From: Michael Albinus <michael.albinus@gmx.de>
To: Deus Max <deusmax@gmx.com>
Cc: emacs-devel@gnu.org
Subject: Re: Tramp and crypted files
Date: Mon, 25 May 2020 20:48:44 +0200 [thread overview]
Message-ID: <871rn7rgtv.fsf@gmx.de> (raw)
In-Reply-To: <874ksbvwn0.fsf@aia00820.aia.gr> (Deus Max's message of "Wed, 20 May 2020 11:27:47 +0300")
Deus Max <deusmax@gmx.com> writes:
Hi,
>> As written in my other messages, I don't believe (anymore) we shall mix
>> the en-/decryption part with Tramp implementation. This shall be
>> implemented in another file name handler, working over local
>> files. Tramp with whatever backend would be responsible then for copying
>> the encrypted files from/to the remote side.
>
> Agree.
> Encfs handles the encryption.
> The actual files are encrypted, encfs defines a mount-point where the
> files are displayed decrypted.
>
> Having an easy to use Tramp method for encrypting cloud data would be a
> good plus for privacy.
I have played with encfs and your script as well as with first snippets
of a Tramp implementation. Just for discussion, here are my conclusions
so far:
- Encryption of files and file names shall be possible for *every*
remote connection. This means, that the approach will be different
from what you have done in your script (where you work over webdav
based cloud servers).
- Encryption of files and file names shall be separated from vanilla
Tramp. It is optional, and a user must enable it explicitly for a
given remote directory. This is because of performance, and because of
implementation simplicity. As a result, there shall be almost no
change of existing Tramp; all encrytion functionality will be
cumulated in a new tramp-crypt.el file.
Of course, encryption can be activated for several remote directories
in parallel. But they must not be subdirectories of each other.
- As a consequence, there will be an additional file name handler, which
reacts on the same file name syntax as Tramp. It is arranged to be
called before the vanilla Tramp file name handler. All of its
functions will check, whether a user has activated encryption for a
given remote directory. In that case, if an argument of a function is
a file name which belongs to such a directory, that file name will be
transformed into its crypted counterpart, and the native Tramp file
name handler is activated for this function with encrypted file
names. If the function returns file names, the reverse action is
applied: if a file name is encrypted, the result will be adapted to
contain the corresponding decrypted file name.
- For file copying, the file itself is either encrypted (when copying
to remote) or decrypted (when copying from remote). Together with the
encryption/decryption of the file name, the copy operation will be
applied by vanilla Tramp operation.
- There will be *no* mounted encfs file system. File name
encryption/decryption will be performed by "encfsctl encode ..." and
"encfsctl decode ..." process calls. File encryption happens via
"encfsctl cat ..." and "encfsctl cat --reverse ...".
- The local rootdir of a crypted remote directory will be created temporarily
when needed. It is always rearrangeable via its config file
.encfs6.xml, which contains the filesystem information. Only this
config file will be kept persistently, one file per activated crypted
remote directory, somewhere in ~/.emacs.d/. Optionally, it will be
kept also in the crypted remote directory as well.
With this, encrypted files from remote can be accessed by different
Emacs sessions running from different host, by different users. All
what they need to know is the remote directory name (in Tramp syntax),
and the password the encryption/decryption is protected with. That's
what "cloudy servers" are good for.
Comments?
> DeusMax
Best regards, Michael.
