Prompt for MobileOrg encryption password

* doc/org.texi (Setting up the staging area): Document use of crypt password.
* lisp/org-mobile.el (org-mobile-encryption-password): Improve docstring.
(org-mobile-encryption-password-session): New variable.
(org-mobile-encryption-password): New function.
(org-mobile-check-setup):
(org-mobile-encrypt-file):
(org-mobile-decrypt-file): Use the new function.

2 files changed, 43 insertions, 20 deletions

diff --git a/doc/org.texi b/doc/org.texi
index 7aad82a..81bc821 100644
--- a/doc/org.texi
+++ b/doc/org.texi
@@ -14235,12 +14235,14 @@ MobileOrg needs to interact with Emacs through directory on a
 server@footnote{If you are using a public server, you might prefer to encrypt
 the files on the server.  This can be done with Org-mode 6.35 and, hopefully,
 with MobileOrg 1.5 (please check before trying to use this).  On the Emacs
-side, configure the variables @code{org-mobile-use-encryption} and
-@code{org-mobile-encryption-password}.}.  The easiest way to create that
-directory is to use a free @uref{http://dropbox.com,Dropbox.com}
-account@footnote{If you cannot use Dropbox, or if your version of MobileOrg
-does not support it, you can use a webdav server.  For more information,
-check out the the documentation of MobileOrg and also this
+side, configure the variable @code{org-mobile-use-encryption}.  If you can
+safely store the password in your Emacs setup, you might also want to
+configure @code{org-mobile-encryption-password}.  Please read the docstring
+of that variable.}.  The easiest way to create that directory is to use a
+free @uref{http://dropbox.com,Dropbox.com} account@footnote{If you cannot use
+Dropbox, or if your version of MobileOrg does not support it, you can use a
+webdav server.  For more information, check out the the documentation of
+MobileOrg and also this
 @uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}.
 When MobileOrg first connects to your Dropbox, it will create a directory
 @i{MobileOrg} inside the Dropbox.  After the directory has been created, tell
@@ -14263,15 +14265,17 @@ can be included by customizing @code{org-mobiles-files}.  File names will be
 staged with path relative to @code{org-directory}, so all files should be
 inside this directory.  The push operation also creates a special Org file
 @file{agendas.org} with all custom agenda view defined by the
-user@footnote{While creating the agendas, Org-mode will force (see the
-variable @code{org-mobile-force-id-on-agenda-items}) ID properties on all
-referenced entries, so that these entries can be uniquely
-identified if @i{MobileOrg} flags them for further action.}.  Finally, Org
-writes the file @file{index.org}, containing links to all other files.
-@i{MobileOrg} first reads this file from the server, and then downloads all
-agendas and Org files listed in it.  To speed up the download, MobileOrg will
-only read files whose checksums@footnote{stored automatically in the file
-@file{checksums.dat}} have changed.
+user@footnote{While creating the agendas, Org-mode will force ID properties
+on all referenced entries, so that these entries can be uniquely identified
+if @i{MobileOrg} flags them for further action.  If you do not want to get
+these properties in so many entries, you can set the variable
+@code{org-mobile-force-id-on-agenda-items} to @code{nil}.  Org mode will then
+rely on outline paths, in the hope that these will be unique enough.}.
+Finally, Org writes the file @file{index.org}, containing links to all other
+files.  @i{MobileOrg} first reads this file from the server, and then
+downloads all agendas and Org files listed in it.  To speed up the download,
+MobileOrg will only read files whose checksums@footnote{stored automatically
+in the file @file{checksums.dat}} have changed.
 
 @node Pulling from MobileOrg,  , Pushing to MobileOrg, MobileOrg
 @section Pulling from MobileOrg
diff --git a/lisp/org-mobile.el b/lisp/org-mobile.el
index 6163a75..7cb7b9a 100644
--- a/lisp/org-mobile.el
+++ b/lisp/org-mobile.el
@@ -90,12 +90,29 @@ You might want to put this file into a directory where only you have access."
 This is a single password which is used for AES-256 encryption.  The same
 password must also be set in the MobileOrg application.  All Org files,
 including mobileorg.org will be encrypted using this password.
+
+SECURITY CONSIDERATIONS:
+
 Note that, when Org runs the encryption commands, the password could
-be visible on your system with the `ps' command.  So this method is only
-intended to keep the files secure on the server, not on your own machine."
+be visible briefly on your system with the `ps' command.  So this method is
+only intended to keep the files secure on the server, not on your own machine.
+
+Also, if you set this variable in an init file (.emacs or .emacs.d/init.el
+or custom.el...) and if that file is stored in a way so that other can read
+it, this also limits the security of this approach.  You can also leave
+this variable empty - Org will then ask for the password once per Emacs
+session."
   :group 'org-mobile
   :type '(string :tag "Password"))
 
+(defvar org-mobile-encryption-password-session nil)
+
+(defun org-mobile-encryption-password ()
+  (or (org-string-nw-p org-mobile-encryption-password)
+      (org-string-nw-p org-mobile-encryption-password-session)
+      (setq org-mobile-encryption-password-session
+	    (read-passwd "Password for MobileOrg: " t))))
+
 (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
   "The file where captured notes and flags will be appended to.
 During the execution of `org-mobile-pull', the file
@@ -356,7 +373,7 @@ agenda view showing the flagged items."
 	       (string-match "\\S-" org-mobile-checksum-binary))
     (error "No executable found to compute checksums"))
   (when org-mobile-use-encryption
-    (unless (string-match "\\S-" org-mobile-encryption-password)
+    (unless (string-match "\\S-" (org-mobile-encryption-password))
       (error
        "To use encryption, you must set `org-mobile-encryption-password'"))
     (unless (file-writable-p org-mobile-encryption-tempfile)
@@ -649,7 +666,8 @@ encryption program does not understand them."
   "Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
   (shell-command
    (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
+	   (shell-quote-argument (concat "pass:"
+					 (org-mobile-encryption-password)))
 	   (shell-quote-argument (expand-file-name infile))
 	   (shell-quote-argument (expand-file-name outfile)))))
 
@@ -657,7 +675,8 @@ encryption program does not understand them."
   "Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
   (shell-command
    (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
+	   (shell-quote-argument (concat "pass:"
+					 (org-mobile-encryption-password)))
 	   (shell-quote-argument (expand-file-name infile))
 	   (shell-quote-argument (expand-file-name outfile)))))