From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Wiegley Subject: Re: Feature request: Selective encryption Date: Fri, 31 Aug 2007 15:28:12 -0400 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IRCAt-0005al-2D for emacs-orgmode@gnu.org; Fri, 31 Aug 2007 15:28:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IRCAp-0005Rv-0I for emacs-orgmode@gnu.org; Fri, 31 Aug 2007 15:28:58 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IRCAo-0005Rh-RJ for emacs-orgmode@gnu.org; Fri, 31 Aug 2007 15:28:54 -0400 Received: from fyodor.hcoop.net ([64.20.38.170]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IRCAo-0006pD-69 for emacs-orgmode@gnu.org; Fri, 31 Aug 2007 15:28:54 -0400 Received: from [72.22.155.27] (helo=Hermes.local) by fyodor.hcoop.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1IRCBy-0007Yn-MN for emacs-orgmode@gnu.org; Fri, 31 Aug 2007 15:30:07 -0400 In-Reply-To: (Carsten Dominik's message of "Fri\, 31 Aug 2007 16\:04\:59 +0200") List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: emacs-orgmode@gnu.org Carsten Dominik writes: > I do think this would be a useful feature. Some properties I'd find useful: > > - Use symmetric encryption > > - Be able to recognize if an entry is encrypted > > - Leave the headline of the entry alone and only encrypt the text below it > and the subtree, if present > > - Support something like a CRYPT tag, leading to automatic encryption when > the file is saved, to make sure encrypted entries are never saved in clear > text. > > - Use only a single password per file, so once one entry is decrypted, > others will open without an additional password prompt. > > Something like this. Yes, this is just what I'm thinking too, though I'd like the option of binding different CRYPT tags to different keys or passwords. So, I could have WORK_CRYPT, HOME_CRYPT, etc., and each would have its own separate protection. This would allow multiple people to have their own private regions within the same org-mode file. allout.el goes a long way toward providing all of the above, I just wasn't fond of the mechanism (I tried porting it straight to org-mode one day, then stopped). For one thing, I want to use my GnuPG public key for encryption, not a symmetric cipher. That needs to be configurable. I should be able to create an external module for this that does not affect org.el at all, but just adds keybindings to org-mode-map and after-save-hook. John