Feature request: Selective encryption

Feature request: Selective encryption

[John Wiegley]

I'm not sure if anyone has mentioned this, but one feature I'd like to see is
the ability to hit a keystroke and have the current outline entry encrypted or
decrypted.  allout.el does this now (although I find the implementation
somewhat horrendous).

Would others like to see this?  How would you like it to work?

John

Re: Feature request: Selective encryption

[John Rakestraw]

[-- Attachment #1.1: Type: text/plain, Size: 1360 bytes --]

Hi --

On Thu, 30 Aug 2007 23:10:55 -0400
John Wiegley <johnw@newartisans.com> wrote:

> I'm not sure if anyone has mentioned this, but one feature I'd like
> to see is the ability to hit a keystroke and have the current outline
> entry encrypted or decrypted.  allout.el does this now (although I
> find the implementation somewhat horrendous).
> 
> Would others like to see this?  How would you like it to work?

I'd like to see this. Right now I'm using ccrypt
(http://ccrypt.sourceforge.net/) with the accompanying emacs package
jka-compr-ccrypt. My set-up is definitely workable, but it would be
nice to have something integrated within emacs.

As for how I'd like it to work, I'd like more or less what John W
describes -- encryption and decryption by a keystroke or short series
of keystrokes. I'd like to be prompted twice for a password or pass
phrase the first time I encrypt a file, and then to be asked for a
password or pass phrase when I open an encrypted file. I'd like it
to remember that password (assuming it's encrypted) so that I don't
have to re-enter it when I re-save an encrypted file. Of course, I'm
largely ignorant of how encryption works -- the FAQ on the ccrypt page
addresses some of the concerns knowledgeable people have. So I don't
know how easy/hard it is to do these things.

-- 
John Rakestraw

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 149 bytes --]

_______________________________________________
Emacs-orgmode mailing list
Emacs-orgmode@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-orgmode

Re: Feature request: Selective encryption

[Carsten Dominik]

On Aug 31, 2007, at 5:10, John Wiegley wrote:

> I'm not sure if anyone has mentioned this, but one feature I'd like to 
> see is
> the ability to hit a keystroke and have the current outline entry 
> encrypted or
> decrypted.  allout.el does this now (although I find the implementation
> somewhat horrendous).
>
> Would others like to see this?  How would you like it to work?

I do think this would be a useful feature.  Some properties I'd find 
useful:

- Use symmetric encryption

- Be able to recognize if an entry is encrypted

- Leave the headline of the entry alone and only encrypt
   the text below it and the subtree, if present

- Support something like a CRYPT tag, leading to automatic
   encryption when the file is saved, to make sure
   encrypted entries are never saved in clear text.

- Use only a single password per file, so once one entry is decrypted,
   others will open without an additional password prompt.

Something like this.

- Carsten

Re: Feature request: Selective encryption

[John Rakestraw]

[-- Attachment #1.1: Type: text/plain, Size: 663 bytes --]

> > I'm not sure if anyone has mentioned this, but one feature I'd like
> > to see is
> > the ability to hit a keystroke and have the current outline entry 
> > encrypted or
> > decrypted.  allout.el does this now (although I find the
> > implementation somewhat horrendous).
> >
> > Would others like to see this?  How would you like it to work?
> 
> I do think this would be a useful feature.  Some properties I'd find 
> useful:

<snip>

I should read more carefully. This proposal is far more sophisticated
than what I'm doing -- I'd like to see this as a feature with
properties like Carsten proposes within org mode.

-- 
John Rakestraw

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 149 bytes --]

_______________________________________________
Emacs-orgmode mailing list
Emacs-orgmode@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-orgmode

Re: Feature request: Selective encryption

[John Wiegley]

Carsten Dominik <dominik@science.uva.nl> writes:

> I do think this would be a useful feature.  Some properties I'd find useful:
>
> - Use symmetric encryption
>
> - Be able to recognize if an entry is encrypted
>
> - Leave the headline of the entry alone and only encrypt the text below it
> and the subtree, if present
>
> - Support something like a CRYPT tag, leading to automatic encryption when
> the file is saved, to make sure encrypted entries are never saved in clear
> text.
>
> - Use only a single password per file, so once one entry is decrypted,
>   others will open without an additional password prompt.
>
> Something like this.

