Re: EasyPG API and usage questions

[Ted Zlatanov]

On Sat, 1 Mar 2008 09:23:02 +0900 "Daiki Ueno" <address@hidden> wrote: 

DU> 2008/3/1, Ted Zlatanov <address@hidden>:
>> I want to replace encrypt.el with EasyPG in netrc.el (in Gnus and later
>> also in Emacs).  Can you explain how to replace this
>> 
>> (let ((encryption-model
>> (when (netrc-bound-and-true-p encrypt-file-alist)
>> (encrypt-find-model file))))
>> 
>> (if encryption-model
>> (encrypt-insert-file-contents file encryption-model)
>> (insert-file-contents file)))
>> 
>> with the equivalent EasyPG string-based or buffer-based functions?
>> 
>> It seems like (insert (epg-decrypt-string ...)) or
>> epa-file-insert-file-contents is the way to do it (probably the second
>> one), but I'd like to be sure I'm following the recommended usage.
>> Should netrc.el use the epa-* or epg-* interface?

DU> Doesn't it work without any change?  epa-file changes
DU> insert-file-contents behavior to decrypt *.gpg files automatically.

Should we require users to override insert-file-contents to use
encryption with netrc.el?  It makes our life easier, but the user
doesn't have the choice to just use it for netrc.el anymore, he has to
turn it on globally.  I certainly don't know all the issues involved
here, so opinions are welcome.

DU> For example, I believe that the following code just works:

DU> (epa-file-enable);; this may become (auto-encryption-mode t) in the future.

DU> (setq nnimap-authinfo-file "~/.authinfo.gpg"
DU>       nntp-authinfo-file "~/.authinfo.gpg"
DU>       smtpmail-auth-credentials "~/.authinfo.gpg")

DU> What feature do you want in addition to this?

Just the choice of cipher, and a way to limit the epa-file-enable effect
to the insert only (pending discussion above).  I think specifying
symmetric encryption at the epa-file level would be nice too.

>> functionality?  The epa.texi file doesn't seem to cover
>> epa-file-name-regexp for example, to explain what will happen with files
>> that match, and how to create such files with various options (see
>> below).  By the way, epa-file-name-regexp should be a list of regular
>> expressions and filenames, so the users can add something easily to the
>> list.

DU> If all the custom-options should be documented in texi, I will do it.

If epa-file.el is a base Emacs feature, it should be documented so a
beginner can get started with it.  That doesn't mean every custom option
in depth necessarily, but some overview would be good.

>> - how do I specify a particular cipher?

DU> There is no such API in lisp level, since I doubt that there is any
DU> practical use to select ciphers per data.  Is it not enough to put
DU> cipher-algo option in ~/.gnupg/gpg.conf?

I don't know.  Can I say "I want all these files encrypted with light
encryption, but these with a better one"?  I think this is valuable
(yes, we already discussed this in the context of encrypt.el, but I
think the user should at least have some choice in the matter).  

It seems from reading the GPG docs that you can only set the algorithm
globally with gpg.conf, but I may have misunderstood.

For example, I want to store a Maildir spool encrypted and doing heavy
encryption is not practical at that scale, but my .authinfo file should
be protected with the best cipher possible and it's tiny.

This is related to epa-file-name-regexp, which makes it difficult to add
multiple patterns to the list (especially for beginners).  To add the
Maildir, I'd need to modify the regexp.  Perhaps a epa-file-names
variable would be better, with options (regexp | directory | filename)
per entry.

>> - how do I specify symmetric encryption?

DU> Just pass nil as RECIPIENTS to the epg-encrypt-*.  This is documented
DU> in their docstrings.

OK.  I think it would be nice at the epa-file level too.  Do you mind if
I submit a patch, or do you want it always asymmetrical in epa-file, or
is there a way to do it I don't know?

>> - how do I specify plaintext instead of binary output?

DU> s/plaintext/ASCII armor/?  It can be done with:

DU> (let ((epg-make-context 'OpenPGP))
DU>   (epg-context-set-armor t)
DU>   (epg-encrypt-string context "test test test" nil))

OK, thanks (I saw your followup correction about this).

>> - how do I generate a GPG key?  (I realize GPG will do it, but epa.texi
>> just says you can import keys without explaining)

DU> There are API functions epg-generate-key-from-*, but interactive
DU> commands are missing.  Patches welcome.

Perhaps I could contribute later, when I have learned the library
better.

Thank you
Ted