* [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. @ 2008-11-21 3:13 anhnmncb 2008-11-21 18:40 ` Ted Zlatanov 0 siblings, 1 reply; 10+ messages in thread From: anhnmncb @ 2008-11-21 3:13 UTC (permalink / raw) To: emacs-devel As title, I want to cache my gpg symmetric passphrase just in some time, not along with the whole time of emacs session. Thank you. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-21 3:13 [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout anhnmncb @ 2008-11-21 18:40 ` Ted Zlatanov 2008-11-21 23:45 ` anhnmncb 0 siblings, 1 reply; 10+ messages in thread From: Ted Zlatanov @ 2008-11-21 18:40 UTC (permalink / raw) To: emacs-devel On Fri, 21 Nov 2008 11:13:00 +0800 anhnmncb <anhnmncb@sina.com> wrote: a> As title, I want to cache my gpg symmetric passphrase just in some a> time, not along with the whole time of emacs session. I mentioned this to you a few days ago, but did not clarify if it's only for symmetric file encryption. Is that the only use case: a timeout on symmetrically encrypted files, or do you need to time out passphrases in other cases as well? Thanks Ted ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-21 18:40 ` Ted Zlatanov @ 2008-11-21 23:45 ` anhnmncb 2008-11-25 17:34 ` Ted Zlatanov 0 siblings, 1 reply; 10+ messages in thread From: anhnmncb @ 2008-11-21 23:45 UTC (permalink / raw) To: emacs-devel symmetric file encryption is enough for me :) Thank you. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-21 23:45 ` anhnmncb @ 2008-11-25 17:34 ` Ted Zlatanov 2008-11-25 18:43 ` Daiki Ueno 0 siblings, 1 reply; 10+ messages in thread From: Ted Zlatanov @ 2008-11-25 17:34 UTC (permalink / raw) To: emacs-devel On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <anhnmncb@sina.com> wrote: a> symmetric file encryption is enough for me :) ping... If Daiki Ueno is not interested I can implement this, but I wanted to give him a chance to do it since his coding style is pretty different from mine. Ted ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-25 17:34 ` Ted Zlatanov @ 2008-11-25 18:43 ` Daiki Ueno 2008-11-25 20:56 ` Ted Zlatanov 0 siblings, 1 reply; 10+ messages in thread From: Daiki Ueno @ 2008-11-25 18:43 UTC (permalink / raw) To: Ted Zlatanov; +Cc: emacs-devel >>>>> In <867i6rd80c.fsf@lifelogs.com> >>>>> Ted Zlatanov <tzz@lifelogs.com> wrote: > On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <anhnmncb@sina.com> wrote: a> symmetric file encryption is enough for me :) > ping... If Daiki Ueno is not interested I can implement this, but I > wanted to give him a chance to do it since his coding style is pretty > different from mine. If you do want to implement this, you should consider: - At the moment I'd rather recommend users to use public-key encryption instead of symmetric encryption if they want passphrase caching, since they will benefit from gpg-agent which utilizes secure memory. So it's intensional that epa-file handles symmetric case specially. See the third paragraph of (info "(pgg) Prerequisites"). - As I said many times before (but you don't seem to understand), epa-file.el is an application and epg.el is a library. Changes to epa-file.el are easier to be approved than ones to epg.el. So patches are welcome ;-) -- Daiki Ueno ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-25 18:43 ` Daiki Ueno @ 2008-11-25 20:56 ` Ted Zlatanov 2008-11-26 15:26 ` anhnmncb 2008-12-02 14:28 ` Ted Zlatanov 0 siblings, 2 replies; 10+ messages in thread From: Ted Zlatanov @ 2008-11-25 20:56 UTC (permalink / raw) To: emacs-devel On Wed, 26 Nov 2008 03:43:56 +0900 Daiki Ueno <ueno@unixuser.org> wrote: >>>>>> In <867i6rd80c.fsf@lifelogs.com> >>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote: >> On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <anhnmncb@sina.com> wrote: a> symmetric file encryption is enough for me :) >> ping... If Daiki Ueno is not interested I can implement this, but I >> wanted to give him a chance to do it since his coding style is pretty >> different from mine. DU> If you do want to implement this, you should consider: DU> - At the moment I'd rather recommend users to use public-key encryption DU> instead of symmetric encryption if they want passphrase caching, since DU> they will benefit from gpg-agent which utilizes secure memory. So it's DU> intensional that epa-file handles symmetric case specially. I see. DU> - As I said many times before (but you don't seem to understand), DU> epa-file.el is an application and epg.el is a library. Thank you for explaining again. My proposed patch follows. I've tested it. Ted Index: epa-file.el =================================================================== RCS file: /sources/emacs/emacs/lisp/epa-file.el,v retrieving revision 1.14 diff -c -r1.14 epa-file.el *** epa-file.el 30 Sep 2008 07:41:52 -0000 1.14 --- epa-file.el 25 Nov 2008 20:52:44 -0000 *************** *** 29,40 **** --- 29,46 ---- :type 'boolean :group 'epa-file) + (defcustom epa-file-cache-passphrase-for-symmetric-encryption-timeout nil + "If non-nil seconds, time out the passphrase cache for symmetric encryption." + :type 'integer + :group 'epa-file) + (defcustom epa-file-select-keys nil "If non-nil, always asks user to select recipients." :type 'boolean :group 'epa-file) (defvar epa-file-passphrase-alist nil) + (defvar epa-file-passphrase-timeout-alist nil) (eval-and-compile (if (fboundp 