From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail
From: Michael Albinus <michael.albinus@gmx.de>
Newsgroups: gmane.emacs.devel
Subject: Tramp and crypted files (was: What is the most useful potential
 feature which Emacs lacks?)
Date: Mon, 18 May 2020 10:05:18 +0200
Message-ID: <874ksdhdmp.fsf_-_@gmx.de>
References: <b4q8jzniiuW8L3xmL0sPfIwqH6pZ8iqbIDANFXd3GZzQssHarca5H2IItSK3VaHPguM_OfilOaq6Yo0l3q3MCEJIUWg10c8BU3LhnTZLtyE=@protonmail.com>
 <865zd1h3ru.fsf@duenenhof-wilhelm.de> <875zd15rze.fsf@gmx.de>
 <E1jYiUH-0000Q9-IW@fencepost.gnu.org> <87wo5gjfbr.fsf@gmx.de>
 <E1jZ6A3-0006qY-30@fencepost.gnu.org> <87eermkdov.fsf@gmx.de>
 <E1jZQye-0000zc-2c@fencepost.gnu.org> <87r1vlipg4.fsf@gmx.de>
 <E1jZoGu-0004RX-TA@fencepost.gnu.org>
 <86lflrttxn.fsf@duenenhof-wilhelm.de>
 <E1jaWiW-00055r-5u@fencepost.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202";
	logging-data="106376"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: "H. Dieter Wilhelm" <dieter@duenenhof-wilhelm.de>, emacs-devel@gnu.org,
 ndame@protonmail.com
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon May 18 10:08:38 2020
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1jaapC-000RbC-S8
	for ged-emacs-devel@m.gmane-mx.org; Mon, 18 May 2020 10:08:38 +0200
Original-Received: from localhost ([::1]:40190 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1jaapB-0007Om-Gm
	for ged-emacs-devel@m.gmane-mx.org; Mon, 18 May 2020 04:08:37 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43620)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <michael.albinus@gmx.de>)
 id 1jaam5-0006gx-AM
 for emacs-devel@gnu.org; Mon, 18 May 2020 04:05:25 -0400
Original-Received: from mout.gmx.net ([212.227.17.20]:56075)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <michael.albinus@gmx.de>)
 id 1jaam3-0007Ab-CL; Mon, 18 May 2020 04:05:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1589789119;
 bh=r1J3lvUaSyCdEzaDWuNZGryg+QOqCdRdZ4uYWX08B1M=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To;
 b=jcW6LS1SarHaDsK2K3Di4w/gJQyT1KfyojQ6nygXdOmrBouJJMDBES2wk6RZNO5gm
 DZQ3IaA5piCa0e78XM+FHL/jhQYPgDAWPjr4TOA9/rcbThLLKryTflED0YeR7RWPmM
 stp/ZGVXlAgmX3ouBJlqQHHSJdIFXVO+7+xUArj0=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Original-Received: from gandalf.gmx.de ([212.86.53.109]) by mail.gmx.com (mrgmx104
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MhD2Y-1j5Osn2YGw-00ePY1; Mon, 18
 May 2020 10:05:19 +0200
In-Reply-To: <E1jaWiW-00055r-5u@fencepost.gnu.org> (Richard Stallman's message
 of "Sun, 17 May 2020 23:45:28 -0400")
X-Provags-ID: V03:K1:5w2WdYozJyQu/Dpzt7el5kPpUIiclyFNrAkYudJZNBcDoFXmA4w
 Qr5d3oJXx7VQYaO1+EwIyzrx4f7m81GkmWimM+G3D2OxUppN6NOnJgjavKPrlyTqY7GnheH
 yjIovcBhDvqqx/dCOIU9xy1SAfJhIh071e+qOgcJU/ODzVRVZ9HyJDlL1EPq2cU4Ju3Ti9m
 rU6EGh+wMKbPekdO5EjdA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:e2cEDoDd4cM=:Aw4LTI+Z1eAvcYVdZdNFyJ
 yjRhvIt7vhTQK4oe7B3MGATfMQSr+6Ioz/dl77IguRfzn1BAtjxe/9A+/Y6cGN4sM34p4kWSl
 9aO+UnmSSFASGVgbuBgz7W/EJcZ7TPTJc8UL0T20ygkib3INsSYtroHOAP3ZYJ6pG0YpEedCC
 74C4as5wQA9uM56qZV4tLxwXM7dRu1tkkDiAID/DMVdnMO7VElRxzt9/x+gwd82xH9j82fKne
 rYviW7hsc7RK/Uan4N1QKTIl4KAsVWHuJsp4Z4a1eX1R8VvaDKhaYY1bjpmt+RRGvjuydZPv6
 KLfVj1W0NykK4q5IKYGrjYglaWkwfgkftZIHIcztkuzAICAjlYvjk5whTnnYgeTS58nUGIhFQ
 BjKD/0SrAYmI26dehadlzZrZo9IgMsrQ6Wf2JWw8sxEE2BoceWNB6phtvXfTMaz5k9dEETcvz
 22IF1thzfD4C50xZqU19dlkyli0gAXRukswJwAUKn4F0+qukWLnxU4LJpwM0Gna4a2xpHWymR
 mbfS+vhpE+H3RC4piQ9mJF5kjNZkmhyE+A3g1yDi94Q/nfCgN27ilLJ+w1qQ/LdJnXv73OcsN
 LCgUu/TFYrSWZonk+vRc4Wn6d6JhQ8HtkKPXI2fhJhJf/VimY9y97uJxyEx9K9ZAatJGaLTS+
 k28G29vppvvolrBbgigoHr1YfAEA4L8OQOuCl/bgJjrqvPQ0JtdbEWT1iMVqnrQV0a1rvv/T6
 XqcbwZB7FYoiGgyAU+ibYUvqkbFhS6tKfAm0MwXO2Yrii53qqfkKb2tqwHKCJCKga7sLIZLi 
Received-SPF: pass client-ip=212.227.17.20;
 envelope-from=michael.albinus@gmx.de; helo=mout.gmx.net
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/18 04:05:21
X-ACL-Warn: Detected OS   = Linux 3.11 and newer
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:250715
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/250715>

