From mboxrd@z Thu Jan 1 00:00:00 1970 From: Austin Frank Subject: Re: Feature request: Selective encryption Date: Sat, 01 Sep 2007 09:54:59 +0300 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IRMt6-0007Uy-DQ for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 02:55:20 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IRMt4-0007U5-O5 for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 02:55:20 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IRMt4-0007U2-I7 for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 02:55:18 -0400 Received: from mx20.gnu.org ([199.232.41.8]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IRMt3-0001Hk-RK for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 02:55:18 -0400 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IRMt2-0004WP-Uj for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 02:55:17 -0400 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1IRMsw-0004OT-UD for emacs-orgmode@gnu.org; Sat, 01 Sep 2007 08:55:10 +0200 Received: from cs78150123.pp.htv.fi ([62.78.150.123]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 01 Sep 2007 08:55:10 +0200 Received: from austin.frank by cs78150123.pp.htv.fi with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 01 Sep 2007 08:55:10 +0200 List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: emacs-orgmode@gnu.org On Sat, Sep 01 2007, Anupam Sengupta wrote: > I use epg to encrypt the org-mode files. EPG expects the files to have > a suffix of .gpg, which conflicts with the .org suffix - however, I > circumvent this with a file local mode setting as the first line in my > org files: > > # -*- mode: org; epa-file-encrypt-to: (""); coding: utf-8-unix; -*- > > This allows the file's major mode to be Org-mode. > > In addition, the archive files are also encrypted, and hence an > over-ride is needed for the file name (otherwise the defaults will > conflict): > > I have ... > > #+ARCHIVE: ~/org/.org_archive.gpg:: > > In my active Org files - which works fine for the archival process, > and ensures that the archives are also encrypted. A few other options: - EPG also has the function epa-encrypt-region. It asks for a recipient's key to use for encrypting, and does symmetric encryption if none is selected. This could be used to selectively encrypt certain subtrees. Especially given that... - message-mode has functions like mml-secure-encrypt (there are lots of others in the mml-secure-* family). These functions use the strategy of inserting tags around the region to be encrypted. I haven't actually read the functions, but from the outside it looks like the tags are used to set the region, the region is encrypted/signed, and then the tags are removed from the outgoing copy of the message. FWIW, the tags look like (the leading # was added by me to keep the tag from actually doing anything in this message): # <#secure method=pgpmime mode=sign> For interactive encrypting, I think epa-encrypt-region is probably already good enough to do what folks have asked for. For permanently marking a subtree for encryption, maybe we could set a property like ENCRYPT_CHILDREN, or set pairs of properties like ENCRYPT_BEGIN and ENCRYPT_END. The presence of these properties would cause the appropriate region to be selected and passed to epa-encrypt-region when org-encrypt-subtrees or org-encrypt-buffer is called (just speculating about some possible function names). Maybe on org-encrypt-buffer the default is to call epa-encrypt-file unless some portion of the file is marked for encryption, in which case it calls epa-encrypt-region on the appropriate text. The values of the ENCRYPT_* properties could be the key to use, or just t. If the value is t, either the key will be pulled from a file-level variable, or the user will be prompted for which key to use (as epa-encrypt-region normally does). Thanks, /au -- Austin Frank http://aufrank.net GPG Public Key (D7398C2F): http://aufrank.net/personal.asc