Yes, this is just what I'm thinking too, though I'd like the option of binding
different CRYPT tags to different keys or passwords.  So, I could have
WORK_CRYPT, HOME_CRYPT, etc., and each would have its own separate protection.
This would allow multiple people to have their own private regions within the
same org-mode file.

allout.el goes a long way toward providing all of the above, I just wasn't
fond of the mechanism (I tried porting it straight to org-mode one day, then
stopped).  For one thing, I want to use my GnuPG public key for encryption,
not a symmetric cipher.  That needs to be configurable.

I should be able to create an external module for this that does not affect
org.el at all, but just adds keybindings to org-mode-map and after-save-hook.

John

Re: Feature request: Selective encryption

[Carsten Dominik]

On Aug 31, 2007, at 21:28, John Wiegley wrote:

> Carsten Dominik <dominik@science.uva.nl> writes:
>
>> I do think this would be a useful feature.  Some properties I'd find 
>> useful:
>>
>> - Use symmetric encryption
>>
>> - Be able to recognize if an entry is encrypted
>>
>> - Leave the headline of the entry alone and only encrypt the text 
>> below it
>> and the subtree, if present
>>
>> - Support something like a CRYPT tag, leading to automatic encryption 
>> when
>> the file is saved, to make sure encrypted entries are never saved in 
>> clear
>> text.
>>
>> - Use only a single password per file, so once one entry is decrypted,
>>   others will open without an additional password prompt.
>>
>> Something like this.
>
> Yes, this is just what I'm thinking too, though I'd like the option of 
> binding
> different CRYPT tags to different keys or passwords.  So, I could have
> WORK_CRYPT, HOME_CRYPT, etc., and each would have its own separate 
> protection.
> This would allow multiple people to have their own private regions 
> within the
> same org-mode file.

Excellent idea, I did not think about this possibility.

> I should be able to create an external module for this that does not 
> affect
> org.el at all, but just adds keybindings to org-mode-map and 
> after-save-hook.

Cool.  Please do!

I have tried to read the allout documentation about it and found
it entirely undigestible for the cryptographically uninitiated.
I hope you can explain it better.

- Carsten

Re: Feature request: Selective encryption

[Xavier Maillard]

Hi John,

[congratulations for your paper on your org usage, this is wonderful]

   Yes, this is just what I'm thinking too, though I'd like the option of binding
   different CRYPT tags to different keys or passwords.  So, I could have
   WORK_CRYPT, HOME_CRYPT, etc., and each would have its own separate protection.
   This would allow multiple people to have their own private regions within the
   same org-mode file.

I agree with that.

   allout.el goes a long way toward providing all of the above, I just wasn't
   fond of the mechanism (I tried porting it straight to org-mode one day, then
   stopped).  For one thing, I want to use my GnuPG public key for encryption,
   not a symmetric cipher.  That needs to be configurable.

I do not see how you would use multiple keys/password per file
with only your GNUpg key. Did I miss something here ?


	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Feature request: Selective encryption

[John Wiegley]

Xavier Maillard <xma@gnu.org> writes:

> [congratulations for your paper on your org usage, this is wonderful]

Thanks. :)

>    allout.el goes a long way toward providing all of the above, I just
>    wasn't fond of the mechanism (I tried porting it straight to org-mode one
>    day, then stopped).  For one thing, I want to use my GnuPG public key for
>    encryption, not a symmetric cipher.  That needs to be configurable.
>
> I do not see how you would use multiple keys/password per file
> with only your GNUpg key. Did I miss something here ?

I do have multiple keys -- one for work, one for personal, for example.

John

Re: Feature request: Selective encryption

[Xavier Maillard]

Hi John,

   > I do not see how you would use multiple keys/password per file
   > with only your GNUpg key. Did I miss something here ?

   I do have multiple keys -- one for work, one for personal, for example.

