diff options
author | Carsten Dominik <carsten.dominik@gmail.com> | 2010-09-26 11:16:34 +0200 |
---|---|---|
committer | Carsten Dominik <carsten.dominik@gmail.com> | 2010-09-26 11:16:34 +0200 |
commit | 5460c4b7d8a5b006941eff39c5fe17612b584782 (patch) | |
tree | c3eb6c4cf44de71fa9982ea2f20e46d064489e5b | |
parent | 91af408bf464bbd9e0b758882b38fecada302226 (diff) | |
download | org-mode-5460c4b7d8a5b006941eff39c5fe17612b584782.tar.gz |
Prompt for MobileOrg encryption password
* doc/org.texi (Setting up the staging area): Document use of crypt password.
* lisp/org-mobile.el (org-mobile-encryption-password): Improve docstring.
(org-mobile-encryption-password-session): New variable.
(org-mobile-encryption-password): New function.
(org-mobile-check-setup):
(org-mobile-encrypt-file):
(org-mobile-decrypt-file): Use the new function.
-rw-r--r-- | doc/org.texi | 34 | ||||
-rw-r--r-- | lisp/org-mobile.el | 29 |
2 files changed, 43 insertions, 20 deletions
diff --git a/doc/org.texi b/doc/org.texi index 7aad82a..81bc821 100644 --- a/doc/org.texi +++ b/doc/org.texi @@ -14235,12 +14235,14 @@ MobileOrg needs to interact with Emacs through directory on a server@footnote{If you are using a public server, you might prefer to encrypt the files on the server. This can be done with Org-mode 6.35 and, hopefully, with MobileOrg 1.5 (please check before trying to use this). On the Emacs -side, configure the variables @code{org-mobile-use-encryption} and -@code{org-mobile-encryption-password}.}. The easiest way to create that -directory is to use a free @uref{http://dropbox.com,Dropbox.com} -account@footnote{If you cannot use Dropbox, or if your version of MobileOrg -does not support it, you can use a webdav server. For more information, -check out the the documentation of MobileOrg and also this +side, configure the variable @code{org-mobile-use-encryption}. If you can +safely store the password in your Emacs setup, you might also want to +configure @code{org-mobile-encryption-password}. Please read the docstring +of that variable.}. The easiest way to create that directory is to use a +free @uref{http://dropbox.com,Dropbox.com} account@footnote{If you cannot use +Dropbox, or if your version of MobileOrg does not support it, you can use a +webdav server. For more information, check out the the documentation of +MobileOrg and also this @uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}. When MobileOrg first connects to your Dropbox, it will create a directory @i{MobileOrg} inside the Dropbox. After the directory has been created, tell @@ -14263,15 +14265,17 @@ can be included by customizing @code{org-mobiles-files}. File names will be staged with path relative to @code{org-directory}, so all files should be inside this directory. The push operation also creates a special Org file @file{agendas.org} with all custom agenda view defined by the -user@footnote{While creating the agendas, Org-mode will force (see the -variable @code{org-mobile-force-id-on-agenda-items}) ID properties on all -referenced entries, so that these entries can be uniquely -identified if @i{MobileOrg} flags them for further action.}. Finally, Org -writes the file @file{index.org}, containing links to all other files. -@i{MobileOrg} first reads this file from the server, and then downloads all -agendas and Org files listed in it. To speed up the download, MobileOrg will -only read files whose checksums@footnote{stored automatically in the file -@file{checksums.dat}} have changed. +user@footnote{While creating the agendas, Org-mode will force ID properties +on all referenced entries, so that these entries can be uniquely identified +if @i{MobileOrg} flags them for further action. If you do not want to get +these properties in so many entries, you can set the variable +@code{org-mobile-force-id-on-agenda-items} to @code{nil}. Org mode will then +rely on outline paths, in the hope that these will be unique enough.}. +Finally, Org writes the file @file{index.org}, containing links to all other +files. @i{MobileOrg} first reads this file from the server, and then +downloads all agendas and Org files listed in it. To speed up the download, +MobileOrg will only read files whose checksums@footnote{stored automatically +in the file @file{checksums.dat}} have changed. @node Pulling from MobileOrg, , Pushing to MobileOrg, MobileOrg @section Pulling from MobileOrg diff --git a/lisp/org-mobile.el b/lisp/org-mobile.el index 6163a75..7cb7b9a 100644 --- a/lisp/org-mobile.el +++ b/lisp/org-mobile.el @@ -90,12 +90,29 @@ You might want to put this file into a directory where only you have access." This is a single password which is used for AES-256 encryption. The same password must also be set in the MobileOrg application. All Org files, including mobileorg.org will be encrypted using this password. + +SECURITY CONSIDERATIONS: + Note that, when Org runs the encryption commands, the password could -be visible on your system with the `ps' command. So this method is only -intended to keep the files secure on the server, not on your own machine." +be visible briefly on your system with the `ps' command. So this method is +only intended to keep the files secure on the server, not on your own machine. + +Also, if you set this variable in an init file (.emacs or .emacs.d/init.el +or custom.el...) and if that file is stored in a way so that other can read +it, this also limits the security of this approach. You can also leave +this variable empty - Org will then ask for the password once per Emacs +session." :group 'org-mobile :type '(string :tag "Password")) +(defvar org-mobile-encryption-password-session nil) + +(defun org-mobile-encryption-password () + (or (org-string-nw-p org-mobile-encryption-password) + (org-string-nw-p org-mobile-encryption-password-session) + (setq org-mobile-encryption-password-session + (read-passwd "Password for MobileOrg: " t)))) + (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org" "The file where captured notes and flags will be appended to. During the execution of `org-mobile-pull', the file @@ -356,7 +373,7 @@ agenda view showing the flagged items." (string-match "\\S-" org-mobile-checksum-binary)) (error "No executable found to compute checksums")) (when org-mobile-use-encryption - (unless (string-match "\\S-" org-mobile-encryption-password) + (unless (string-match "\\S-" (org-mobile-encryption-password)) (error "To use encryption, you must set `org-mobile-encryption-password'")) (unless (file-writable-p org-mobile-encryption-tempfile) @@ -649,7 +666,8 @@ encryption program does not understand them." "Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'." (shell-command (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s" - (shell-quote-argument (concat "pass:" org-mobile-encryption-password)) + (shell-quote-argument (concat "pass:" + (org-mobile-encryption-password))) (shell-quote-argument (expand-file-name infile)) (shell-quote-argument (expand-file-name outfile))))) @@ -657,7 +675,8 @@ encryption program does not understand them." "Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'." (shell-command (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s" - (shell-quote-argument (concat "pass:" org-mobile-encryption-password)) + (shell-quote-argument (concat "pass:" + (org-mobile-encryption-password))) (shell-quote-argument (expand-file-name infile)) (shell-quote-argument (expand-file-name outfile))))) |