next prev parent reply other threads:[~2020-05-25 18:48 UTC|newest]
Thread overview: 157+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 20:09 What is the most useful potential feature which Emacs lacks? ndame
2020-05-12 6:57 ` Arthur Miller
2020-05-12 7:13 ` ndame
2020-05-12 12:54 ` Stefan Kangas
2020-05-12 13:07 ` ndame
2020-05-12 14:56 ` Arthur Miller
2020-05-13 0:39 ` HaiJun Zhang
2020-05-13 1:34 ` Eduardo Ochs
2020-05-13 1:50 ` Eduardo Ochs
2020-05-12 10:00 ` H. Dieter Wilhelm
2020-05-12 11:10 ` Michael Albinus
2020-05-13 3:55 ` Richard Stallman
2020-05-13 10:32 ` Michael Albinus
2020-05-14 5:11 ` Richard Stallman
2020-05-14 10:34 ` Michael Albinus
2020-05-15 3:25 ` Richard Stallman
2020-05-15 8:15 ` Michael Albinus
2020-05-16 4:18 ` Richard Stallman
2020-05-16 22:07 ` H. Dieter Wilhelm
2020-05-18 3:45 ` Richard Stallman
2020-05-18 8:05 ` Tramp and crypted files (was: What is the most useful potential feature which Emacs lacks?) Michael Albinus
2020-05-19 4:01 ` Richard Stallman
2020-05-19 14:38 ` Tramp and crypted files Michael Albinus
2020-05-20 4:00 ` Richard Stallman
2020-05-19 8:51 ` Deus Max
2020-05-19 14:48 ` Michael Albinus
2020-05-20 8:27 ` Deus Max
2020-05-20 8:49 ` Michael Albinus
2020-05-20 17:49 ` Deus Max
2020-05-20 19:09 ` Michael Albinus
2020-05-25 18:48 ` Michael Albinus [this message]
2020-05-26 4:13 ` Richard Stallman
2020-05-26 7:13 ` Michael Albinus
2020-05-27 3:09 ` Richard Stallman
2020-05-28 13:05 ` Deus Max
2020-05-29 9:16 ` Michael Albinus
2020-05-29 16:33 ` Deus Max
2020-06-07 15:08 ` Michael Albinus
2020-06-13 12:06 ` Deus Max
2020-06-13 13:15 ` Michael Albinus
2020-05-29 18:22 ` Deus Max
2020-05-17 8:28 ` What is the most useful potential feature which Emacs lacks? Michael Albinus
2020-05-12 11:57 ` Eric S Fraga
2020-05-12 15:34 ` Michael Albinus
2020-05-12 16:33 ` Eric S Fraga
2020-05-12 17:39 ` Tramp nextcloud (was: What is the most useful potential feature which Emacs lacks?) Michael Albinus
2020-05-12 18:12 ` Tramp nextcloud H. Dieter Wilhelm
2020-05-13 8:59 ` Eric S Fraga
2020-05-13 9:33 ` Tramp nextcloud (SOLVED) Eric S Fraga
2020-05-13 10:45 ` Michael Albinus
2020-05-13 11:10 ` Eric S Fraga
2020-05-12 15:04 ` What is the most useful potential feature which Emacs lacks? Arthur Miller
2020-05-12 16:00 ` Drew Adams
2020-05-12 12:30 ` Helmut Eller
2020-05-13 1:22 ` Jose A. Ortega Ruiz
[not found] ` <5AYrQ3kvagEiLsXcUuMZvkDj1gBHT4YnJyVCX6RsvMkayS1ZbGWk18lJOyo_m8XanhsUygUtEqZw8OOOQOlwkg==@protonmail.internalid>
2020-05-13 2:45 ` Stefan Monnier
2020-05-13 3:58 ` jao
2020-05-13 23:12 ` João Távora
2020-05-14 0:04 ` Stefan Kangas
2020-05-14 10:08 ` Helmut Eller
2020-05-14 10:17 ` tomas
2020-05-14 10:34 ` Robert Pluim
2020-05-14 10:40 ` tomas
2020-05-15 3:25 ` Richard Stallman
2020-05-15 3:39 ` Dmitry Gutov
2020-05-15 3:25 ` Richard Stallman
2020-05-15 3:51 ` Dmitry Gutov
2020-05-16 4:18 ` Richard Stallman
2020-05-16 9:29 ` Dmitry Gutov
2020-05-17 2:55 ` Richard Stallman
2020-05-15 3:17 ` Richard Stallman
2020-05-15 6:56 ` Eli Zaretskii
2020-05-16 4:18 ` Richard Stallman
2020-05-16 7:13 ` Eli Zaretskii