I guessed it was the case :)

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Feature request: Selective encryption

[Austin Frank]

On Fri, Aug 31 2007, Carsten Dominik wrote:

> I do think this would be a useful feature.  Some properties I'd find
> useful:
>
> ...
>

If you're interested in using GPG to accomplish these goals, I highly
recommend the EasyPG (EPG) package created by Daiki Ueno.  At this
point I believe it's mostly used for Gnus, but it's intended to be a
general-purpose GPG interface for Emacs.

http://www.easypg.org
http://sourceforge.jp/projects/epg

HTH,
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

Re: Feature request: Selective encryption

[Anupam Sengupta]

>>>>> "Austin" == Austin Frank <austin.frank@gmail.com> writes:

    Austin> If you're interested in using GPG to accomplish these goals, I highly
    Austin> recommend the EasyPG (EPG) package created by Daiki Ueno.  At this
    Austin> point I believe it's mostly used for Gnus, but it's intended to be a
    Austin> general-purpose GPG interface for Emacs.

    Austin> http://www.easypg.orghttp://sourceforge.jp/projects/epg

I use epg to encrypt the org-mode files. EPG expects the files to have a suffix
of .gpg, which conflicts with the .org suffix - however, I circumvent this with
a file local mode setting as the first line in my org files:

# -*- mode: org; epa-file-encrypt-to: ("<my private key email ID here>"); coding: utf-8-unix; -*-

This allows the file's major mode to be Org-mode.

In addition, the archive files are also encrypted, and hence an over-ride is
needed for the file name (otherwise the defaults will conflict):

I have ...

#+ARCHIVE: ~/org/<filename>.org_archive.gpg::

In my active Org files - which works fine for the archival process, and ensures
that the archives are also encrypted.

The other epg settings you need are:

     (require 'epa-setup) ;; In your .emacs file

and of course the correct SSH settings and the key setup externally.

This configuration works great on both OS X and Windows XP (Home and work for
me).

For Windows, I had to override the epa-gpg-program name to point to the cygwin version:

     (setq epg-gpg-program "/cygwin/bin/gpg.exe") ;; For Windows.


HTH,
-- 
Anupam

Re: Feature request: Selective encryption

[Austin Frank]

On Sat, Sep 01 2007, Anupam Sengupta wrote:

> I use epg to encrypt the org-mode files. EPG expects the files to have
> a suffix of .gpg, which conflicts with the .org suffix - however, I
> circumvent this with a file local mode setting as the first line in my
> org files:
>
> # -*- mode: org; epa-file-encrypt-to: ("<my private key email ID here>"); coding: utf-8-unix; -*-
>
> This allows the file's major mode to be Org-mode.
>
> In addition, the archive files are also encrypted, and hence an
> over-ride is needed for the file name (otherwise the defaults will
> conflict):
>
> I have ...
>
> #+ARCHIVE: ~/org/<filename>.org_archive.gpg::
>
> In my active Org files - which works fine for the archival process,
> and ensures that the archives are also encrypted.

A few other options:

    - EPG also has the function epa-encrypt-region.  It asks for a
      recipient's key to use for encrypting, and does symmetric
      encryption if none is selected.  This could be used to selectively
      encrypt certain subtrees.  Especially given that...

    - message-mode has functions like mml-secure-encrypt (there are lots
      of others in the mml-secure-* family).  These functions use the
      strategy of inserting tags around the region to be encrypted.  I
      haven't actually read the functions, but from the outside it looks
      like the tags are used to set the region, the region is
      encrypted/signed, and then the tags are removed from the outgoing
      copy of the message.  FWIW, the tags look like (the leading # was
      added by me to keep the tag from actually doing anything in this
      message):

#        <#secure method=pgpmime mode=sign>
         

For interactive encrypting, I think epa-encrypt-region is probably
already good enough to do what folks have asked for.  For permanently
marking a subtree for encryption, maybe we could set a property like
ENCRYPT_CHILDREN, or set pairs of properties like ENCRYPT_BEGIN and
ENCRYPT_END.  The presence of these properties would cause the
appropriate region to be selected and passed to epa-encrypt-region when
org-encrypt-subtrees or org-encrypt-buffer is called (just speculating
about some possible function names).  Maybe on org-encrypt-buffer the
default is to call epa-encrypt-file unless some portion of the file is
marked for encryption, in which case it calls epa-encrypt-region on the
appropriate text.

