* Bug: OpenSSL and MobileORG [9.0.9 (9.0.9-47-g404ac4-elpa @ /home/jeff/.emacs.d/.cask/25.2/elpa/org-20170717/)]
@ 2017-07-19 20:04 Jeff Larson
2017-07-23 11:40 ` Nicolas Goaziou
0 siblings, 1 reply; 4+ messages in thread
From: Jeff Larson @ 2017-07-19 20:04 UTC (permalink / raw)
To: emacs-orgmode
Remember to cover the basics, that is, what you expected to happen and
what in fact did happen. You don't know how to make a good report? See
http://orgmode.org/manual/Feedback.html#Feedback
Your bug report will be posted to the Org mailing list.
------------------------------------------------------------------------
Hi!
I'm having trouble using org-mobile to sync my notes on ArchLinux. I use
the encryption option to sync with dropbox. I've tracked it down to a
change in openssl 1.1.0:
https://stackoverflow.com/questions/39637388/encryption-decryption-doesnt-work-well-between-two-different-openssl-versions
When I try to decrypt a file in my mobile inbox with:
openssl enc -d -aes-256-cbc -salt -in agendas.org
I get:
bad decrypt
140222661816192:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:535:
And my openssl version is:
OpenSSL 1.1.0f 25 May 2017
But this command, where I specify the hash algorithm with -md md5, works:
openssl enc -d -aes-256-cbc -md md5 -salt -in agendas.org
I think simplest change is that the encryption and decryption
commands in org-mobile.el need to add the '-md md5' option. So this line
for encryption:
http://orgmode.org/w/org-mode.git?p=org-mode.git;a=blob;f=lisp/org-mobile.el;h=12e6c84b3ceac57561dbc366cc6043a52f9a772d;hb=HEAD#l696
and this one for decryption:
http://orgmode.org/w/org-mode.git?p=org-mode.git;a=blob;f=lisp/org-mobile.el;h=12e6c84b3ceac57561dbc366cc6043a52f9a772d;hb=HEAD#l705
It might also be worthwhile to switch to sha256 in the future, but
that's a bigger change.
Thanks for org mode and mobile org, I just started using it and it has
been life changing.
--Jeff
Emacs : GNU Emacs 25.2.1 (x86_64-unknown-linux-gnu, GTK+ Version 3.22.16)
of 2017-07-15
Package: Org mode version 9.0.9 (9.0.9-47-g404ac4-elpa @ /home/jeff/.emacs.d/.cask/25.2/elpa/org-20170717/)
current state:
==============
(setq
org-journal-mode-hook '(#[nil "\301\b\302\303\304$\207"
[org-journal-encrypt-on org-add-hook
org-journal-encryption-hook nil t]
5]
(lambda nil
(org-add-hook org-journal-encrypt-on
(quote org-journal-encryption-hook) nil t)
)
)
org-tab-first-hook '(org-babel-hide-result-toggle-maybe
org-babel-header-arg-expand)
org-speed-command-hook '(org-speed-command-default-hook
org-babel-speed-command-hook)
org-ellipsis " "
org-occur-hook '(org-first-headline-recenter)
org-metaup-hook '(org-babel-load-in-session-maybe)
org-log-done 'time
org-confirm-shell-link-function 'yes-or-no-p
org-support-shift-select t
org-default-notes-file "~/SpiderOak Hive/org/notes.org"
org-after-todo-state-change-hook '(org-clock-out-if-current)
org-src-mode-hook '(org-src-babel-configure-edit-buffer
org-src-mode-configure-edit-buffer)
org-agenda-before-write-hook '(org-agenda-add-entry-text)
org-babel-pre-tangle-hook '(save-buffer)
org-mobile-encryption-password "[REDACTED]"
org-log-redeadline 'note
org-mode-hook '(#[0 "\300\301\302\303\304$\207"
[add-hook change-major-mode-hook org-show-block-all append
local]
5]
#[0 "\300\301\302\303\304$\207"
[add-hook change-major-mode-hook org-babel-show-result-all
append local]
5]
org-babel-result-hide-spec org-babel-hide-all-hashes
org-journal-update-auto-mode-alist)
org-refile-targets '((org-agenda-files :maxlevel . 6))
org-fontify-done-headline t
org-archive-hook '(org-attach-archive-delete-maybe)
org-directory "~/SpiderOak Hive/org"
org-enforce-todo-dependencies t
org-cycle-hook '(org-cycle-hide-archived-subtrees org-cycle-hide-drawers
