passphrase cache. With no universal argument, the appropriate passphrase
is obtained from the cache, if available, else from the user.
-Currently only GnuPG encryption is supported, and integration
-with gpg-agent is not yet implemented.
+Only GnuPG encryption is supported.
-\**NOTE WELL** that the encrypted text must be ascii-armored. For gnupg
+\*NOTE WELL* that the encrypted text must be ascii-armored. For gnupg
encryption, include the option ``armor'' in your ~/.gnupg/gpg.conf file.
Both symmetric-key and key-pair encryption is implemented. Symmetric is
encryption are encrypted. See allout-encrypt-unencrypted-on-saves for
auto-encryption specifics.
-\**NOTE WELL** that automatic encryption that happens during saves will
-default to symmetric encryption - you must manually (re)encrypt key-pair
+\*NOTE WELL* that automatic encryption that happens during saves will
+default to symmetric encryption - you must deliberately (re)encrypt key-pair
encrypted topics if you want them to continue to use the key-pair cipher.
Level-one topics, with prefix consisting solely of an `*' asterisk, cannot be
The encryption passphrase is solicited if not currently available in the
passphrase cache from a recent encryption action.
-The solicited passphrase is retained for reuse in a buffer-specific cache
-for some set period of time (default, 60 seconds), after which the string
-is nulled. The passphrase cache timeout is customized by setting
-`pgg-passphrase-cache-expiry'.
+The solicited passphrase is retained for reuse in a cache, if enabled. See
+`pgg-cache-passphrase' and `pgg-passphrase-cache-expiry' for details.
Symmetric Passphrase Hinting and Verification
(rejections-left (- allout-encryption-ciphertext-rejection-ceiling
rejected))
result-text status
- ;; Inhibit use of gpg-agent in the scope of this let:
- (pgg-gpg-use-agent nil))
+ ;; Inhibit gpg-agent use for symmetric keys in the scope of this let:
+ (pgg-gpg-use-agent (if (equal key-type 'keypair)
+ pgg-gpg-use-agent
+ nil)))
(if (and fetch-pass (not passphrase))
;; Force later fetch by evicting passphrase from the cache.
(catch 'encryption-failed
- ;; Obtain the passphrase if we don't already have one and we're not
- ;; doing a keypair encryption:
- (if (not (or passphrase
- (and (equal key-type 'keypair)
- (not decrypt))))
-
+ ;; We handle only symmetric-key passphrase caching.
+ (if (and (not passphrase)
+ (not (equal key-type 'keypair)))
(setq passphrase (allout-obtain-passphrase for-key
target-cache-id
target-prompt-id
projects / emacs.git / commitdiff