From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout.
Date: Tue, 25 Nov 2008 14:56:23 -0600 [thread overview]
Message-ID: <86skpfbk3s.fsf@jumptrading.com> (raw)
In-Reply-To: 030e0451-0fd1-4e9d-a4a0-686d6798f9a3@broken.deisui.org
On Wed, 26 Nov 2008 03:43:56 +0900 Daiki Ueno <ueno@unixuser.org> wrote:
>>>>>> In <867i6rd80c.fsf@lifelogs.com>
>>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote:
>> On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <anhnmncb@sina.com> wrote:
a> symmetric file encryption is enough for me :)
>> ping... If Daiki Ueno is not interested I can implement this, but I
>> wanted to give him a chance to do it since his coding style is pretty
>> different from mine.
DU> If you do want to implement this, you should consider:
DU> - At the moment I'd rather recommend users to use public-key encryption
DU> instead of symmetric encryption if they want passphrase caching, since
DU> they will benefit from gpg-agent which utilizes secure memory. So it's
DU> intensional that epa-file handles symmetric case specially.
I see.
DU> - As I said many times before (but you don't seem to understand),
DU> epa-file.el is an application and epg.el is a library.
Thank you for explaining again.
My proposed patch follows. I've tested it.
Ted
Index: epa-file.el
===================================================================
RCS file: /sources/emacs/emacs/lisp/epa-file.el,v
retrieving revision 1.14
diff -c -r1.14 epa-file.el
*** epa-file.el 30 Sep 2008 07:41:52 -0000 1.14
--- epa-file.el 25 Nov 2008 20:52:44 -0000
***************
*** 29,40 ****
--- 29,46 ----
:type 'boolean
:group 'epa-file)
+ (defcustom epa-file-cache-passphrase-for-symmetric-encryption-timeout nil
+ "If non-nil seconds, time out the passphrase cache for symmetric encryption."
+ :type 'integer
+ :group 'epa-file)
+
(defcustom epa-file-select-keys nil
"If non-nil, always asks user to select recipients."
:type 'boolean
:group 'epa-file)
(defvar epa-file-passphrase-alist nil)
+ (defvar epa-file-passphrase-timeout-alist nil)
(eval-and-compile
(if (fboundp 'encode-coding-string)
***************
*** 51,58 ****
(eq key-id 'SYM))
(progn
(setq file (file-truename file))
! (let ((entry (assoc file epa-file-passphrase-alist))
passphrase)
(or (copy-sequence (cdr entry))
(progn
(unless entry
--- 57,81 ----
(eq key-id 'SYM))
(progn
(setq file (file-truename file))
! (let ((entry (assoc file epa-file-passphrase-alist))
passphrase)
+ ;; when we have an entry and we need to time out the passphrase,
+ ;; get the time of the passphrase entry for this file
+ ;; and if it's more than e-f-c-p-for-s-encryption-timeout seconds ago,
+ ;; set the entry's passphrase to nil so the user will have to re-enter
+ (when (and entry
+ epa-file-cache-passphrase-for-symmetric-encryption-timeout)
+ (let ((timeout-entry
+ (car-safe
+ (cdr (assoc file epa-file-passphrase-timeout-alist)))))
+ (when (and
+ timeout-entry
+ (< epa-file-cache-passphrase-for-symmetric-encryption-timeout
+ (time-to-seconds (time-since timeout-entry))))
+ (setq epa-file-passphrase-timeout-alist
+ (delete file epa-file-passphrase-timeout-alist))
+ (setcdr entry nil))))
+
(or (copy-sequence (cdr entry))
(progn
(unless entry
***************
*** 63,68 ****
--- 86,94 ----
(setq passphrase (epa-passphrase-callback-function context
key-id nil))
(setcdr entry (copy-sequence passphrase))
+ (setq epa-file-passphrase-timeout-alist
+ (cons (list file (current-time))
+ epa-file-passphrase-timeout-alist))
passphrase))))
(epa-passphrase-callback-function context key-id nil)))
next prev parent reply other threads:[~2008-11-25 20:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-21 3:13 [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout anhnmncb
2008-11-21 18:40 ` Ted Zlatanov
2008-11-21 23:45 ` anhnmncb
2008-11-25 17:34 ` Ted Zlatanov
2008-11-25 18:43 ` Daiki Ueno
2008-11-25 20:56 ` Ted Zlatanov [this message]
2008-11-26 15:26 ` anhnmncb
2008-11-26 15:51 ` Ted Zlatanov
2008-12-02 14:28 ` Ted Zlatanov
2008-12-02 22:48 ` Daiki Ueno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86skpfbk3s.fsf@jumptrading.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).