Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?

[Eli Zaretskii <eliz@gnu.org>]

> From: Ihor Radchenko <yantar92@posteo.net>
> Cc: Adam Porter <adam@alphapapa.net>, emacs-devel@gnu.org,
>  jschmidt4gnu@vodafonemail.de
> Date: Thu, 01 Jun 2023 06:48:51 +0000
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> >> I think Emacs needs a new library to store Lisp data securely.
> >
> > Can't we use the GnuTLS cryptography functions, like
> > gnutls-symmetric-encrypt, for that?
> 
> I think that it is not just about encryption.
> The API should also have ways to expire passwords and deal with a need
> to update them individually.

What would be the effect of expiring a password on stuff stored using
the password that just expired? would it mean I can no longer access
that stuff?  Or would it mean I must use a new password for storing
new stuff?  Or something else?

In any case, implementing some machinery for managing and expiring
passwords is relatively easy.  Cryptography, by contrast, is hard, so
we should use industry-strength implementations by experts for that,
and I think GnuTLS is a good candidate for that part, especially since
Emacs without GnuTLS is severely limited anyway (so we could assume
"almost everyone" have it).

> multisession.el, AFAIU, only allows storing symbol values and the
> smallest piece of data. But one cannot always dedicate a separate
> variable symbol for each password or secret. An alist of (HOST .
> PASSWORD) often needs to be stored with each HOST having dedicated rules
> about expiry.

You are AFAU talking about application layers about 2 levels above
what I was thinking about.  Before we discuss all those
application-level issues, we should decide how to store stuff
securely, and that AFAIU means some kind of encryption.  Which is why
I mentioned GnuTLS and its abilities exposed to Emacs Lisp.