Tim Cross <theophil...@gmail.com> writes: > David Masterson <dsmaster...@gmail.com> writes: > >> Tim Cross <theophil...@gmail.com> writes: >> >>> Warning: I have not used org-crypt for many years. These days, I just >>> use a .org.gpg extensions and symmetrically encrypt the whole file. >>> However, I think I can probably answer some of your questions - >> >> Hmm, two questions that this brings up: >> >> 1. Do you access your files on (say) iPhone? >> 2. Do you store your files in Git (say Github)? >> > > Well, yes and yes, but I don't tend to need to access encrypted files on > iphone. I do have encrypted files in github. For example, I have a > private repository of files I share across computers (Linux and macOS). > Some of these files are gpg encrypted.
Exactly the system I'm looking for! (or almost) I am already using (Emacs, Org, MaGit) on Linux, (BeOrg, Working Copy) on the iPhone, and a Github private repository. This is complicated to the new user (like me w/ 42yrs [off and on] of Emacs usage), but Git has saved me a number of times on resyncing if I change things on both sides. But I would like to use more encryption with this. When it's secure, I'd like to roll it out on my family's iPhones as well. > Determining which parts are encrypted isn't hard. However, how do you > know which key to associate with each bit? The only solution I can see > is to attempt every known symetric key to each chunk until one works and > if none of the known ones work, ask for another one. This could be how > it works, but that seems extremely inefficient and difficult to manage > to me. > > The other problem is how to prompt for the key. Lets say you have 10 > encrypted items in an org file, each encrypted with a different > symmetric key. Org has to ask the user for the key for each one. What > goes into the prompt to give the user an idea which of the 10 different > keys to enter? I guess it could say "Entger key for chunk 1:" and "Enter > key for chunk2":, but I'm not sure that is good. The system could use > the section heading, but I didn't see anything to indicate it would do > that when scanning the code, but perhaps I missed it. > > >> >> Hmm, you're suggesting you don't use org-(en/de)crypt. The manual >> doesn't spell out very well how to do that. Where do you put your key >> for symmetric encryption? >> > > With symmetric encryhption, there is no 'key' to put anywhere. The key > is the password/passphrase. You only have a 'key' with asymmetric > encryption, where you have two files, the private and public key. These > are managed by gnupg in the .gnupg directory (typically). Problem with my terminology, I guess. > One thing which you may find helpful is to look at the 3 separate layers > involved with org-crypt as they all have their own manual and each layer > provides some of the information you are after i.e. > > - Encryption/decryption and key management is largely handled by gnupg. > The documentation associated with gnupg is pretty good and will likely > answer many of your questions. Hmm. Okay. > - The interface to gnupg from within Emacs is managed by easyPG, which > basically consists of two libraries - epa, which provides the Emacs > interface layer for gnupg and epg, which provides a library that can be > used by Emacs packages to access gnupg. This is primarily what org-crypt > uses. The easyPG manual is pretty good and contains some good > information. Okay. > - org-crypt, which is a very light-weight wrapper around the epg > functions. It provides the basic integration between org and easyPG. Org-crypt needs more documentation to point to the other two as well as provide a simple example to help people know if they are on the right track. >>> What is your use case where you need multiple symmetric encryption keys >>> in one file? >> >> One broken key doesn't give up the whole file. >> > > That might be a false sense of security. The big weakness with symmetric > encryption is they key/passphrase. It suffers from the same problem of > passwords (which are mostly 'human'). If one of your keys is weak enough > it has been broken, the odds are pretty high that the others will be as > well. The likelihood with symmetric encrytion is higher because > everything is based on the key/passphrase you supply. With asymmetric > encryption, the key is not related to the passphrase. To breach the key, > someone needs to either get hold of the private key and the passphrase > (assuming it has a passphrase, which is normal practice for secure > setup) or they need to crack the very strong key. > > For that use case, I would use asymmetric rather than symmetric > encryuption. Hmm. Point taken. I have to work on understanding asymmetric encryption with org-crypt more. Thanks -- David Masterson
