* A question on encryption
@ 2014-08-27 19:27 Marcin Borkowski
2014-08-28 0:22 ` Eric Abrahamsen
0 siblings, 1 reply; 7+ messages in thread
From: Marcin Borkowski @ 2014-08-27 19:27 UTC (permalink / raw)
To: GNU Emacs users list
Hi all,
I'm experimenting with encryption in Emacs using the EPG library. I'm
using Emacs version:
============================================================
GNU Emacs 24.3.1 (i686-pc-linux-gnu, GTK+ Version 3.4.2) of 2013-08-22 on chindi02, modified by Debian
============================================================
and gpg version:
============================================================
gpg (GnuPG) 1.4.14
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
============================================================
I created a test file (call it "test") with a single line of text and
did two things:
1. C-x C-f test RET, C-x C-w test.gpg RET
Then I selected the key and hit ok.
2. From the command line:
gpg -e -r key-id -o test2.gpg test
The two resulting files were different (difference in length of 3
bytes; find-file-literally and manual inspection showed that the
beginnings were identical, but the endings were not).
My question is: why is that so? I instrumented the function
epg-start-encrypt for Edebug, and it seems that the argument list it
constructed was identical or equivalent to the one I'm giving on the
command line.
My other question is: is it fine? I'm an (almost) complete layman
with crypto, and I don't want to open some huge security hole because
of my ignorance. (I want to store my email passwords in encrypted
files, set a very short timeout in gpg-agent and connect it to my
mailing client, so that stealing my laptop won't enable the thief to
impersonate me.)
Best,
--
Marcin Borkowski
http://octd.wmi.amu.edu.pl/en/Marcin_Borkowski
Adam Mickiewicz University
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
2014-08-27 19:27 Marcin Borkowski
@ 2014-08-28 0:22 ` Eric Abrahamsen
2014-08-28 1:00 ` Marcin Borkowski
2014-08-28 6:53 ` Alan Schmitt
0 siblings, 2 replies; 7+ messages in thread
From: Eric Abrahamsen @ 2014-08-28 0:22 UTC (permalink / raw)
To: help-gnu-emacs
Marcin Borkowski <mbork@wmi.amu.edu.pl> writes:
[...]
> I created a test file (call it "test") with a single line of text and
> did two things:
>
> 1. C-x C-f test RET, C-x C-w test.gpg RET
>
> Then I selected the key and hit ok.
>
> 2. From the command line:
> gpg -e -r key-id -o test2.gpg test
>
> The two resulting files were different (difference in length of 3
> bytes; find-file-literally and manual inspection showed that the
> beginnings were identical, but the endings were not).
>
> My question is: why is that so? I instrumented the function
> epg-start-encrypt for Edebug, and it seems that the argument list it
> constructed was identical or equivalent to the one I'm giving on the
> command line.
>
> My other question is: is it fine? I'm an (almost) complete layman
> with crypto, and I don't want to open some huge security hole because
> of my ignorance. (I want to store my email passwords in encrypted
> files, set a very short timeout in gpg-agent and connect it to my
> mailing client, so that stealing my laptop won't enable the thief to
> impersonate me.)
I don't know what's going on with your specific problem, but let me
recommend the "pass" command-line utility for this situation. It does
just what you want -- storing passwords as gpg-encrypted files -- and if
you have the agent running, that keeps all your secrets locked up
nicely, without too much inconvenience. I have both SMTP and IMAP set up
to fetch their passwords using an invocation of pass, and it works
great.
If your goal is to learn the EPG library, then ignore this!
Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
2014-08-28 0:22 ` Eric Abrahamsen
@ 2014-08-28 1:00 ` Marcin Borkowski
2014-08-28 6:53 ` Alan Schmitt
1 sibling, 0 replies; 7+ messages in thread
From: Marcin Borkowski @ 2014-08-28 1:00 UTC (permalink / raw)
To: help-gnu-emacs
Dnia 2014-08-28, o godz. 08:22:30
Eric Abrahamsen <eric@ericabrahamsen.net> napisał(a):
> I don't know what's going on with your specific problem, but let me
> recommend the "pass" command-line utility for this situation. It does
> just what you want -- storing passwords as gpg-encrypted files -- and
> if you have the agent running, that keeps all your secrets locked up
> nicely, without too much inconvenience. I have both SMTP and IMAP set
> up to fetch their passwords using an invocation of pass, and it works
> great.
Thanks a lot, I didn't know about it! I'll probably end up using it.
Still, I'd like to understand what's going on with EPG - at least, if
others can reproduce this behavior...