The values of the ENCRYPT_* properties could be the key to use, or just
t.  If the value is t, either the key will be pulled from a file-level
variable, or the user will be prompted for which key to use (as
epa-encrypt-region normally does).

Thanks,
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

Re: Re: Feature request: Selective encryption

[Xavier Maillard]

Hi,

   A few other options:

       - EPG also has the function epa-encrypt-region.  It asks for a
	 recipient's key to use for encrypting, and does symmetric
	 encryption if none is selected.  This could be used to selectively
	 encrypt certain subtrees.  Especially given that...

       - message-mode has functions like mml-secure-encrypt (there are lots
	 of others in the mml-secure-* family).  These functions use the
	 strategy of inserting tags around the region to be encrypted.  I
	 haven't actually read the functions, but from the outside it looks
	 like the tags are used to set the region, the region is
	 encrypted/signed, and then the tags are removed from the outgoing
	 copy of the message.  FWIW, the tags look like (the leading # was
	 added by me to keep the tag from actually doing anything in this
	 message):

   #        <#secure method=pgpmime mode=sign>

As a personnal taste, I'd rather want using message-mode since it
is already part of the official GNU Emacs distribution. For the
rest, up to Carsten to see what to use.

   The values of the ENCRYPT_* properties could be the key to use, or just
   t.  If the value is t, either the key will be pulled from a file-level
   variable, or the user will be prompted for which key to use (as
   epa-encrypt-region normally does).

I love this idea. That's the easiest I could think of too.
Instead of t, I think ENCRYPT_PROMPT would be a best (no need to
be an elisp expert to understand it).

Regards,

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Re: Feature request: Selective encryption

[Dmitri Minaev]

On 9/1/07, Anupam Sengupta <anupamsg@gmail.com> wrote:
> I use epg to encrypt the org-mode files. EPG expects the files to have a suffix
> of .gpg, which conflicts with the .org suffix - however, I circumvent this with
> a file local mode setting as the first line in my org files:

I use crypt++.el, and I save the encrypted files with double
extension: filename.org.gpg. Such files are opened in org-mode after
decryption.

-- 
With best regards,
Dmitri Minaev

Russian history blog: http://minaev.blogspot.com

Re: Re: Feature request: Selective encryption

[Xavier Maillard]

   I use crypt++.el, and I save the encrypted files with double
   extension: filename.org.gpg. Such files are opened in org-mode after
   decryption.

Do you have code to automatically decrypt your org file when
selecting them -i.e. find-file and friends ?

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Re: Feature request: Selective encryption

[Dmitri Minaev]

On 9/5/07, Xavier Maillard <xma@gnu.org> wrote:
>    I use crypt++.el, and I save the encrypted files with double
>    extension: filename.org.gpg. Such files are opened in org-mode after
>    decryption.
>
> Do you have code to automatically decrypt your org file when
> selecting them -i.e. find-file and friends ?

Er, well, nothing special. Just the very basic

(require 'crypt++)
(setq crypt-encryption-type 'gpg)

When I try to find-file or write-file with the extension .gpg, it asks
me for a password, de-/encrypts it and sets the current major mode
depending on the part of the filename immediately preceding .gpg. So,
when I open my pwd.org.gpg list, it's opened in org-mode.

-- 
With best regards,
Dmitri Minaev

Russian history blog: http://minaev.blogspot.com

Re: Re: Feature request: Selective encryption

[Xavier Maillard]

   On 9/5/07, Xavier Maillard <xma@gnu.org> wrote:
   >    I use crypt++.el, and I save the encrypted files with double
   >    extension: filename.org.gpg. Such files are opened in org-mode after
   >    decryption.
   >
   > Do you have code to automatically decrypt your org file when
   > selecting them -i.e. find-file and friends ?

