Re: [Orgmode] org-crypt.el --- Public key encryption for org-mode entries

[Adam Spiers]

On Fri, Sep 28, 2007 at 11:48:34PM -0400, John Wiegley wrote:
> The following code is preliminary, but gets the job done in my simple tests.
> Now's the time to beat down on, and refine, the user interface and behavior.

[snipped]

I gave this a go and the basic functionality works fine for me,
thanks!  As you are obviously aware from the above, there are issues
with the interface; here's an independent perspective on the gaps
which I would personally prefer to see prioritised first:

  - Only text before, not after, the CRYPTKEY property gets encrypted.

  - I couldn't get property inheritance to work at all via

      (setq org-use-property-inheritance '("CRYPTKEY"))

    (as per my other post in the last hour, this is not possible via
    the normal Customization UI) but maybe I'm misunderstanding
    something about how it's supposed to work.  The goal would be to
    support encryption of a whole subtree, e.g.

      * PROJECT top s3kr1t!
        :PROPERTIES:
        :CRYPTKEY: 7A2F2DDC
        :END:
        Here beginneth the classified dossier.
      ** If anyone sees this it means Global Thermonuclear War
      *** How about a nice game of chess?
      ** (and the universe might implode too)

  - org-decrypt-entry leaves a PGP block in there - is that necessary?

  - Local variable-based customisation of `after-save-hook' is not
    ideal because it overrides any global hooks.

  - Unless I'm missing something, shouldn't it be `before-save-hook'
    instead?  Currently, you save the buffer, it encrypts entries,
    then you have to hit save again.

  - Ideally the user would never see the PGP blocks from within emacs,
    only by looking at the raw file saved on disk.  Could a first
    appromixation to this could be achieved by having
    `before-save-hook' encrypt all entries, and `after-save-hook'
    decrypt them all again?

It may be worth observing that despite your comment:

;;                        If you want encryption to be manual, use `M-x
;;    org-encrypt-entries'.  Note that in this version -- mainly because I
;;    don't know epg.el better -- you will be asked for your password for
;;    every entry that needs encryption.

I did not experience this; this is almost certainly because I already
had a GPG agent daemon running, `use-agent' in my ~/.gnupg/options,
and emacs was invoked from a shell in such a way as to guarantee that
it inherited the correct value of $GPG_AGENT_INFO.  So from a
usability perspective it is not a particularly pressing issue that you
have coded it this way.

Hope this is of use, and thanks again for putting 0.1 out there!

Adam