org-cycle-show-empty-lines
org-optimize-window-after-visibility-change)
org-fontify-quote-and-verse-blocks t
org-log-refile 'time
org-journal-dir "~/SpiderOak Hive/journal/"
org-log-reschedule 'note
org-todo-keywords '((sequence "TODO" "IN-PROGRESS" "WAITING" "|" "DONE"
"CANCELED")
)
org-modules '(org-mobile org-habit org-w3m org-bbdb org-bibtex org-docview
org-gnus org-info org-irc org-mhe org-rmail)
org-agenda-window-setup 'only-window
org-confirm-elisp-link-function 'yes-or-no-p
org-metadown-hook '(org-babel-pop-to-session-maybe)
org-mobile-use-encryption t
org-blocker-hook '(org-block-todo-from-children-or-siblings-or-parent)
org-link-parameters '(("id" :follow org-id-open)
("rmail" :follow org-rmail-open :store
org-rmail-store-link)
("mhe" :follow org-mhe-open :store org-mhe-store-link)
("irc" :follow org-irc-visit :store org-irc-store-link)
("info" :follow org-info-open :export org-info-export
:store org-info-store-link)
("gnus" :follow org-gnus-open :store
org-gnus-store-link)
("docview" :follow org-docview-open :export
org-docview-export :store org-docview-store-link)
("bibtex" :follow org-bibtex-open :store
org-bibtex-store-link)
("bbdb" :follow org-bbdb-open :export org-bbdb-export
:complete org-bbdb-complete-link :store
org-bbdb-store-link)
("w3m" :store org-w3m-store-link)
("mu4e" :follow org-mu4e-open :store
org-mu4e-store-link)
("file+sys") ("file+emacs")
("doi" :follow org--open-doi-link)
("elisp" :follow org--open-elisp-link)
("file" :complete org-file-complete-link)
("ftp" :follow
(lambda (path) (browse-url (concat "ftp:" path))))
("help" :follow org--open-help-link)
("http" :follow
(lambda (path) (browse-url (concat "http:" path))))
("https" :follow
(lambda (path) (browse-url (concat "https:" path))))
("mailto" :follow
(lambda (path) (browse-url (concat "mailto:" path))))
("message" :follow
(lambda (path) (browse-url (concat "message:" path))))
("news" :follow
(lambda (path) (browse-url (concat "news:" path))))
("shell" :follow org--open-shell-link))
org-mobile-directory "~/Dropbox/Apps/MobileOrg"
org-reveal-start-hook '(org-decrypt-entry)
org-fontify-whole-heading-line t
org-agenda-files '("~/SpiderOak Hive/org/work.org"
"~/SpiderOak Hive/org/family.org")
org-clock-out-hook '(org-clock-remove-empty-clock-drawer)
org-mobile-inbox-for-pull "~/SpiderOak Hive/org/notes.org"
org-tag-alist '((:startgroup) ("@work" . 119) ("@home" . 104) (:endgroup)
("phone" . 112) ("meeting" . 109) ("code" . 99)
("writing" . 114))
)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Bug: OpenSSL and MobileORG [9.0.9 (9.0.9-47-g404ac4-elpa @ /home/jeff/.emacs.d/.cask/25.2/elpa/org-20170717/)]
2017-07-19 20:04 Bug: OpenSSL and MobileORG [9.0.9 (9.0.9-47-g404ac4-elpa @ /home/jeff/.emacs.d/.cask/25.2/elpa/org-20170717/)] Jeff Larson
@ 2017-07-23 11:40 ` Nicolas Goaziou
2017-07-25 1:29 ` [PATCH] Specify the message digest for the OpenSSL commands for org-mobile Jeff Larson
0 siblings, 1 reply; 4+ messages in thread
From: Nicolas Goaziou @ 2017-07-23 11:40 UTC (permalink / raw)
To: Jeff Larson; +Cc: emacs-orgmode
Hello,
Jeff Larson <thejefflarson@gmail.com> writes:
> I think simplest change is that the encryption and decryption
> commands in org-mobile.el need to add the '-md md5' option. So this line
> for encryption:
>
> http://orgmode.org/w/org-mode.git?p=org-mode.git;a=blob;f=lisp/org-mobile.el;h=12e6c84b3ceac57561dbc366cc6043a52f9a772d;hb=HEAD#l696
>
> and this one for decryption:
>
> http://orgmode.org/w/org-mode.git?p=org-mode.git;a=blob;f=lisp/org-mobile.el;h=12e6c84b3ceac57561dbc366cc6043a52f9a772d;hb=HEAD#l705
It sounds good. Would you want to provide a patch for that change, along
with a proper commit message? See
<http://orgmode.org/worg/org-contribute.html#patches> for details.
