[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Orgmode] Re: Feature request: Selective encryption
From: |
Austin Frank |
Subject: |
[Orgmode] Re: Feature request: Selective encryption |
Date: |
Sat, 01 Sep 2007 09:54:59 +0300 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1.50 (darwin) |
On Sat, Sep 01 2007, Anupam Sengupta wrote:
> I use epg to encrypt the org-mode files. EPG expects the files to have
> a suffix of .gpg, which conflicts with the .org suffix - however, I
> circumvent this with a file local mode setting as the first line in my
> org files:
>
> # -*- mode: org; epa-file-encrypt-to: ("<my private key email ID here>");
> coding: utf-8-unix; -*-
>
> This allows the file's major mode to be Org-mode.
>
> In addition, the archive files are also encrypted, and hence an
> over-ride is needed for the file name (otherwise the defaults will
> conflict):
>
> I have ...
>
> #+ARCHIVE: ~/org/<filename>.org_archive.gpg::
>
> In my active Org files - which works fine for the archival process,
> and ensures that the archives are also encrypted.
A few other options:
- EPG also has the function epa-encrypt-region. It asks for a
recipient's key to use for encrypting, and does symmetric
encryption if none is selected. This could be used to selectively
encrypt certain subtrees. Especially given that...
- message-mode has functions like mml-secure-encrypt (there are lots
of others in the mml-secure-* family). These functions use the
strategy of inserting tags around the region to be encrypted. I
haven't actually read the functions, but from the outside it looks
like the tags are used to set the region, the region is
encrypted/signed, and then the tags are removed from the outgoing
copy of the message. FWIW, the tags look like (the leading # was
added by me to keep the tag from actually doing anything in this
message):
# <#secure method=pgpmime mode=sign>
For interactive encrypting, I think epa-encrypt-region is probably
already good enough to do what folks have asked for. For permanently
marking a subtree for encryption, maybe we could set a property like
ENCRYPT_CHILDREN, or set pairs of properties like ENCRYPT_BEGIN and
ENCRYPT_END. The presence of these properties would cause the
appropriate region to be selected and passed to epa-encrypt-region when
org-encrypt-subtrees or org-encrypt-buffer is called (just speculating
about some possible function names). Maybe on org-encrypt-buffer the
default is to call epa-encrypt-file unless some portion of the file is
marked for encryption, in which case it calls epa-encrypt-region on the
appropriate text.
The values of the ENCRYPT_* properties could be the key to use, or just
t. If the value is t, either the key will be pulled from a file-level
variable, or the user will be prompted for which key to use (as
epa-encrypt-region normally does).
Thanks,
/au
--
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc