Re: org-encrypt-entries is slow (was: org-crypt leaking data when encryption password is not entered twice (was: Please document the caching and its user options))

[Daniel Clemente]

In that branch, I don't see the previously mentioned bugs; thanks.

But org-crypt still feels strange. For instance, I decrypt a header,
add a space somewhere else and save. It's saved, but the header is
still visibly unencrypted in Emacs; that's unexpected, because
org-crypt-use-before-save-magic promised to „automatically encrypt
entries before a file is saved to disk“.
I checked the file from outside Emacs and I see that the header is
actually encrypted, so technically it did what it promised to do
though I don't see it in Emacs.
So there's a discordance between what I see and what is saved. Maybe
it's feature, not a bug: „you still see the decrypted contents but you
can trust that when they're saved they'll be saved encrypted“. This
may be clarified in the docstring. If it's a feature, I think it may
be useful; I just don't like having to trust that the silent
background-auto-encryption is working (I'll often want to verify the
file from outside Emacs). But users may have different preferences.
This may be material for another thread.

The part about the slowness has improved to acceptable levels, thanks.

Minor thing, not important now: the cursor jumps to the end of the
header after a C-x C-s when in the middle of a currently-decrypted
block without changes.

Another minor thing: I use a key that calls
(org-save-all-org-buffers), and if I press it e.g. from the *scratch*
buffer it may ask me the „Passphrase for symmetric encryption“
question (because I edited some crypted section) but I don't know
which buffer it's asking about. But it's not a problem because if I
press C-g then I'll see it.

I see a new problem: with (org-crypt-use-before-save-magic) enabled, I
edit a decrypted section, press C-x C-s to save and it asks me for the
encryption password. Here, if I press C-g, org-crypt would catch it
and then tell me that it won't be able to encrypt due to the C-g.
However I'm not pressing C-g, what I'm doing is opening another TTY
frame (I'm running TTY emacsclient, with no X support, but under
urxvt); this makes the minibuffer disappear, and I see „Back to top
level“, and the whole contents of the section being encrypted are
lost.



On Thu, 11 Jul 2024 at 10:39, Ihor Radchenko <yantar92@posteo.net> wrote:
>
> Daniel Clemente <n142857@gmail.com> writes:
>
> > I see it's trying to decrypt things (therefore it asks for the
> > password). It shouldn't, since I didn't modify any encrypted section.
> > I said „it asked me for an encryption password“ because the GPG prompt
> > confusingly uses the word „encryption“ („Passphrase for symmetric
> > encryption“), though it's actually asking for a decryption password.
> > ...
> > This is the text "abc" encrypted with password "abc". Use this file:
> >
> > * hi                                                                  
> > :nocrypt:
> > -----BEGIN PGP MESSAGE-----
> >
> > jA0ECQMCVpS/qSoed5f/0joBYoIRWdgt/+PVQCsZh9sg176SdnvP2Wc8tH/CV1Rk
> > l2MjAh3Rk19Q2aP2EffpZ5CFeGELTMXCnCYv
> > =FNtI
> > -----END PGP MESSAGE-----
> >
> > Open the file, add a space to the title and save it. The first time it
> > works (no questions asked) because there's no tag called :crypt:
> > Now change the :nocrypt: to :crypt: and save.  It asks for the
> > password. Press C-g to cancel.
> > Change again the tag to :nocrypt:. Save. It asks for the encryption
> > password; it shouldn't.
> > Add a space to the title, save, it keeps asking for the encryption
> > password, though there's no :crypt: section.
>
> This should be fixed now.
> May you try yet again?
>
> >> > - Org spends around 20 seconds trying to save the file, in a loop,
> >> > reporting:  (error "org-crypt: Encryption failed.  Not saving the
> >> > buffer. Error: GPG error: \"Encrypt failed\", \"Canceled; Exit\"")
> >>
> >> This is curious, but I again have no clue. Maybe the new version of the
> >> branch works a bit better.
> >>
> >
> > Since this error can happen because of a problem in a different buffer
> > (not the current one), would it be good to mention the file name in
> > that error message?
>
> Yes. Done now on the branch.
>
> > I didn't see this particular problem again. But I see others, which
> > are hard to report and reproduce. For instance I had an encrypted
> > section under a :crypt: header (I see „BEGIN PGP“ and hex codes), I
> > save, and saving *UNencrypts* the header before saving, without
> > asking. It should never decrypt when saving, but it does. This happens
> > with the same small example I posted above (but using the :crypt:
> > tag).
>
> The other problem you reported had something to do with incorrectly
> cycling encryption state during save. I hope that fixing one also fixed
> another.
>
> --
> Ihor Radchenko // yantar92,
> Org mode contributor,
> Learn more about Org mode at <https://orgmode.org/>.
> Support Org development at <https://liberapay.com/org-mode>,
> or support my work at <https://liberapay.com/yantar92>