Regards,
--
Nicolas Goaziou
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Specify the message digest for the OpenSSL commands for org-mobile.
2017-07-23 11:40 ` Nicolas Goaziou
@ 2017-07-25 1:29 ` Jeff Larson
2017-07-25 7:10 ` Nicolas Goaziou
0 siblings, 1 reply; 4+ messages in thread
From: Jeff Larson @ 2017-07-25 1:29 UTC (permalink / raw)
To: Nicolas Goaziou; +Cc: emacs-orgmode
org-mobile.el: fix the message digest as MD5 for compatibility across
OpenSSL versions.
OpenSSL switched to using SHA256 by default for symmetric encryption
in version 1.1. Unfortunately that means that newer versions of the
openssl command line tool can not decrypt encrypted org-mobile files
without the '-md md5' option. This commit changes the shell commands
in org-mobile-encrypt-file and org-mobile-decrypt-file to explicitly
specify MD5 as the hash digest.
TINYCHANGE
---
lisp/org-mobile.el | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lisp/org-mobile.el b/lisp/org-mobile.el
index 12e6c84b3..c5b9e10f4 100644
--- a/lisp/org-mobile.el
+++ b/lisp/org-mobile.el
@@ -693,7 +693,7 @@ encryption program does not understand them."
(defun org-mobile-encrypt-file (infile outfile)
"Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
(shell-command
- (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
+ (format "openssl enc -md md5 -aes-256-cbc -salt -pass %s -in %s -out %s"
(shell-quote-argument (concat "pass:"
(org-mobile-encryption-password)))
(shell-quote-argument (expand-file-name infile))
@@ -702,7 +702,7 @@ encryption program does not understand them."
(defun org-mobile-decrypt-file (infile outfile)
"Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
(shell-command
- (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
+ (format "openssl enc -md md5 -d -aes-256-cbc -salt -pass %s -in %s -out %s"
(shell-quote-argument (concat "pass:"
(org-mobile-encryption-password)))
(shell-quote-argument (expand-file-name infile))
--
2.13.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Specify the message digest for the OpenSSL commands for org-mobile.
2017-07-25 1:29 ` [PATCH] Specify the message digest for the OpenSSL commands for org-mobile Jeff Larson
@ 2017-07-25 7:10 ` Nicolas Goaziou
0 siblings, 0 replies; 4+ messages in thread
From: Nicolas Goaziou @ 2017-07-25 7:10 UTC (permalink / raw)
To: Jeff Larson; +Cc: emacs-orgmode
Hello,
Jeff Larson <thejefflarson@gmail.com> writes:
> org-mobile.el: fix the message digest as MD5 for compatibility across
> OpenSSL versions.
>
> OpenSSL switched to using SHA256 by default for symmetric encryption
> in version 1.1. Unfortunately that means that newer versions of the
> openssl command line tool can not decrypt encrypted org-mobile files
> without the '-md md5' option. This commit changes the shell commands
> in org-mobile-encrypt-file and org-mobile-decrypt-file to explicitly
> specify MD5 as the hash digest.
>
> TINYCHANGE
Applied. Thank you.
Regards,
--
Nicolas Goaziou
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-07-25 7:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-19 20:04 Bug: OpenSSL and MobileORG [9.0.9 (9.0.9-47-g404ac4-elpa @ /home/jeff/.emacs.d/.cask/25.2/elpa/org-20170717/)] Jeff Larson
2017-07-23 11:40 ` Nicolas Goaziou
2017-07-25 1:29 ` [PATCH] Specify the message digest for the OpenSSL commands for org-mobile Jeff Larson
2017-07-25 7:10 ` Nicolas Goaziou
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).