emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Orgmode] Re: Feature request: Selective encryption

From: Austin Frank
Subject: [Orgmode] Re: Feature request: Selective encryption
Date: Sat, 01 Sep 2007 09:54:59 +0300
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1.50 (darwin) 
On Sat, Sep 01 2007, Anupam Sengupta wrote:

> I use epg to encrypt the org-mode files. EPG expects the files to have
> a suffix of .gpg, which conflicts with the .org suffix - however, I
> circumvent this with a file local mode setting as the first line in my
> org files:
>
> # -*- mode: org; epa-file-encrypt-to: ("<my private key email ID here>"); 
> coding: utf-8-unix; -*-
>
> This allows the file's major mode to be Org-mode.
>
> In addition, the archive files are also encrypted, and hence an
> over-ride is needed for the file name (otherwise the defaults will
> conflict):
>
> I have ...
>
> #+ARCHIVE: ~/org/<filename>.org_archive.gpg::
>
> In my active Org files - which works fine for the archival process,
> and ensures that the archives are also encrypted.

A few other options:

    - EPG also has the function epa-encrypt-region.  It asks for a
      recipient's key to use for encrypting, and does symmetric
      encryption if none is selected.  This could be used to selectively
      encrypt certain subtrees.  Especially given that...

    - message-mode has functions like mml-secure-encrypt (there are lots
      of others in the mml-secure-* family).  These functions use the
      strategy of inserting tags around the region to be encrypted.  I
      haven't actually read the functions, but from the outside it looks
      like the tags are used to set the region, the region is
      encrypted/signed, and then the tags are removed from the outgoing
      copy of the message.  FWIW, the tags look like (the leading # was
      added by me to keep the tag from actually doing anything in this
      message):

#        <#secure method=pgpmime mode=sign>
         

For interactive encrypting, I think epa-encrypt-region is probably
already good enough to do what folks have asked for.  For permanently
marking a subtree for encryption, maybe we could set a property like
ENCRYPT_CHILDREN, or set pairs of properties like ENCRYPT_BEGIN and
ENCRYPT_END.  The presence of these properties would cause the
appropriate region to be selected and passed to epa-encrypt-region when
org-encrypt-subtrees or org-encrypt-buffer is called (just speculating
about some possible function names).  Maybe on org-encrypt-buffer the
default is to call epa-encrypt-file unless some portion of the file is
marked for encryption, in which case it calls epa-encrypt-region on the
appropriate text.

The values of the ENCRYPT_* properties could be the key to use, or just
t.  If the value is t, either the key will be pulled from a file-level
variable, or the user will be prompted for which key to use (as
epa-encrypt-region normally does).

Thanks,
/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc
reply via email to
[Prev in Thread] Current Thread [Next in Thread]