'encode-coding-string) *************** *** 51,58 **** (eq key-id 'SYM)) (progn (setq file (file-truename file)) ! (let ((entry (assoc file epa-file-passphrase-alist)) passphrase) (or (copy-sequence (cdr entry)) (progn (unless entry --- 57,81 ---- (eq key-id 'SYM)) (progn (setq file (file-truename file)) ! (let ((entry (assoc file epa-file-passphrase-alist)) passphrase) + ;; when we have an entry and we need to time out the passphrase, + ;; get the time of the passphrase entry for this file + ;; and if it's more than e-f-c-p-for-s-encryption-timeout seconds ago, + ;; set the entry's passphrase to nil so the user will have to re-enter + (when (and entry + epa-file-cache-passphrase-for-symmetric-encryption-timeout) + (let ((timeout-entry + (car-safe + (cdr (assoc file epa-file-passphrase-timeout-alist))))) + (when (and + timeout-entry + (< epa-file-cache-passphrase-for-symmetric-encryption-timeout + (time-to-seconds (time-since timeout-entry)))) + (setq epa-file-passphrase-timeout-alist + (delete file epa-file-passphrase-timeout-alist)) + (setcdr entry nil)))) + (or (copy-sequence (cdr entry)) (progn (unless entry *************** *** 63,68 **** --- 86,94 ---- (setq passphrase (epa-passphrase-callback-function context key-id nil)) (setcdr entry (copy-sequence passphrase)) + (setq epa-file-passphrase-timeout-alist + (cons (list file (current-time)) + epa-file-passphrase-timeout-alist)) passphrase)))) (epa-passphrase-callback-function context key-id nil))) ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-25 20:56 ` Ted Zlatanov @ 2008-11-26 15:26 ` anhnmncb 2008-11-26 15:51 ` Ted Zlatanov 2008-12-02 14:28 ` Ted Zlatanov 1 sibling, 1 reply; 10+ messages in thread From: anhnmncb @ 2008-11-26 15:26 UTC (permalink / raw) To: emacs-devel Ted Zlatanov (2008-11-25 14:56 -0600) wrote: > On Wed, 26 Nov 2008 03:43:56 +0900 Daiki Ueno <ueno@unixuser.org> wrote: > >>>>>>> In <867i6rd80c.fsf@lifelogs.com> >>>>>>> Ted Zlatanov <tzz@lifelogs.com> wrote: >>> On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <anhnmncb@sina.com> wrote: > > a> symmetric file encryption is enough for me :) > >>> ping... If Daiki Ueno is not interested I can implement this, but I >>> wanted to give him a chance to do it since his coding style is pretty >>> different from mine. > > DU> If you do want to implement this, you should consider: > > DU> - At the moment I'd rather recommend users to use public-key encryption > DU> instead of symmetric encryption if they want passphrase caching, since > DU> they will benefit from gpg-agent which utilizes secure memory. So it's > DU> intensional that epa-file handles symmetric case specially. > > I see. > > DU> - As I said many times before (but you don't seem to understand), > DU> epa-file.el is an application and epg.el is a library. > > Thank you for explaining again. > > My proposed patch follows. I've tested it. When will it be committed into emacs source trunk? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-26 15:26 ` anhnmncb @ 2008-11-26 15:51 ` Ted Zlatanov 0 siblings, 0 replies; 10+ messages in thread From: Ted Zlatanov @ 2008-11-26 15:51 UTC (permalink / raw) To: emacs-devel On Wed, 26 Nov 2008 23:26:59 +0800 anhnmncb <anhnmncb@sina.com> wrote: a> Ted Zlatanov (2008-11-25 14:56 -0600) wrote: >> My proposed patch follows. I've tested it. a> When will it be committed into emacs source trunk? Daiki Ueno needs to review it, and there's a feature freeze so it won't go in before the next release. Meanwhile you can apply the patch to a CVS checkout of Emacs and run happily. Ted ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-11-25 20:56 ` Ted Zlatanov 2008-11-26 15:26 ` anhnmncb @ 2008-12-02 14:28 ` Ted Zlatanov 2008-12-02 22:48 ` Daiki Ueno 1 sibling, 1 reply; 10+ messages in thread From: Ted Zlatanov @ 2008-12-02 14:28 UTC (permalink / raw) To: emacs-devel On Tue, 25 Nov 2008 14:56:23 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: TZ> My proposed patch follows. I've tested it. ... Ping... Daiki, can you comment on the patch and whether it needs work, please? Ted ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. 2008-12-02 14:28 ` Ted Zlatanov @ 2008-12-02 22:48 ` Daiki Ueno 0 siblings, 0 replies; 10+ messages in thread From: Daiki Ueno @ 2008-12-02 22:48 UTC (permalink / raw) To: Ted Zlatanov; +Cc: emacs-devel >>>>> In <86iqq2bqid.fsf@lifelogs.com> >>>>> Ted Zlatanov <tzz@lifelogs.com> wrote: > On Tue, 25 Nov 2008 14:56:23 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: TZ> My proposed patch follows. I've tested it. > ... > Ping... Daiki, can you comment on the patch and whether it needs work, > please? Sorry for late response. The patch looks mostly good (not tested yet), thanks. However, it would be safe to call clear-string when removing a passphrase entry from the alist. Alternatively, you might want to use password-cache.el. Regards, -- Daiki Ueno ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2008-12-02 22:48 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-11-21 3:13 [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout anhnmncb 2008-11-21 18:40 ` Ted Zlatanov 2008-11-21 23:45 ` anhnmncb 2008-11-25 17:34 ` Ted Zlatanov 2008-11-25 18:43 ` Daiki Ueno 2008-11-25 20:56 ` Ted Zlatanov 2008-11-26 15:26 ` anhnmncb 2008-11-26 15:51 ` Ted Zlatanov 2008-12-02 14:28 ` Ted Zlatanov 2008-12-02 22:48 ` Daiki Ueno
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.