[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[O] Off-topic: *.gpg files and EasyPG
|
From: |
Ramon Diaz-Uriarte |
|
Subject: |
[O] Off-topic: *.gpg files and EasyPG |
|
Date: |
Fri, 30 Dec 2011 15:26:53 +0100 |
|
User-agent: |
SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.8 Emacs/23.3 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) |
Dear All,
Apologies if this is totally off-topic, but I think many people use
org-mode + EasyPG to encrypt *.org.gpg files, and I could not think of a
more knowledgeable list than this one ;-).
* Summary:
If an encrypted buffer is killed right when it is being opened (when you
just typed the password), the contents of the encrypted buffer are left,
as plain text, in other buffer(s).
* Details:
I routinely use org mode with EasyPG. Yesterday, after realizing that
sometimes I leave a gpg buffer open for longer than I should, I figured
I'd set a timer so that any buffers that end with *.gpg are killed
periodically.
This seems to work OK, except if the buffer is killed right at the
moment when it is being visited; i.e., right after you have entered the
password.
If that happens, the contents of the encrypted file are left, as plain
text, in one of the other buffers (often *Scratch* or *Messages*, if
those exist, or some other buffer, and oftentimes one which is not
currently visible).
** Reproducible example
1. I have the following code in my .emacs:
-----------
;; from
;;
http://stackoverflow.com/questions/5097561/killing-buffers-whose-names-start-with-a-particular-string
(require 'cl)
(defun is-killable-buffer (buffer)
(let ((name (buffer-name buffer)))
(string-match ".*\\.gpg$" name)))
(defun kill-killable-buffers ()
(loop for buffer being the buffers
do (and (is-killable-buffer buffer) (kill-buffer buffer))))
(run-at-time t 120 'kill-killable-buffers)
-------------
2. Now, create a *.gpg file, put something in there, and save it so symmetric
encryption is used.
3. Change the interval when kill-killable-buffers runs. Set it at 1:
(run-at-time t 1 'kill-killable-buffers)
and evaluate the expression.
4. Try to visit the gpg file. As soon as you enter the password, the
buffer is killed. So you never see it being opened. You do see the message
Wrong type argument: stringp, nil
But the contents, as decrypted, plain text, will be left in one of your
other buffers; might be *Messages* or *Scratch* or *ESS* if you have it,
but it could also be any other buffer you are visiting.
If the contents end in another buffer you are visiting (say, buffer
"abc.txt"), and you do not notice what happened, when you save abc.txt
all the contents of the encrypted file end up in a plain text file.
** Questions.
1. Is this the way it should be? In particular, dumping the unencrypted
content on another, "normal" buffer, seems worrisome.
2. Suppose the contents end up in *Scratch* or *Messages*. How serious a
problem is this? Of course, if anybody has physical access to the machine
while you are not there that is a problem. But I understand that the
content of those buffers is never saved? And it cannot be accessed
remotely?
The reason for question 2. is that if those are not worrisome, then it
might make sense to use the approach of having a timer to kill the gpg
buffers periodically, and have it run in an emacs process that is
dedicated, exclusively, to opening the gpg file(s).
Best,
--
Ramon Diaz-Uriarte
Department of Biochemistry, Lab B-25.
Facultad de Medicina (UAM)
Arzobispo Morcillo, 4
28029 Madrid
Spain
Phone: +34-91-497-2412
Email: address@hidden
address@hidden
http://ligarto.org/rdiaz
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [O] Off-topic: *.gpg files and EasyPG,
Ramon Diaz-Uriarte <=