From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id oJioNx8YpGKwMwEAbAwnHQ
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 11 Jun 2022 06:20:48 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id cNalNh8YpGKEQAAAG6o9tA
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 11 Jun 2022 06:20:47 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 7549A137AB
	for <larch@yhetil.org>; Sat, 11 Jun 2022 06:20:47 +0200 (CEST)
Received: from localhost ([::1]:57578 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	id 1nzscA-0005fO-K1
	for larch@yhetil.org; Sat, 11 Jun 2022 00:20:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:33872)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <theophilusx@gmail.com>)
 id 1nzsbh-0005fF-L0
 for emacs-orgmode@gnu.org; Sat, 11 Jun 2022 00:20:17 -0400
Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]:35421)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <theophilusx@gmail.com>)
 id 1nzsbf-0005dv-Tm
 for emacs-orgmode@gnu.org; Sat, 11 Jun 2022 00:20:17 -0400
Received: by mail-pl1-x629.google.com with SMTP id o6so844763plg.2
 for <emacs-orgmode@gnu.org>; Fri, 10 Jun 2022 21:20:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=references:user-agent:from:to:subject:date:in-reply-to:message-id
 :mime-version; bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=;
 b=na93MRi8uZ0+Ov74WGcIGVs5rQB5LhBh70mFHxWxIm82Z+14uQgXV4EIOVgAIaNbqE
 tUmCEq8KzW+UWT/VO7kfq/6wamfxQBQQsSsJp/F0dYB3KalTa5LQsGR7+LHGy9e83lUn
 hF2o3Skq45mo1VdBK6k7vrzVOVRqtCTQAgtzTQNRMLbLtTyDMOlk9QUKwOPTbLtRk2Rl
 HY9Ocwi8uTQyPm62YjSMHgzza+i6hbBS7slQSbZMglKjuCHKcx86CTgHcpu/FKc2Fuqx
 tWSoEWrJaq2tiSJV8uukuhmoE9DzRWR321MxlkRUZITPih36Cctl3L0Op7gmatyv++Zr
 Ke0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:references:user-agent:from:to:subject:date
 :in-reply-to:message-id:mime-version;
 bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=;
 b=uzluMoQx7fu2eGsylZBzTJyLF58vG4l5FfkVcUCysG5ukI+dfeV9D56JK+oBaQtcmx
 sEvgBhZAXbyz11OdBacd050lFr2kL/oDkzjq2cz7gPdYk+ocLaiezh2Qk6Fgqadgqcoi
 anq3P8o/UjLUT5dBcEDY7z4XUIirqOs02DKxvOftLqGmnMmbGbZrnK6SJOAsm+eTB7Cc
 vydz09+X6felnwfIS91foaYE8N+RUDNDb7oqumSlw1h2DxhvjripF7Wq0Vb+cDerVjfr
 ynHd+RQtYj6UAlum1DF6o4HOQ6p+xaPQFSRRIebA7bpFijh7Y9LADCV4t2DbPj64O3R/
 Evyg==
X-Gm-Message-State: AOAM5331C3PoJSYrcQgacq09lqEAqONSb1cUrUkOF45iDvSvYsAJVjC9
 p/5UhL17m8BFy1VOHn9iEdnjwF5sMzk=
X-Google-Smtp-Source: ABdhPJzfV6ETwAs26IfwC3uENduLp8xsm9actAVub2QM2nOiM7J7U3yE4mY+LDmcmNvygcsA7IZHrQ==
X-Received: by 2002:a17:902:f641:b0:15f:21f8:92a1 with SMTP id
 m1-20020a170902f64100b0015f21f892a1mr49631734plg.56.1654921213884; 
 Fri, 10 Jun 2022 21:20:13 -0700 (PDT)
Received: from dingbat
 (2001-44b8-31f2-bb00-358b-7027-65fe-0462.static.ipv6.internode.on.net.
 [2001:44b8:31f2:bb00:358b:7027:65fe:462])
 by smtp.gmail.com with ESMTPSA id
 z28-20020a62d11c000000b0051bc44f26d9sm421957pfg.23.2022.06.10.21.20.12
 for <emacs-orgmode@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 10 Jun 2022 21:20:13 -0700 (PDT)
References: <SJ0PR03MB545565C9BB903C89277AD353A2A69@SJ0PR03MB5455.namprd03.prod.outlook.com>
User-agent: mu4e 1.7.26; emacs 28.1.50
From: Tim Cross <theophilusx@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: org-crypt ?
Date: Sat, 11 Jun 2022 13:35:26 +1000
In-reply-to: <SJ0PR03MB545565C9BB903C89277AD353A2A69@SJ0PR03MB5455.namprd03.prod.outlook.com>
Message-ID: <871qvvesqh.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2607:f8b0:4864:20::629;
 envelope-from=theophilusx@gmail.com; helo=mail-pl1-x629.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-orgmode@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org
Sender: "Emacs-orgmode" <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1654921247;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=j+1H4brI0M/X7ZnPwdB0jZdm4IMBZMR2VUaLt7JRpHI=;
	b=RtkoXRd08uUkKtEa4EZYaxPPb/CdPHTkOg2nKziYt+U3dRrXt7Eb5xvjvzqd4l2Eh+CYHr
	zRY/Ip9CnRF3IWmIEY7Q04OXrYiuSugdAVo1qLK+wmaGYyaPkt5aTDRZTh5DNMC9W2CvmT
	WNt3e/P1kS462DL2NOzWur5fZh00krqjlEFbYj5lPC3y13U5Oo0FVV2+7Ex7SQxmdrsOwE
	f5XSzCrJKR2fsyR3AUspTWhGoBujkdIVi7Rl+3kO3W32aOBrG26cRl5kPt442W/U9JGn2v
	sFxpyM8g2bB6lZkVb8yTrUe8tECU+mR9Okfq5oxd+rEc2vEFG2OoBOQ4tuVcvg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654921247; a=rsa-sha256; cv=none;
	b=f65YWBs80xXr/w99wWJHWTHYqz7KieXn/MTEFB6rB1x84rNKPIcGunQCTNVxi0+MsQ07Bu
	dcP6Y7ue+JYBvsAsvNmDzZqf4ma2J5jRUUhpCpUnEN6pHdW5JbEKB3c4BybJYPAsNmo/4H
	XT7AlfG8NNa6HSgQAibOe34347q84TrfFXl2WaFC3XplxEGLip8HYRu9sVkGDMjGoPGMm8
	eD3sfh4YONIIEYsh3EFTZ3cYcHU8hDTOFx4nDfedwMipw2Lv9pG3FsLNrnHUzyBJyfSRCS
	y+IpGbftjie9kUFV0wAmR+wzz4U35SUv+YVcj8PcWd0mqr5MUieGB1HLKL6fpw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=na93MRi8;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -7.98
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=na93MRi8;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 7549A137AB
X-Spam-Score: -7.98
X-Migadu-Scanner: scn0.migadu.com
X-TUID: t1yr4X7DtqAY


