From: Ken Manheimer Date: Thu, 16 Dec 2010 23:30:57 +0000 (-0500) Subject: Synopsis: Migrate allout encryption provisions from pgg library, which is X-Git-Tag: emacs-pretest-24.0.90~104^2~618^2~1322^2~278^2~92 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=9efd720d16c6a8adba600cfb303b4bd75d7c6cdf;p=emacs.git Synopsis: Migrate allout encryption provisions from pgg library, which is obsolete, to epg library, which replaces pgg. Due to the underlying GnuPG V2 restrictions on external handling of passphrases (or epg's restrictions when working with GnuPG v2), we are dropping allout's symmetric encryption passphrase hinting and verification. This has the advantage that no emacs code has access to the passphrase, leaving all passphrase handling in GnuPG, which is much more secure. This, together with the reduction in allout code complexity and logistical complications the user would have in arranging to use GnuPG v1, requires dropping these features. Keypair encryption gains features, with adoption of respect for epa-file's 'epa-file-encrypt-to'. This means that allout outlines can be associated with recipients, and encryptions by default will be targeted to those recipients. The default encryption mode (whether to epa-file-encrypt-to recipients, if any, or symmetric mode) is overridden by providing a universal argument greater than 1 to the outline entry encryption command, 'allout-toggle-current-subtree-encryption'. The user is then prompted to select keypair identities from their list of known GnuPG keypairs. If they don't select any, then symmetric encryption is done. Otherwise, the selected keypair identities are targeted. If the universal argument is greater than 4 then the selected recipients (or none, if none were selected) are associated with the outline using a file local variable, as default recipients for subsequent encryptions. This is a big merge from a private branch. Code details: (allout-toggle-current-subtree-encryption, allout-toggle-subtree-encryption): Adjust docstrings to reflect defaulting policy and other changes. Change fetch-pass to keymode-cue, for simpler universal argument interpretation. (allout-toggle-subtree-encryption): Adjust docstring to describe changed encryption provisions. Change fetch-pass to keymode-cue, for simpler universal argument interpretation. Remove provisions for handling key type and identity - they'll all be within allout-encrypt-string or epg/epg or even contained all the way in gpg. (allout-encrypt-string): Include keymode-cue, for optionally prompting for keypair recipients (universal argument > 1) and, in addition, associating the specified recipients with the outline (universal argument > 4) using a file local variable setting for 'epa-file-encrypt-to'. Require epa, for recipients handling. Change how regexp filtering elements are named. Describe the problem with caching of incorrect symmetric-decryption keys. Use the epa-passphrase-callback-function, in case the user is using GnuPG v1. Support saving of the selected keypair recipients when invoked with a keymode-cue > 4. Remove obsolete arguments 'fetch-pass', 'target-cache-id', 'retried'. Require 'epa. Establish epg-context with armoring and default epg-protocol. Remove all passphrase cache, verification, and hinting code. (allout-passphrase-verifier-handling, allout-passphrase-hint-handling): No longer used, delete. (allout-mode): Adjust docstring to describe changed encryption provisions. Describe the problem with caching of incorrect symmetric-decryption keys. (allout-obtain-passphrase, allout-epg-passphrase-callback-function, allout-make-passphrase-state, allout-passphrase-state-passphrase, allout-encrypted-key-info, allout-update-passphrase-mnemonic-aids, allout-get-encryption-passphrase-verifier, allout-verify-passphrase): Obsolete, remove. --- 9efd720d16c6a8adba600cfb303b4bd75d7c6cdf