   Er, well, nothing special. Just the very basic

   (require 'crypt++)
   (setq crypt-encryption-type 'gpg)

Hum ok pretty easy ;)

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Re: Feature request: Selective encryption

[Xavier Maillard]

   At this point I believe it's mostly used for Gnus, but it's
   intended to be a general-purpose GPG interface for Emacs.

EPG is not targeted at Gnus at all. I am using it outside of Gnus
and it just works. Why do you think it is Gnus-centric ?

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Feature request: Selective encryption

[Xavier Maillard]

Hi Carsten,

   - Support something like a CRYPT tag, leading to automatic
      encryption when the file is saved, to make sure
      encrypted entries are never saved in clear text.

http://www.emacswiki.org/cgi-bin/wiki/mc-auto-encrypt.el is what
I am currently using for a whole file. Currently I encrypt a full
file and not "sections" of a file.

   - Use only a single password per file, so once one entry is decrypted,
      others will open without an additional password prompt.

Maybe support multiple passwords since, as per Bastien request,
we could easily have to share the same org file and thus, have
different encrypted sections (one per user). I'd rather want this
than a single password file or at least, as an option.


	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Feature request: Selective encryption

[Bastien]

John Wiegley <johnw@newartisans.com> writes:

> I'm not sure if anyone has mentioned this, but one feature I'd like to
> see is the ability to hit a keystroke and have the current outline
> entry encrypted or decrypted. allout.el does this now (although I find
> the implementation somewhat horrendous).
>
> Would others like to see this?  How would you like it to work?

This would be great. I guess it would allow several people work together
on a single Org file while each being able to preserve a private space.

-- 
Bastien

Re: Feature request: Selective encryption

[Xavier Maillard]

   John Wiegley <johnw@newartisans.com> writes:

   > I'm not sure if anyone has mentioned this, but one feature I'd like to
   > see is the ability to hit a keystroke and have the current outline
   > entry encrypted or decrypted. allout.el does this now (although I find
   > the implementation somewhat horrendous).
   >
   > Would others like to see this?  How would you like it to work?

   This would be great. I guess it would allow several people work together
   on a single Org file while each being able to preserve a private space.

I second that. This is something I would like to see implemented
too. Currently, I am using separate org files to hide « private »
informations.

So +1 for this.

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org

Re: Feature request: Selective encryption

[Scott Jaderholm]

[-- Attachment #1.1: Type: text/plain, Size: 1024 bytes --]

On 8/30/07, John Wiegley <johnw@newartisans.com> wrote:
>
> I'm not sure if anyone has mentioned this, but one feature I'd like to see
> is
> the ability to hit a keystroke and have the current outline entry
> encrypted or
> decrypted.  allout.el does this now (although I find the implementation
> somewhat horrendous).
>
> Would others like to see this?  How would you like it to work?


I currently encrypt a lot of my org files with gpg symmetric encryption
using http://www.easypg.org/. I open the file as if it were a normal file
and emacs asks me the password. With a mode line at the start of the file
org mode comes up fine.

I think it would be useful to be able to encrypt individual sections of an
org file, but I wonder how easily I would be able to unencrypt those
sections if org-mode weren't available. Right now I can easily unencrypt the
org files just using gpg, but if only a section is encrypted, am I going to
have to do some hacking to get that section unencrypted without org-mode?

Good idea,
Scott

[-- Attachment #1.2: Type: text/html, Size: 1400 bytes --]

[-- Attachment #2: Type: text/plain, Size: 149 bytes --]

_______________________________________________
Emacs-orgmode mailing list
Emacs-orgmode@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-orgmode

Re: Feature request: Selective encryption

[Xavier Maillard]

Hi,

   I currently encrypt a lot of my org files with gpg symmetric encryption
   using http://www.easypg.org/. I open the file as if it were a normal file
   and emacs asks me the password. With a mode line at the start of the file
   org mode comes up fine.

Does it support encrypting of only a part of a file or does it
need to encrypt the whole file (as several other modes do) ?

	Xavier
-- 
http://www.gnu.org
http://www.april.org
http://www.lolica.org