[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption
|
From: |
Ted Zlatanov |
|
Subject: |
Re: [feature request] epa-file-cache-passphrase-for-symmetric-encryption timeout. |
|
Date: |
Tue, 25 Nov 2008 14:56:23 -0600 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
On Wed, 26 Nov 2008 03:43:56 +0900 Daiki Ueno <address@hidden> wrote:
>>>>>> In <address@hidden>
>>>>>> Ted Zlatanov <address@hidden> wrote:
>> On Sat, 22 Nov 2008 07:45:16 +0800 anhnmncb <address@hidden> wrote:
a> symmetric file encryption is enough for me :)
>> ping... If Daiki Ueno is not interested I can implement this, but I
>> wanted to give him a chance to do it since his coding style is pretty
>> different from mine.
DU> If you do want to implement this, you should consider:
DU> - At the moment I'd rather recommend users to use public-key encryption
DU> instead of symmetric encryption if they want passphrase caching, since
DU> they will benefit from gpg-agent which utilizes secure memory. So it's
DU> intensional that epa-file handles symmetric case specially.
I see.
DU> - As I said many times before (but you don't seem to understand),
DU> epa-file.el is an application and epg.el is a library.
Thank you for explaining again.
My proposed patch follows. I've tested it.
Ted
Index: epa-file.el
===================================================================
RCS file: /sources/emacs/emacs/lisp/epa-file.el,v
retrieving revision 1.14
diff -c -r1.14 epa-file.el
*** epa-file.el 30 Sep 2008 07:41:52 -0000 1.14
--- epa-file.el 25 Nov 2008 20:52:44 -0000
***************
*** 29,40 ****
--- 29,46 ----
:type 'boolean
:group 'epa-file)
+ (defcustom epa-file-cache-passphrase-for-symmetric-encryption-timeout nil
+ "If non-nil seconds, time out the passphrase cache for symmetric
encryption."
+ :type 'integer
+ :group 'epa-file)
+
(defcustom epa-file-select-keys nil
"If non-nil, always asks user to select recipients."
:type 'boolean
:group 'epa-file)
(defvar epa-file-passphrase-alist nil)
+ (defvar epa-file-passphrase-timeout-alist nil)
(eval-and-compile
(if (fboundp 'encode-coding-string)
***************
*** 51,58 ****
(eq key-id 'SYM))
(progn
(setq file (file-truename file))
! (let ((entry (assoc file epa-file-passphrase-alist))
passphrase)
(or (copy-sequence (cdr entry))
(progn
(unless entry
--- 57,81 ----
(eq key-id 'SYM))
(progn
(setq file (file-truename file))
! (let ((entry (assoc file epa-file-passphrase-alist))
passphrase)
+ ;; when we have an entry and we need to time out the passphrase,
+ ;; get the time of the passphrase entry for this file
+ ;; and if it's more than e-f-c-p-for-s-encryption-timeout seconds ago,
+ ;; set the entry's passphrase to nil so the user will have to re-enter
+ (when (and entry
+ epa-file-cache-passphrase-for-symmetric-encryption-timeout)
+ (let ((timeout-entry
+ (car-safe
+ (cdr (assoc file epa-file-passphrase-timeout-alist)))))
+ (when (and
+ timeout-entry
+ (<
epa-file-cache-passphrase-for-symmetric-encryption-timeout
+ (time-to-seconds (time-since timeout-entry))))
+ (setq epa-file-passphrase-timeout-alist
+ (delete file epa-file-passphrase-timeout-alist))
+ (setcdr entry nil))))
+
(or (copy-sequence (cdr entry))
(progn
(unless entry
***************
*** 63,68 ****
--- 86,94 ----
(setq passphrase (epa-passphrase-callback-function context
key-id nil))
(setcdr entry (copy-sequence passphrase))
+ (setq epa-file-passphrase-timeout-alist
+ (cons (list file (current-time))
+ epa-file-passphrase-timeout-alist))
passphrase))))
(epa-passphrase-callback-function context key-id nil)))