Richard Stallman <rms@gnu.org> writes:

> Since we can't determine whether any given user will want the
> auto-encrypt-decrypt, we should let users specify yes or no.
> Eventually we might develop ideas for defaults more sophisticated
> than just "yes" and "no".

As I said the other thread, we could create a new connection method
"nextcloud-crypt" which does the job. A user could decide whether she
uses "nextcloud" or "nextcloud-crypt" when accessing a given file. This
could happen even in parallel for different files on the same server.

Another approach might be to create a new file name handler, which just
performs the encryption/decryption job, plus proper handling of file
names. This could be enabled for dedicated remote servers only, and
works in combination with Tramp. That new file name handlers performs the
encryption/deryption locally, and Tramp is responsible for copying
from/to the server.

> The goal here is to be able to save and retrieve files on any server,
> such that the server operator can't determine their contents or their
> names.  Tramp would generate the remote file name to use, encrypt the
> file contents, then write that into the generated remote file name on
> the remote machine.
>
> Tramp would have to maintain a local table mapping specified (local) nam=
es to
> generated (remote) names.
>
> The data that gets encrypted could contain first the specified file
> name, then a delimiter, then the contents of the file.  That way, if
> you lose the local table or it is lacking some files, but you have the
> encryption key, you can decrypt each saved remote file and find out
> what its original specified file name was.

That sounds unstable. I believe we shall find a way to encrypt/decrypt
the file name with the same passphrase as the contents of the file(s);
by this we wouldn't need to keep a local mapping file. The encrypted
file name could be adapted by base64 then, in order to make it fit to
the file system's naming conventions.

The advantage would be, that we would know the original file name w/o
copying and decrypting the whole file first.

A local mapping table would be in the way, if different people would
like to access a given file from their own Emacs stanzas. That's what
"cloudy servers" are good for.

Best regards, Michael.