From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/58188 Path: main.gmane.org!not-for-mail From: "Ted Zlatanov" Newsgroups: gmane.emacs.gnus.general Subject: Re: authinfo/netrc file encryption status -- GnuPG Date: 3 Aug 2004 13:11:51 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Sender: ding-owner@lists.math.uh.edu Message-ID: <4noelsxi20.fsf@lifelogs.com> References: <4nwu0u8zht.fsf@lifelogs.com> <4noem1tmmp.fsf@lifelogs.com> <4nk6wlzbc2.fsf@koz.bwh.harvard.edu> <4n4qnl8mnw.fsf@lifelogs.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: sea.gmane.org 1091554418 25472 80.91.224.253 (3 Aug 2004 17:33:38 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 3 Aug 2004 17:33:38 +0000 (UTC) Cc: "Ding Mailing List" Original-X-From: ding-owner+M6729@lists.math.uh.edu Tue Aug 03 19:33:18 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bs3A4-0000Ji-00 for ; Tue, 03 Aug 2004 19:33:16 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1Bs39h-00066r-00; Tue, 03 Aug 2004 12:32:53 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1Bs39b-00066m-00 for ding@lists.math.uh.edu; Tue, 03 Aug 2004 12:32:47 -0500 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by util2.math.uh.edu with esmtp (Exim 4.30) id 1Bs39Z-0003On-Fi for ding@lists.math.uh.edu; Tue, 03 Aug 2004 12:32:45 -0500 Original-Received: from mail.bwh.harvard.edu (sysblade0.bwh.harvard.edu [134.174.9.44]) by justine.libertine.org (Postfix) with ESMTP id 1E8FB3A005A for ; Tue, 3 Aug 2004 12:32:45 -0500 (CDT) Original-Received: (qmail 2308 invoked from network); 3 Aug 2004 17:25:04 -0000 Envelope-Sender: tzz@lifelogs.com Envelope-Recipients: seh@panix.com, ding@gnus.org, Original-Received: from asimov.bwh.harvard.edu (HELO asimov) ([134.174.9.63]) (envelope-sender ) by mail.bwh.harvard.edu (qmail-ldap-1.03) with SMTP for ; 3 Aug 2004 17:25:03 -0000 Mail-Followup-To: "Steven E. Harris" , "Ding Mailing List " Original-To: "Steven E. Harris" X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" In-Reply-To: (Steven E. Harris's message of "Mon, 02 Aug 2004 11:41:05 -0700") User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:58188 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:58188 --=-=-= The specific tests you did were fine, my code wasn't. Sorry for the bugs. Here's the latest gnus-encrypt.el and a working netrc.el that will do the right thing if there's an encryption model associated with a file. I tested them, let me know if you get good results too. At the end of gnus-encrypt.el is the old netrc.el code that supported OpenSSL. I'll enable that as well later, for now GPG is the only choice for external encryption. Ted --=-=-= Content-Type: application/emacs-lisp Content-Disposition: attachment; filename=gnus-encrypt.el Content-Transfer-Encoding: quoted-printable ;;; gnus-encrypt.el --- file encryption routines for Gnus ;; Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc. ;; Author: Teodor Zlatanov ;; Created: 2003/01/24 ;; Keywords: files ;; This file is part of GNU Emacs. ;; GNU Emacs is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to the ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330, ;; Boston, MA 02111-1307, USA. ;;; Commentary: ;;; This module addresses data encryption under Gnus. Page breaks are ;;; used for grouping declarations and documentation relating to each ;;; particular aspect. ;;; Code: ;; autoload password (eval-and-compile (autoload 'password-read "password")) (defgroup gnus-encrypt nil "Gnus encryption configuration.") (defcustom gnus-encrypt-password-cache-expiry 20 "Gnus encryption password timeout. When set, directly sets password-cache-expiry" :type 'integer :group 'gnus-encrypt) (defcustom gnus-encrypt-file-alist nil "List of file names or regexes matched with encryptions. Format example: '((\"beta\" (gpg \"AES\")) (\"/home/tzz/alpha\" (gnus-encrypt-xor \"Semi-Secret\")))" :type '(repeat (list :tag "Encryption entry" (radio :tag "What to encrypt" (file :tag "Filename") (regexp :tag "Regular expression match")) (radio :tag "How to encrypt it" (list :tag "GPG Encryption" (const :tag "GPG Program" gpg) (radio :tag "Choose a cipher" (const :tag "3DES Encryption" "3DES") (const :tag "CAST5 Encryption" "CAST5") (const :tag "Blowfish Encryption" "BLOWFISH") (const :tag "AES Encryption" "AES") (const :tag "AES192 Encryption" "AES192") (const :tag "AES256 Encryption" "AES256") (const :tag "Twofish Encryption" "TWOFISH") (string :tag "Cipher Name"))) (list :tag "Built-in simple XOR" (const :tag "XOR