From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: Let us see how to encrypt with Emacs? Date: Fri, 9 Jul 2021 15:27:29 +0300 Message-ID: References: <83mtqvdb4s.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10079"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.7+183 (3d24855) (2021-05-28) Cc: help-gnu-emacs@gnu.org To: Eli Zaretskii Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Fri Jul 09 14:31:19 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m1pf4-0002LH-I7 for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 09 Jul 2021 14:31:18 +0200 Original-Received: from localhost ([::1]:49614 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m1pf3-0002a5-HD for geh-help-gnu-emacs@m.gmane-mx.org; Fri, 09 Jul 2021 08:31:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52120) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1pdF-0002Xz-21 for help-gnu-emacs@gnu.org; Fri, 09 Jul 2021 08:29:25 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:39985) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1pdA-0004S5-EA; Fri, 09 Jul 2021 08:29:24 -0400 Original-Received: from localhost ([::ffff:197.157.34.164]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000057EBC.0000000060E8411A.000038AB; Fri, 09 Jul 2021 05:29:11 -0700 Mail-Followup-To: Eli Zaretskii , help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <83mtqvdb4s.fsf@gnu.org> Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:131638 Archived-At: I am thinking to have it simpler for practical purposes, so here is what I made now: (defun pad-to-multiple-bytes (string max) "Return string padded to multiple of MAX bytes." (let* ((bytes (string-bytes string)) (multiple (truncate (/ bytes max))) (multiple (if (zerop multiple) max (* (1+ multiple) max)))) (string-pad string multiple))) (defun rcd-encrypt-chacha20-64 (string password) "Encrypt STRING with PASSWORD by using CHACHA20-64 cipher." (let* ((key (pad-to-multiple-bytes password 32)) (iv (substring (gnutls-hash-digest "SHA512" password) 0 15)) (iv (pad-to-multiple-bytes iv 16)) (string (pad-to-multiple-bytes string 64))) (car (gnutls-symmetric-encrypt "CHACHA20-64" key iv string)))) (rcd-encrypt-chacha20-64 "Some text here" "123Mypassword123") =E2=87=92 "\3= 52\200\333\2460\246\330=1C\211P\311\207\260m\211R=0ED0\222\237\200K=3D\216\= 214\267\320p\273=1A>,=7FT\262 k\361\336;i\336I\325=0FXi\200=1BG\325\303=01= =15=7F\312\320=17\254D=1Cg9" (defun rcd-decrypt-chacha20-64 (encrypted-string password) "Decrypt ENCRYPTED-STRING with PASSWORD by using CHACHA20-64 cipher. The return string will be trimmed." (let* ((key (pad-to-multiple-bytes password 32)) (iv (substring (gnutls-hash-digest "SHA512" password) 0 15)) (iv (pad-to-multiple-bytes iv 16)) (decrypted (gnutls-symmetric-decrypt "CHACHA20-64" key iv encrypted-strin= g)) (decrypted (string-trim (car decrypted)))) decrypted)) (rcd-decrypt-chacha20-64 (rcd-encrypt-chacha20-64 "Some text here" "123Mypa= ssword123") "123Mypassword123") =E2=87=92 "Some text here" As that is more practical function. And maybe making a more generic function would be helpful.