[opensuse] Editing file.gpg in emacs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, If I edit a file named something.gpg with emacs, it automatically triggers PGP encryption when I save the file. I'm not used to emacs, but it does the proper thing, not using temporary files in the clear. So I want to use it. When I click on "save", I get a prompt to select "Select recipients for encryption", and a window with my entire long list of gpg keys in my system (and I don't know how to search for one, except reading the list). The prompt also says "If no one is selected, symmetric encryption will be performed", so I use this method. I click on "[OK]", and I get a prompt to type the password for the key, but the prompt doesn't say which key. Anyway, I successfully enter the correct password, and an encrypted file is saved. But I don't know exactly what encryption key was used, or how to find it, or how to control which one is chosen (I have several, for several email addresses). I get this: cer@Telcontar:~> file test.gpg test.gpg: GPG symmetrically encrypted data (CAST5 cipher) cer@Telcontar:~> So, questions: How do I find out what PGP key was used? Perhaps a "gpg2 --option", but I don't know which, after reading the manual again. Perhaps the "default-key" in .gnupg/gpg.conf. Is there a way to tell emacs what key to use, and remember it? I don't find an obvious one in the output of "emacs --help" or "man emacs". - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlSwYgoACgkQtTMYHG2NR9VkfACfRGNXg7gZ0Plp8zg32f7467Uv lhIAn2WzhAv3LLyyqLrChhd7hXPCE6Vl =DjFi -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Jan 10, 2015 at 12:19:31AM +0100, Carlos E. R. wrote:
But I don't know exactly what encryption key was used, or how to find it, or how to control which one is chosen (I have several, for several email addresses).
You said you used symmetric encryption, that means password you typed last will be the correct one. If you know recipient of your file I recommend using his public key and not password because now you're forced to transmit this password to him and this makes things less safe. -- vag·a·bond adjective \ˈva-gə-ˌbänd\ a : of, relating to, or characteristic of a wanderer b : leading an unsettled, irresponsible, or disreputable life -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-01-10 15:56, Emil Oppeln-Bronikowski wrote:
On Sat, Jan 10, 2015 at 12:19:31AM +0100, Carlos E. R. wrote:
But I don't know exactly what encryption key was used, or how to find it, or how to control which one is chosen (I have several, for several email addresses).
You said you used symmetric encryption, that means password you typed last will be the correct one.
I have several keys with the same password, so I don't know which key it is using. It never says which in the password prompt, and it doesn't use the desktop gpg agent, thus does not remember the password.
If you know recipient of your file I recommend using his public key and not password because now you're forced to transmit this password to him and this makes things less safe.
There are no recipients. The file are private notes for myself. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Sat, Jan 10, 2015 at 05:13:25PM +0100, Carlos E. R. wrote:
I have several keys with the same password, so I don't know which key it is using.
Symmetric encryption means GPG encrypts your data without using your private key. So, if you anwer "Yes" to Emacs' question about using it, whatever you type into password prompt will be used. I might be wrong, because I never used Emacs, but it seem that way. -- vag·a·bond adjective \ˈva-gə-ˌbänd\ a : of, relating to, or characteristic of a wanderer b : leading an unsettled, irresponsible, or disreputable life -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I have several keys with the same password, so I don't know which key it is using. It never says which in the password prompt, and it doesn't use the desktop gpg agent, thus does not remember the password.
Of course it does, as long as you are using the "use-agent" directive in your gpg config file. Charles -- "However, complexity is not always the enemy." -- Larry Wall (Open Sources, 1999 O'Reilly and Associates)
On 2015-01-10 18:45, Charles Philip Chan wrote:
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I have several keys with the same password, so I don't know which key it is using. It never says which in the password prompt, and it doesn't use the desktop gpg agent, thus does not remember the password.
Of course it does, as long as you are using the "use-agent" directive in your gpg config file.
