03-21 21:29 ` Reiner Steib
2006-03-22 9:49 ` Simon Josefsson
2006-03-22 8:36 ` Sascha Wilde
2006-03-22 9:16 ` Daiki Ueno
2006-03-22 9:48 ` Simon Josefsson
2006-03-22 11:03 ` Sascha Wilde
2006-03-22 11:13 ` Simon Josefsson
2006-03-22 12:25 ` Daiki Ueno
2006-03-23 10:40 ` Daiki Ueno
2006-03-23 11:00 ` Simon Josefsson
2006-03-23 12:18 ` Daiki Ueno
2006-03-23 13:08 ` Simon Josefsson
2006-03-24 5:51 ` Daiki Ueno
2006-03-26 0:29 ` Daiki Ueno
2006-03-26 1:08 ` Simon Josefsson
2006-03-26 3:29 ` Miles Bader
2006-03-26 5:06 ` Daiki Ueno
2006-03-26 17:05 ` Simon Josefsson
2006-03-26 18:24 ` Sascha Wilde
2006-03-27 9:36 ` Simon Josefsson
2006-03-23 12:52 ` Sascha Wilde
2006-03-23 20:07 ` Daiki Ueno
2006-03-23 22:16 ` Sascha Wilde
2006-04-05 9:13 ` pgg-gpg broken? Sascha Wilde
2006-04-05 9:42 ` Daiki Ueno
2006-04-05 10:18 ` Sascha Wilde
2006-04-05 21:33 ` Daiki Ueno
2006-04-06 9:00 ` Sascha Wilde
2006-04-06 9:21 ` Daiki Ueno
2006-04-06 9:58 ` Sascha Wilde
2006-04-06 10:13 ` Daiki Ueno
2006-04-07 10:32 ` gpg-agent support removed?! (was: pgg-gpg broken?) Sascha Wilde
2006-04-07 12:11 ` Simon Josefsson
2006-04-07 12:14 ` gpg-agent support removed?! Romain Francoise
2006-04-07 13:00 ` Sascha Wilde
2006-04-07 13:30 ` Simon Josefsson
2006-04-07 20:59 ` Reiner Steib
2006-04-08 9:36 ` Romain Francoise
2006-04-08 10:05 ` Sascha Wilde
2006-04-07 12:35 ` Reiner Steib
2006-04-07 13:02 ` Daiki Ueno
2006-04-07 13:08 ` Sascha Wilde
2006-04-07 13:26 ` Daiki Ueno
2006-04-09 16:04 ` Sascha Wilde
2006-04-10 18:04 ` Reiner Steib
2006-04-07 13:40 ` Reiner Steib
2006-04-07 14:05 ` Thomas Baumann
2006-04-07 14:40 ` Daiki Ueno
2006-04-07 15:45 ` Reiner Steib
2006-04-07 20:55 ` Daiki Ueno
2006-04-07 21:22 ` Reiner Steib
2006-04-08 7:03 ` Thomas Baumann
2006-04-08 10:18 ` Daiki Ueno
2006-04-07 21:36 ` Richard Stallman
2006-04-08 9:45 ` Romain Francoise
2006-04-08 10:11 ` Daiki Ueno
2006-04-08 11:30 ` Romain Francoise
2006-04-08 11:58 ` Daiki Ueno
2006-04-10 18:04 ` PGG maintainance (was: gpg-agent support removed?!) Reiner Steib
2006-04-10 22:40 ` gpg-agent support removed?! Ken Manheimer
2006-04-08 22:34 ` Richard Stallman
2006-04-05 16:14 ` pgg-gpg broken? Reiner Steib
2006-04-05 19:22 ` Sascha Wilde
2006-03-22 9:46 ` Small patch to enable use of gpg-agent with pgg Simon Josefsson
2006-03-22 16:13 ` Simon Josefsson
2006-03-22 23:01 ` Katsumi Yamaoka
2006-03-22 23:45 ` Simon Josefsson
2006-03-23 0:58 ` Katsumi Yamaoka
2006-03-23 9:12 ` Simon Josefsson
2006-03-23 10:26 ` Sascha Wilde
2006-03-23 10:54 ` Simon Josefsson
2006-03-23 11:12 ` Simon Josefsson
2006-03-23 11:16 ` Simon Josefsson
2006-03-23 12:51 ` Reiner Steib
2006-03-23 13:07 ` Sascha Wilde
2006-03-23 13:10 ` Simon Josefsson
2006-03-23 12:00 ` Sascha Wilde
2006-03-23 13:00 ` Simon Josefsson
2006-03-26 18:11 ` Sascha Wilde
[not found] ` <m2wtels74l.fsf@kenny.sha-bang .de>
2006-03-23 23:09 ` Miles Bader
2006-04-02 0:30 ` Ken Manheimer
2006-04-02 8:28 ` Daiki Ueno
2005-12-09 15:43 ` pgg symmetric encryption patch Simon Josefsson
2005-12-09 20:30 ` Stefan Monnier
2005-12-09 20:31 ` Stefan Monnier
2005-12-10 4:13 ` Richard M. Stallman
2005-12-10 10:50 ` Simon Josefsson
2005-12-11 13:32 ` Sascha Wilde
2005-12-11 13:42 ` Simon Josefsson
2005-10-02 17:08 ` new version of allout.el - patch and ChangeLog Richard M. Stallman
[not found] ` <E1ELj0L-0000Pn-3T@fencepost.gnu.org>
2005-10-01 22:33 ` Ken Manheimer
2005-10-20 13:57 ` Ken Manheimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2cd46e7f0510251428l7b143956m5d7635e4b38898b0@mail.gmail.com \
--to=ken.manheimer@gmail.com \
--cc=emacs-devel@gnu.org \
--cc=jas@extundo.com \
--cc=rms@gnu.org \
--cc=schwab@suse.de \
--cc=ueno@unixuser.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).