[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: encrypt.el in No Gnus 0.7
|
From: |
Daiki Ueno |
|
Subject: |
Re: encrypt.el in No Gnus 0.7 |
|
Date: |
Fri, 2 Nov 2007 00:24:04 +0900 |
2007/11/2, Ted Zlatanov <address@hidden>:
> On Thu, 1 Nov 2007 10:30:54 +0900 "Daiki Ueno" <address@hidden> wrote:
> DU> epa-file.el in EasyPG can also do that. Have you looked at it?
> DU> I think it is much easier to use since it does not need elisp setup
> DU> like encrypt-file-alist.
>
> encrypt-file-alist can be set up via Customize. It's intended as an
> API, however, so I am not concerned about end users too much.
I think encrypt-file-alist is too much custamisable since GnuPG
records what cipher is used to encrypt in the PGP message. See
RFC2440.
> Your EasyPG code is probably better, I am not an ELisp expert by any
> means. But epa-file.el not an API, and does not support arbitrary
> ciphers as encrypt.el does (AFAIK). See the encrypt.el XOR cipher for
> an example of what I mean. EasyPG seems firmly attached to the GPG/PGP
> process, which is not a bad thing, only it doesn't provide an abstract
> encryption API.
Yes, EasyPG does not (yet) provide a way to specify the cipher
algorithm but as I mentioned above we need to specify only the first
time. Is it not enough to edit ~/.gnupg/gpg.conf or manually call the
gpg command with options?
I also think that your XOR cipher is not a good idea as a fallback
algorithm. Have you ever read Simon Singh's "The Code Book"?
> DU> Yes, EasyPG is a bit complex and invasive. But IMO sometimes
> DU> usability should be given priority over simplicity &
> DU> non-invasiveness.
>
> Sure, and that's your choice to make within the EasyPG package, which
> has specific needs. I think an API must be simple an non-invasive,
> though, and encrypt.el is by those standards a better API than
> epa-file.el or any other *crypt* package I've seen. If I'm wrong,
> please tell me.
epa-file.el is an *application* not a *libarary* (I'm a bit tired of
explanating these difference again and again...). epg.el is the
library and it provides the API. Since it only accepts string or file
for encryption and do not cache passphrase, it is simpler than
encrypt.el.
Regards,
--
Daiki Ueno
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/01
- Re: encrypt.el in No Gnus 0.7,
Daiki Ueno <=
- Re: encrypt.el in No Gnus 0.7, Richard Stallman, 2007/11/01
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/02
- Re: encrypt.el in No Gnus 0.7, Stefan Monnier, 2007/11/02
- Re: encrypt.el in No Gnus 0.7, Richard Stallman, 2007/11/04
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/04
- Re: encrypt.el in No Gnus 0.7, Richard Stallman, 2007/11/05
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/05
- Re: encrypt.el in No Gnus 0.7, Richard Stallman, 2007/11/05
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/06
- Re: encrypt.el in No Gnus 0.7, Richard Stallman, 2007/11/07