=20 For generci function I wonder if the function `gnutls-cipers' really yields alist or not, I am not sure, but this below seem to work: (alist-get 'RC2-40 (gnutls-ciphers)) =E2=87=92 (:cipher-id 17 :type gnutls-= symmetric-cipher :cipher-aead-capable nil :cipher-tagsize 0 :cipher-blocksi= ze 8 :cipher-keysize 5 :cipher-ivsize 8) Then result yields basically plist: (plist-get (alist-get 'RC2-40 (gnutls-ciphers)) :cipher-id) =E2=87=92 17 Then I have the generic function that will satisfy my needs: (defun rcd-encrypt-decrypt (enc-dec password &optional decrypt cipher diges= t) "Encrypt or decrypt ENC-DEC wi PASSWORD. Default cipher is CHACHA20-64 or CIPHER as defined by the function `gnutls-ciphers'.=20 Default digest is SHA512 or HASH as defined by the function `gnutls-digests'. Function encrypts by default, with DECRYPT being anything but NIL, it will decrypt the ENC-DEC. " (let* ((cipher (or cipher "CHACHA20-64")) (cipher-plist (alist-get cipher (gnutls-ciphers) nil nil 'string=3D)) (cipher-key-size (plist-get cipher-plist :cipher-keysize)) (key (pad-to-multiple-bytes password cipher-key-size)) (digest (or digest "SHA512")) (hash (gnutls-hash-digest digest password)) (iv-size (plist-get cipher-plist :cipher-ivsize)) (iv (substring hash 0 iv-size)) (iv (string-pad iv iv-size)) (block-size (plist-get cipher-plist :cipher-blocksize)) (enc-dec (if decrypt enc-dec (pad-to-multiple-bytes enc-dec block-size)))) (if decrypt (string-trim (car (gnutls-symmetric-decrypt cipher key iv enc-dec))) (car (gnutls-symmetric-encrypt cipher key iv enc-dec))))) (rcd-encrypt-decrypt "My string here" "My password 123") =E2=87=92 "\273/\3= 22Xk_m@\372a\323=1D\257\317\330\301\263\224\220\351\303>\241\245=07[\344\22= 6\203;=0C-\244\265\331\263\253\354\230\206=05\3140\221\341\370\361&\333\317= \357T?(\302#\206&\355=01=04=01~\200" (rcd-encrypt-decrypt (rcd-encrypt-decrypt "My string here" "My password 123= ") "My password 123" t) =E2=87=92 "My string here" Now I come to what I really need, that is to encrypt and encode by base64 m= ethod: (defun rcd-encrypt-decrypt-base64 (enc-dec password &optional decrypt ciphe= r digest no-line-break) "Use base64 encoding and decoding with encryption." (let* ((enc-dec (if decrypt (base64-decode-string enc-dec) enc-dec)) (enc-dec (rcd-encrypt-decrypt enc-dec password decrypt cipher digest)) (enc-dec (if decrypt enc-dec (base64-encode-string enc-dec no-line-break)= ))) enc-dec)) (rcd-encrypt-decrypt-base64 "My string" "MyPassword987" nil nil nil t) =E2= =87=92 "XOxgVUXurXzqWP9y5pzs6IwjWafdG6sWcqVz13HzfYhnWLiDn3/yo8DuMnrTuIjCC9B= EyAxqW7dmAt9h0bwKoA=3D=3D" (rcd-encrypt-decrypt-base64 "XOxgVUXurXzqWP9y5pzs6IwjWafdG6sWcqVz13HzfYhnWL= iDn3/yo8DuMnrTuIjCC9BEyAxqW7dmAt9h0bwKoA=3D=3D" "MyPassword987" t) =E2=87= =92 "My string" As that I can pass to the URL for Double Opt-In purposes instead revealing the information to the public. Then I can even put whole Emacs hash into the URL: (setq hash (make-hash-table)) (puthash "MID" 123 hash) (puthash "EID" 98 hash) (puthash "CID" 333 hash) (puthash "redirect" "https://www.example.com" hash) hash =E2=87=92 #s(hash-table size 65 test eql rehash-size 1.5 rehash-thresh= old 0.8125 data ("MID" 123 "CID" 333 "EID" 98 "redirect" "https://www.examp= le.com")) (rcd-encrypt-decrypt-base64 (prin1-to-string hash) "MyPassword987" nil nil = nil t) =E2=87=92 "MuZoTlDvrD/5Gb0+o5y/odZmWbHIG/9TIfFzkiC/fdoiEPnQ13Kh6pqrM= mvdrYiQTpgFm0RnD/80R4wpnvBOoKGtDWQnpv/5191ZzmNRmNDBDLJdG/f/Iv9VR0LmieP38cvW= tZ3uxGWZdsaWCBhtsqDDYFrTS6mrPXmmyGE4hjedt3Z9E9cDOStlgiS+ynwwmlhNJf0Jga5848y= /I+To2+zp3qw9Z+KiOhq+Vr2Mpm8/6zFQ9YxuDZNy9LWjJL/L" And use that to subscribe users, unsubscribe and similar with more safety that users will not abuse my system. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/