> Eric
Best
--
Marcin Borkowski
http://octd.wmi.amu.edu.pl/en/Marcin_Borkowski
Adam Mickiewicz University
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
[not found] ` <7zbnr5mesz.fsf@example.com>
@ 2014-08-28 6:30 ` Marcin Borkowski
0 siblings, 0 replies; 7+ messages in thread
From: Marcin Borkowski @ 2014-08-28 6:30 UTC (permalink / raw)
To: help-gnu-emacs
Dnia 2014-08-28, o godz. 05:14:04
David Hume <David.Hume@hushmail.com> napisał(a):
> Marcin Borkowski <mbork@wmi.amu.edu.pl> writes:
>
> > I created a test file (call it "test") with a single line of text
> > and did two things:
> >
> > 1. C-x C-f test RET, C-x C-w test.gpg RET
> >
> > Then I selected the key and hit ok.
> >
> > 2. From the command line:
> > gpg -e -r key-id -o test2.gpg test
> >
> > The two resulting files were different (difference in length of 3
> > bytes; find-file-literally and manual inspection showed that the
> > beginnings were identical, but the endings were not).
> >
>
> If you encrypt the same file twice, you don't get the same encrypted
> file. I think gpg will add random data to the end of the file. You
> could test that theory by encrypting the same file twice using your
> command line gpg. I am pretty sure I have done that in the past and
> observed that I did not get the same encryption twice.
Good point, that is true (which I've just checked experimentally) -
thanks for pointing that out! But - the *size* remains the same
(well, it did 4 times, at least). And with CLI gpg versus EPG, I also
get *consistently* differences in length (by a few bytes)!
Best,
--
Marcin Borkowski
http://octd.wmi.amu.edu.pl/en/Marcin_Borkowski
Adam Mickiewicz University
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
2014-08-28 0:22 ` Eric Abrahamsen
2014-08-28 1:00 ` Marcin Borkowski
@ 2014-08-28 6:53 ` Alan Schmitt
1 sibling, 0 replies; 7+ messages in thread
From: Alan Schmitt @ 2014-08-28 6:53 UTC (permalink / raw)
To: help-gnu-emacs
[-- Attachment #1: Type: text/plain, Size: 350 bytes --]
Hello Eric,
On 2014-08-28 08:22, Eric Abrahamsen <eric@ericabrahamsen.net> writes:
> I don't know what's going on with your specific problem, but let me
> recommend the "pass" command-line utility for this situation.
Thank you for this recommandation, this utility looks very nice indeed.
Alan
--
OpenPGP Key ID : 040D0A3B4ED2E5C7
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 494 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
[not found] <mailman.7656.1409167662.1147.help-gnu-emacs@gnu.org>
[not found] ` <7zbnr5mesz.fsf@example.com>
@ 2014-08-29 3:22 ` Stefan Monnier
2014-08-29 12:28 ` Marcin Borkowski
1 sibling, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2014-08-29 3:22 UTC (permalink / raw)
To: help-gnu-emacs
> The two resulting files were different (difference in length of 3
> bytes; find-file-literally and manual inspection showed that the
> beginnings were identical, but the endings were not).
What did you inspect manually? The encrypted files? Or the contents
(after decryption) of those files?
The more interesting comparison is of the contents (after decryption).
Assuming that's what you did, to what do "beginnings" and "endings" refer?
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: A question on encryption
2014-08-29 3:22 ` Stefan Monnier
@ 2014-08-29 12:28 ` Marcin Borkowski
0 siblings, 0 replies; 7+ messages in thread
From: Marcin Borkowski @ 2014-08-29 12:28 UTC (permalink / raw)
To: help-gnu-emacs
Dnia 2014-08-28, o godz. 23:22:57
Stefan Monnier <monnier@iro.umontreal.ca> napisał(a):
> > The two resulting files were different (difference in length of 3
> > bytes; find-file-literally and manual inspection showed that the
> > beginnings were identical, but the endings were not).
>
> What did you inspect manually? The encrypted files? Or the contents
> (after decryption) of those files?
> The more interesting comparison is of the contents (after decryption).
> Assuming that's what you did, to what do "beginnings" and "endings"
> refer?
I inspected the *encrypted files*, not their content after decryption.
Which, in view of earlier responses, didn't make much sense. I'll
compare the *decrypted* ones in a (proverbial) minute or two.
> Stefan
Best,
--
Marcin Borkowski
http://octd.wmi.amu.edu.pl/en/Marcin_Borkowski
Adam Mickiewicz University
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-08-29 12:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <mailman.7656.1409167662.1147.help-gnu-emacs@gnu.org>
[not found] ` <7zbnr5mesz.fsf@example.com>
2014-08-28 6:30 ` A question on encryption Marcin Borkowski
2014-08-29 3:22 ` Stefan Monnier
2014-08-29 12:28 ` Marcin Borkowski
2014-08-27 19:27 Marcin Borkowski
2014-08-28 0:22 ` Eric Abrahamsen
2014-08-28 1:00 ` Marcin Borkowski
2014-08-28 6:53 ` Alan Schmitt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).