2020-05-16 12:56 ` Stefan Monnier
2020-05-17 2:56 ` Richard Stallman
2020-05-17 7:22 ` Andreas Schwab
2020-05-18 3:42 ` Richard Stallman
2020-05-18 14:29 ` Eli Zaretskii
2020-05-19 3:56 ` shr.el rename? Richard Stallman
2020-05-19 5:50 ` Drew Adams
2020-05-19 12:41 ` Lars Ingebrigtsen
2020-05-19 15:04 ` Stefan Monnier
2020-05-19 16:47 ` T.V Raman
2020-05-20 3:59 ` Richard Stallman
2020-05-20 4:02 ` Richard Stallman
2020-05-18 15:20 ` What is the most useful potential feature which Emacs lacks? Filipp Gunbin
2020-05-18 15:26 ` Eli Zaretskii
2020-05-15 9:10 ` Robert Pluim
2020-05-15 10:21 ` Eli Zaretskii
2020-05-15 11:07 ` Robert Pluim
2020-05-15 11:28 ` Eli Zaretskii
2020-05-15 11:49 ` Robert Pluim
2020-05-15 11:58 ` Eli Zaretskii
2020-05-15 12:14 ` Robert Pluim
2020-05-15 12:56 ` Eli Zaretskii
2020-05-15 15:22 ` Stefan Monnier
2020-05-15 15:28 ` Robert Pluim
2020-05-16 4:18 ` Richard Stallman
2020-05-16 4:17 ` Richard Stallman
2020-05-16 6:50 ` Andreas Schwab
2020-05-16 8:24 ` Yuri Khan
2020-05-17 2:56 ` Richard Stallman
2020-05-14 11:57 ` Dmitry Gutov
2020-05-12 12:44 ` Christopher Lemmer Webber
2020-05-13 16:36 ` Karl Fogel
2020-05-14 3:01 ` Christopher Lemmer Webber
2020-05-14 4:08 ` Karl Fogel
2020-05-14 10:01 ` Robert Pluim
2020-05-14 16:35 ` Christopher Lemmer Webber
2020-05-17 1:31 ` Dmitry Gutov
2020-05-18 3:43 ` Richard Stallman
2020-05-15 3:16 ` Richard Stallman
2020-05-28 4:00 ` Karl Fogel
2020-05-28 13:18 ` Stefan Monnier
2020-05-28 17:19 ` Karl Fogel
2020-05-28 18:05 ` Drew Adams
2020-05-28 18:45 ` Dmitry Gutov
2020-05-28 20:52 ` Alan Third
2020-05-28 21:02 ` Stefan Monnier
2020-05-28 21:10 ` Alan Third
2020-05-28 21:27 ` andres.ramirez
2020-05-28 21:54 ` Stefan Monnier
2020-05-29 13:24 ` Arthur Miller
2020-05-28 21:14 ` Joost Kremers
2020-05-29 13:24 ` Arthur Miller
2020-05-29 1:24 ` Karl Fogel
2020-05-29 3:36 ` Drew Adams
2020-05-29 3:06 ` Richard Stallman
2020-05-29 3:41 ` Drew Adams
2020-05-29 13:19 ` Arthur Miller
2020-05-30 5:23 ` Thibaut Verron
2020-05-29 13:11 ` Arthur Miller
2020-05-13 17:48 ` ndame
2020-05-14 1:15 ` Arthur Miller
2020-05-14 4:10 ` ndame
2020-05-14 4:28 ` Arthur Miller
2020-05-15 10:38 ` Eli Zaretskii
2020-05-17 5:37 ` ndame
2020-05-17 12:42 ` Stefan Kangas
2020-05-17 13:18 ` Arthur Miller
2020-05-19 3:47 ` Richard Stallman
2020-05-17 22:03 ` chad
2020-05-13 21:05 ` Vasilij Schneidermann
2020-05-14 14:35 ` Björn Lindqvist
2020-06-03 11:39 ` What is the most useful potential feature which Emacs lacks? A: Autocompletion Konstantin Kharlamov
2020-06-03 12:36 ` Dmitry Gutov
2020-06-03 12:50 ` Konstantin Kharlamov
2020-06-03 13:10 ` Dmitry Gutov
2020-06-03 13:59 ` Konstantin Kharlamov
2020-06-03 14:21 ` Dmitry Gutov
2020-06-03 14:40 ` Konstantin Kharlamov
2020-06-03 18:49 ` Dmitry Gutov
2020-06-03 14:49 ` Drew Adams
2020-06-03 20:15 ` Konstantin Kharlamov
2020-06-03 20:36 ` Drew Adams
2020-06-03 20:49 ` Drew Adams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rn7rgtv.fsf@gmx.de \
--to=michael.albinus@gmx.de \
--cc=deusmax@gmx.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).