I do. The "GPG_AGENT_INFO" environment variable is set and gnome-keyring-daemon is running. But it is not using it, the appearance is different, and it prompts for the password on next save operation, even if triggered seconds later. The .gnupg/agent.info file doesn't match the environment value, and it is dated on last April. I'll delete it. [...] No change: I get prompted for the password on open and save, seconds appart. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2015-01-10 22:38, Carlos E. R. wrote:
I do. The "GPG_AGENT_INFO" environment variable is set and gnome-keyring-daemon is running.
I also see in sesion properties that "seahorse-agent" should be started, but it is not running. I don't understand the differences to the gnome-keyring-daemon and which one should be running (xfce). I notice that the "open" password is stored and I do not get prompted for it the second time. It is the "save" password which is not saved. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I notice that the "open" password is stored and I do not get prompted for it the second time. It is the "save" password which is not saved.
I just tested this out, this will only happen if you use symmetric encryption (which I don't use). It will not asked for the encryption passphrase again if you use asymmetric encryption (public/private key pairs) if the passphrase is still in the cache. Charles -- "On the Internet, no one knows you're using Windows NT" (Submitted by Ramiro Estrugo, restrugo@fateware.com)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I do. The "GPG_AGENT_INFO" environment variable is set and gnome-keyring-daemon is running.
But it is not using it, the appearance is different, and it prompts for the password on next save operation, even if triggered seconds later.
The .gnupg/agent.info file doesn't match the environment value, and it is dated on last April. I'll delete it. [...] No change: I get prompted for the password on open and save, seconds appart.
Hum, strange, it works fine for my I have: ,---- | default-key xxxx | | use-agent `---- (where xxxx is my default key) in my ~/.gnupg/options. Try looking through these links: https://www.gnu.org/software/emacs/manual/html_node/epa/Caching-Passphrases.... https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.htm... to see if you missed anything. Charles
On 9 Jan 2015, carlos.e.r@opensuse.org wrote:
When I click on "save", I get a prompt to select "Select recipients for encryption", and a window with my entire long list of gpg keys in my system (and I don't know how to search for one, except reading the list).
,---- | C-s `---- (control-s) runs the command "incremental search" (i-search), it work in all Emacs buffers.
The prompt also says "If no one is selected, symmetric encryption will be performed", so I use this method. I click on "[OK]", and I get a prompt to type the password for the key, but the prompt doesn't say which key.
Symmetric encryption does not you a key-pair. Charles -- "Who is General Failure and why is he reading my hard disk ?" Microsoft spel chekar vor sail, worgs grate !! (By leitner@inf.fu-berlin.de, Felix von Leitner)
On 10 Jan 2015, cpchan@bell.net wrote:
,---- | C-s `----
(control-s) runs the command "incremental search" (i-search), it work in all Emacs buffers.
Forgot to add, to move to the next match, press C-s again. Charles -- "...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly)." (By Matt Welsh)
On 2015-01-10 18:40, Charles Philip Chan wrote:
On 9 Jan 2015, carlos.e.r@ wrote:
(control-s) runs the command "incremental search" (i-search), it work in all Emacs buffers.
Ah, ok, thanks.
The prompt also says "If no one is selected, symmetric encryption will be performed", so I use this method. I click on "[OK]", and I get a prompt to type the password for the key, but the prompt doesn't say which key.
Symmetric encryption does not you a key-pair.
What does it use, then? :-? Sorry, I'm not familiar with that encryption type. If it is explained in some document, just point me to it :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
What does it use, then? :-?
the passphrase you enter to encrypt.
Sorry, I'm not familiar with that encryption type. If it is explained in some document, just point me to it :-)
https://en.wikipedia.org/wiki/Encryption#Kinds_of_encryption Charles -- "If a machine couldn't run a free operating system, we got rid of it." -- Richard Stallman (Open Sources, 1999 O'Reilly and Associates)
On 2015-01-10 23:29, Charles Philip Chan wrote:
On 10 Jan 2015, robin.listas@ wrote:
What does it use, then? :-?
the passphrase you enter to encrypt.
