From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Storing sensitive data indefinitely in variables or buffers:
 Whether and how to fix?
Date: Thu, 01 Jun 2023 10:11:57 +0300
Message-ID: <83353bejwi.fsf@gnu.org>
References: <87fs7dnd1u.fsf@localhost>
 <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net>
 <83h6rse2zb.fsf@gnu.org> <871qivd6ek.fsf@localhost>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="15980"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: adam@alphapapa.net, emacs-devel@gnu.org,
	jschmidt4gnu@vodafonemail.de
To: Ihor Radchenko <yantar92@posteo.net>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 09:11:29 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1q4cT3-0003xF-KF
	for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 09:11:29 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1q4cSp-0001Qq-Km; Thu, 01 Jun 2023 03:11:15 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>) id 1q4cSn-0001JP-Ue
 for emacs-devel@gnu.org; Thu, 01 Jun 2023 03:11:13 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1q4cSm-0003KK-Sp; Thu, 01 Jun 2023 03:11:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=0i4Xtfg7mMF6DThSWsYnDkJQlEWOm5ZuvjRgmUVIYAA=; b=ZSpbVKBmiBGF
 iX0cPoGO0/9mIBtV32jEgluhDUKcZGzsWTRUHUVIeh/OYKmBbRWxQTFP9BOfU5x5NISoxccpGG4u6
 R7zaKRalHxqajbhmnD2IL4f3BYF3zpNisErRfcVHFcnPc/reDTXGgUT5+u2FazGrB8ptPreoyOiEf
 wVvkf8uTbGf7NIMr3v2p8yzAeWuwYw6oDtYi5NtzuaXUnlffcVnmNcD/Wg9k8wkmhTRwupiOM5u0p
 l1RI/jbKs5EwApYcIodPt4mYEDBr6wF9BldGOtAEY3b6Cm+M9x1oRL9+3HmFQjgyHkVBXovg547+o
 ezX5uWNMHOf61MqXs4ivug==;
Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1q4cSm-0000vA-Al; Thu, 01 Jun 2023 03:11:12 -0400
In-Reply-To: <871qivd6ek.fsf@localhost> (message from Ihor Radchenko on Thu,
 01 Jun 2023 06:48:51 +0000)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:306489
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/306489>

> From: Ihor Radchenko <yantar92@posteo.net>
> Cc: Adam Porter <adam@alphapapa.net>, emacs-devel@gnu.org,
>  jschmidt4gnu@vodafonemail.de
> Date: Thu, 01 Jun 2023 06:48:51 +0000
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> >> I think Emacs needs a new library to store Lisp data securely.
> >
> > Can't we use the GnuTLS cryptography functions, like
> > gnutls-symmetric-encrypt, for that?
> 
> I think that it is not just about encryption.
> The API should also have ways to expire passwords and deal with a need
> to update them individually.

What would be the effect of expiring a password on stuff stored using
the password that just expired? would it mean I can no longer access
that stuff?  Or would it mean I must use a new password for storing
new stuff?  Or something else?

In any case, implementing some machinery for managing and expiring
passwords is relatively easy.  Cryptography, by contrast, is hard, so
we should use industry-strength implementations by experts for that,
and I think GnuTLS is a good candidate for that part, especially since
Emacs without GnuTLS is severely limited anyway (so we could assume
"almost everyone" have it).

> multisession.el, AFAIU, only allows storing symbol values and the
> smallest piece of data. But one cannot always dedicate a separate
> variable symbol for each password or secret. An alist of (HOST .
> PASSWORD) often needs to be stored with each HOST having dedicated rules
> about expiry.

You are AFAU talking about application layers about 2 levels above
what I was thinking about.  Before we discuss all those
application-level issues, we should decide how to store stuff
securely, and that AFAIU means some kind of encryption.  Which is why
I mentioned GnuTLS and its abilities exposed to Emacs Lisp.