David Masterson <dsmasterson@gmail.com> writes:

> I think I've gotten org-crypt working, but I think some things are not
> making sense (it might be just me):
>
> 1. I've set org-crypt-key to nil (symmetric encryption).
> 2. Can I use a different encryption key for each encrypted paragraph?
> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?
> 5. How do they know where to get the password when they don't ask?
> 6. Shouldn't org-crypt docs in org manual have examples?
> Does this make sense -- I think I'm messing something up.


Warning: I have not used org-crypt for many years. These days, I just
use a .org.gpg extensions and symmetrically encrypt the whole file.
However, I think I can probably answer some of your questions -

> 2. Can I use a different encryption key for each encrypted paragraph?

According to the manual -


 
No, not with symmetric encryption. I think this can only work with
asymmetric encryption. 

If your using symmetric encryption, you typically just have one key for
all the data within the file. From the gnuPG perspective, this is just
encrypted text. It does not 'know' about different paragraphs. To have
different encryption with each paragraph, you would need to specify
different keys and there is no mechanism to do that with symmetric
encryption only asymmetric.

What is your use case where you need multiple symmetric encryption keys
in one file?

> 3. Does org-encrypt only ask for the key the first time?
> 4. Does org-decrypt only ask for the key the first time?

Well that can depend on your environment and how it is configured. These
days, most Linux desktops and macOS have a form of GPG Agent and/or
keyring (I'd assume similar wiht Windows, but don't use that platform).
Typically, these agents/keyrings are configured to cache passphrases for
a period of time. Sometimes, you can tell the keyring keys it has access
to without the passphrase provided your login key has been 'opened'. So
for example, the passwords for my imap accounts are in a gpg file and
I've told my keyring agent to always allow access to those keys (this
was an option in the passphrase dialogue box). 

I also think epa has support for caching of passphrases. Therefore, it
could be that Emacs is caching the key for you and it will keep it in a
session cache for a period of time or until the session is closed. 

One way to sort out where the caching is occurring might be to try
decrypting outside of Emacs just using gnupg. If it asks for the key but
does not ask when doing it within Emacs, then it is probably Emacs doing
the caching. 

> 5. How do they know where to get the password when they don't ask?

See above re: caching, keyrings and gpg agents.

> 6. Shouldn't org-crypt docs in org manual have examples?

Probably, though I don't know what else you would put in there which
isn't already there. Feel free to supply a PR or patch once you have
worked it out. However, as noted in the commentary section, org-crypt.el
is really a very light-weight wrapper around functions in epg.el, so
likely the first place to start when looking for documentation and
examples is the epa/epg/easyPG manual