Sorry, I'm not familiar with that encryption type. If it is explained in some document, just point me to it :-)
https://en.wikipedia.org/wiki/Encryption#Kinds_of_encryption
The explanation is too short. +++—-—-—-—-—-—-—-—-—- Symmetric key encryption In symmetric-key schemes,[3] the encryption and decryption keys are the same. Thus communicating parties must have the same key before they can achieve secret communication. —-—-—-—-—-—-—-—-—-++- Ok, my understanding from reading the above is that it uses the private side of one of the PGP key pairs already defined in the system, the one marked as default, which has a defined password to open it (the one defined when the key pair was created. Not that it uses the typed password for encryption. BUT.... That is not true. I just created a symmetric encrypted file with emacs in a virtual machine, one that I know for certain does not contain any PGP key. The file was successfully encrypted, using as password just "Hello". I transferred the file to the host, and I could open it directly it with the password "Hello". So it is not using any PGP keys at all! The password is the key. This is not what I want, certainly not. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
BUT.... That is not true.
I just created a symmetric encrypted file with emacs in a virtual machine, one that I know for certain does not contain any PGP key. The file was successfully encrypted, using as password just "Hello".
I transferred the file to the host, and I could open it directly it with the password "Hello".
So it is not using any PGP keys at all! The password is the key. This is not what I want, certainly not.
Yes, symmetric encrypt using the passphrase that you use to encyrpt the file original- it does not use any key pairs in the keyring. Charles -- We are using Linux daily to UP our productivity - so UP yours! (Adapted from Pat Paulsen by Joe Sloan)
On 01/10/2015 04:56 PM, Carlos E. R. wrote:
Symmetric encryption does not you a key-pair. What does it use, then? :-?
Symmetric encryption uses a single for both encryption and decryption and so it must be kept secret. Public key encryption uses 2 keys, one for encryption and the other for decryption. The 2 are mathematically related so that the public key used for encryption can be easily created from the private key used for decryption. But it's extremely difficult to create the private key from the public. Also, in practical systems, the public/private keys are generally used only to protect a random number that's actually used as a symmetrical key to protect the data. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-01-11 14:02, James Knott wrote:
On 01/10/2015 04:56 PM, Carlos E. R. wrote:
Symmetric encryption does not you a key-pair. What does it use, then? :-?
Symmetric encryption uses a single for both encryption and decryption and so it must be kept secret. Public key encryption uses 2 keys, one for encryption and the other for decryption. The 2 are mathematically related so that the public key used for encryption can be easily created from the private key used for decryption. But it's extremely difficult to create the private key from the public. Also, in practical systems, the public/private keys are generally used only to protect a random number that's actually used as a symmetrical key to protect the data.
Ah, yes. Thanks for the concise explanation. I think I understand now. :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 01/10/2015 12:40 PM, Charles Philip Chan wrote:
it work in all Emacs buffers.
https://xkcd.com/378/ ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-01-10 23:03, James Knott wrote:
On 01/10/2015 12:40 PM, Charles Philip Chan wrote:
it work in all Emacs buffers.
ROTFL! X'-) I recogn that emacs is very powerful, but it has an awkward interface, unless you are used to it (same as vim). At least, with xemacs, it has menus and a GUI. I'm not used to emacs, so it is difficult to me to use it; but use it I do when I have to. Like now: only vim and emacs have an integrated PGP module. I don't know of a secure and "modern" GUI editor for PGP/GPG files. The normal method would be to: decrypt the file, creating a clear text copy. edit the clear text file. encrypt the clear text file. This leaves in the disk clear text (temporary files). Knowing them you can delete them, but still a data carver tool might find them. Apparently both emacs and vim can edit an encrypted PGP file without making a clear text file, temporary or not. So I choose emacs for this simple task... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I recogn that emacs is very powerful, but it has an awkward interface, unless you are used to it (same as vim). At least, with xemacs, it has menus and a GUI.
Modern day Emacs can be driven by menus and GUI too, plus it is much more actively developed than XEmacs. You might be interested in this site: http://www.emacswiki.org/ Charles -- "It's God. No, not Richard Stallman, or Linus Torvalds, but God." (By Matt Welsh)
On 2015-01-10 23:55, Charles Philip Chan wrote:
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I recogn that emacs is very powerful, but it has an awkward interface, unless you are used to it (same as vim). At least, with xemacs, it has menus and a GUI.
