all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* org-crypt fails if default key is expired while non-default key is to be used
@ 2023-01-22 17:41 Karl Voit
  2023-01-23 10:16 ` Ihor Radchenko
  0 siblings, 1 reply; 9+ messages in thread
From: Karl Voit @ 2023-01-22 17:41 UTC (permalink / raw)
  To: emacs-orgmode

Hi,

I think I've found a bug with org-crypt:

Org mode version 9.5.5 (release_9.5.5 @
/home/vk/src/external_compilations/emacs/lisp/org/)

GNU Emacs 28.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.33,
cairo version 1.16.0) of 2023-01-09


SUMMARY:

org-crypt fails to encrypt when org-encrypt-entry is set to a
different key than the default openpgp key and the default key is
expired.


BACKGROUND:

My setup involves an openpgp-key which is specifically used for
org-crypt. This key is not my default key A1234567 which I'm using
for encrypting and singing emails and such.

org-crypt-key is set to this secondary key, let's call it
org-openpgp-key. So the org-crypt setup is correct in that sense
that org-mode should not care about other keys than my
org-openpgp-key.

However, I've had the situation where the default openpgp key
expired on a machine. Please note that my org-openpgp-key did not
expire.

When I invoked org-decrypt-entry, decrypting works like always. Then
I modified something in this heading which is tagged with :crypt:.
On saving that buffer, org-crypt issues an error message:

| Error: (error "GPG error: \"Encrypt failed\", \"Unusable public key:
| A1234567; Exit\"")

This A1234567 key is my default key and not the org-openpgp-key.

org-encrypt-entry is causing this error at:

|	;; Text and key have to be identical, otherwise we
|	;; re-crypt.
|	(if (and (equal crypt-key key)
|		 (string= checksum (sha1 contents)))
|	    (get-text-property 0 'org-crypt-text contents)
|	  (epg-encrypt-string epg-context contents crypt-key)))

After fixing the expiry date of A1234567, org-crypt was working
properly, using the correct org-openpgp-key again.

I do think this is wrong behavior: when the default key is expired
but a specific secondary key is used, encryption should be possible.

-- 
get mail|git|SVN|photos|postings|SMS|phonecalls|RSS|CSV|XML into Org-mode:
       > get Memacs from https://github.com/novoid/Memacs <
Personal Information Management > http://Karl-Voit.at/tags/pim/
Emacs-related > http://Karl-Voit.at/tags/emacs/



^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2023-04-18 13:29 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-22 17:41 org-crypt fails if default key is expired while non-default key is to be used Karl Voit
2023-01-23 10:16 ` Ihor Radchenko
2023-01-23 14:58   ` Karl Voit
2023-01-24  9:14     ` Ihor Radchenko
2023-01-29 17:37       ` Karl Voit
2023-01-30 13:53         ` Ihor Radchenko
2023-01-30 22:00           ` Karl Voit
2023-01-31 10:32             ` Ihor Radchenko
2023-04-18 13:28               ` Karl Voit

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.