Modern day Emacs can be driven by menus and GUI too, plus it is much more actively developed than XEmacs.
I thought that the GUI id emacs was xemacs. No idea they were different.
You might be interested in this site:
Thanks. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
I thought that the GUI id emacs was xemacs. No idea they were different.
XEmacs (Lucid Emacs) was an early fork of GNU Emacs 19 by jwz (Netscape, XScreensaver) which uses it's own widgets (Lucid) and have not really been updated since 2009. Modern day GNU Emacs can be compiled with a number of toolkits- gtk, gtk2, gtk3, lucid or athena, motif. https://en.wikipedia.org/wiki/Emacs Charles -- "Linux: the operating system with a CLUE... Command Line User Environment". (seen in a posting in comp.software.testing)
On 10 Jan 2015, james.knott@rogers.com wrote:
Ha ha, haven't seen that one for a while. Of course EMacs can make coffee too ;-): http://www.emacswiki.org/emacs/CoffeeMode Charles -- A Linux machine! because a 486 is a terrible thing to waste! (By jjs@wintermute.ucr.edu, Joe Sloan)
How do I find out what PGP key was used? Perhaps a "gpg2 --option", but I don't know which, after reading the manual again. Perhaps the "default-key" in .gnupg/gpg.conf.
Is there a way to tell emacs what key to use, and remember it? I don't find an obvious one in the output of "emacs --help" or "man emacs".
Yes, by using the "default key" option is you gpg config file. Charles -- "I'd crawl over an acre of 'Visual This++' and 'Integrated Development That' to get to gcc, Emacs, and gdb. Thank you." (By Vance Petree, Virginia Power) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-01-10 18:43, Charles Philip Chan wrote:
How do I find out what PGP key was used? Perhaps a "gpg2 --option", but I don't know which, after reading the manual again. Perhaps the "default-key" in .gnupg/gpg.conf.
Is there a way to tell emacs what key to use, and remember it? I don't find an obvious one in the output of "emacs --help" or "man emacs".
Yes, by using the "default key" option is you gpg config file.
Ah, I thought so. But you see, when I post an email here, with gpg signature, the agent prompts me to sign it and displays, in that prompt message, the key identifier and primary email of the key it is going to use. When I save or open file in emacs (symmetric), the prompt doesn't say. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10 Jan 2015, robin.listas@telefonica.net wrote:
Ah, I thought so.
But you see, when I post an email here, with gpg signature, the agent prompts me to sign it and displays, in that prompt message, the key identifier and primary email of the key it is going to use.
When I save or open file in emacs (symmetric), the prompt doesn't say.
Of course it won't show the primary email of the key- there is no public and private keys involved in symmetric encryption- only a passphrase. However, I just tested it with symmetric encryption (which I don't normally use) here and the agent does cache the passphrase. Charles -- "...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly)." (By Matt Welsh)
On 2015-01-10 23:42, Charles Philip Chan wrote:
On 10 Jan 2015, robin.listas@ wrote:
When I save or open file in emacs (symmetric), the prompt doesn't say.
Of course it won't show the primary email of the key- there is no public and private keys involved in symmetric encryption- only a passphrase. However, I just tested it with symmetric encryption (which I don't normally use) here and the agent does cache the passphrase.
I see. It is not clear, or simple, to use keypair encryption with emacs, because everytime it asks what key to use, listing the entire hundred or thousand entries in my keylist, and I have to browse for the one I want using cursor keys. Well, yes, now I know how to search for a string. [...] Ok, got it working! It does remember when clicking on save to use the same key as before, and it also remembers the password during some time, so that I can click and save easy and comfortably. :-)) I don't know why, but the previous time it was asking for the key to use every time. But now it works properly. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (5)
-
Carlos E. R. -
Carlos E. R. -
Charles Philip Chan -
Emil Oppeln-Bronikowski -
James Knott