Encryption" gnus-encrypt-xor) (string :tag "XOR Cipher Value (seed value)"))))) :group 'gnus-encrypt) ;; TODO: now, load gencrypt.el and if successful, modify the ;; custom-type of gnus-encrypt-file-alist to add the gencrypt.el options ;; (plist-get (symbol-plist 'gnus-encrypt-file-alist) 'custom-type) ;; then use plist-put (defcustom gnus-encrypt-gpg-path (executable-find "gpg") "Path to the GPG program." :type '(radio (file :tag "Location of the GPG executable") (const :tag "GPG is not installed" nil)) :group 'gnus-encrypt) (defvar gnus-encrypt-temp-prefix "gnus-encrypt" "Prefix for temporary filenames") (defun gnus-encrypt-find-model (filename) "Given a filename, find a gnus-encrypt-file-alist entry" (dolist (entry gnus-encrypt-file-alist) (let ((match (nth 0 entry)) (model (nth 1 entry))) (when (or (eq match filename) (string-match match filename)) (return model))))) (defun gnus-encrypt-insert-file-contents (file &optional model) "Decrypt FILE into the current buffer." (interactive "fFile to insert: ") (let* ((model (or model (gnus-encrypt-find-model file))) (method (nth 0 model)) (cipher (nth 1 model)) (passphrase (password-read (format "%s password for cipher %s? " (symbol-name method) cipher) (format "gnus-encrypt-password-%s-%s" (symbol-name method) cipher))) (buffer-file-coding-system 'binary) (coding-system-for-read 'binary) outdata) (insert-file-contents file) (cond ((eq method 'gpg) (setq outdata (gnus-encrypt-gpg-decode-buffer passphrase cipher))) ((eq method 'gnus-encrypt-xor) (setq outdata (gnus-encrypt-xor-decode-buffer passphrase cipher)))) (if outdata (progn (gnus-message 9 "%s was decrypted with %s (cipher %s)" file (symbol-name method) cipher) (delete-region (point-min) (point-max)) (goto-char (point-min)) (insert outdata)) (gnus-error 5 "%s was NOT decrypted with %s (cipher %s)" file (symbol-name method) cipher)))) (defun gnus-encrypt-get-file-contents (file &optional model) "Decrypt FILE and return the contents." (interactive "fFile to decrypt: ") (with-temp-buffer (gnus-encrypt-insert-file-contents file model) (buffer-string))) (defun gnus-encrypt-put-file-contents (file data &optional model) "Encrypt the DATA to FILE, then continue normally." (with-temp-buffer (insert data) (gnus-encrypt-write-file-contents file model))) (defun gnus-encrypt-write-file-contents (file &optional model) "Encrypt the current buffer to FILE, then continue normally." (interactive "fFile to write: ") (let* ((model (or model (gnus-encrypt-find-model file))) (method (nth 0 model)) (cipher (nth 1 model)) (passphrase (password-read (format "%s password for cipher %s? " (symbol-name method) cipher) (format "gnus-encrypt-password-%s-%s" (symbol-name method) cipher))) outdata) (cond ((eq method 'gpg) (setq outdata (gnus-encrypt-gpg-encode-buffer passphrase cipher))) ((eq method 'gnus-encrypt-xor) (setq outdata (gnus-encrypt-xor-encode-buffer passphrase cipher)))) (if outdata (progn (gnus-message 9 "%s was encrypted with %s (cipher %s)" file (symbol-name method) cipher) (delete-region (point-min) (point-max)) (goto-char (point-min)) (insert outdata) ;; do not confirm overwrites (write-file file nil)) (gnus-error 5 "%s was NOT encrypted with %s (cipher %s)" file (symbol-name method) cipher)))) (defun gnus-encrypt-xor-encode-buffer (passphrase cipher) (gnus-encrypt-xor-process-buffer passphrase cipher t)) (defun gnus-encrypt-xor-decode-buffer (passphrase cipher) (gnus-encrypt-xor-process-buffer passphrase cipher nil)) (defun gnus-encrypt-xor-process-buffer (passphrase cipher &optional encode) "Given PASSPHRASE, xor-encode or decode the contents of the current buffe= r." (let* ((bs (buffer-substring-no-properties (point-min) (point-max))) ;; passphrase-sum is a simple additive checksum of the ;; passphrase and the cipher (passphrase-sum (when (stringp passphrase) (apply '+ (append cipher passphrase nil)))) new-list) (with-temp-buffer (if encode (progn (dolist (x (append bs nil)) (setq new-list (cons (logxor x passphrase-sum) new-list))) (dolist (x new-list) (insert (format "%d " x)))) (progn (setq new-list (reverse (split-string bs))) (dolist (x new-list) (setq x (string-to-int x)) (insert (format "%c" (logxor x passphrase-sum)))))) (buffer-substring-no-properties (point-min) (point-max))))) (defun gnus-encrypt-gpg-encode-buffer (passphrase cipher) (gnus-encrypt-gpg-process-buffer passphrase cipher t)) (defun gnus-encrypt-gpg-decode-buffer (passphrase cipher) (gnus-encrypt-gpg-process-buffer passphrase cipher nil)) (defun gnus-encrypt-gpg-process-buffer (passphrase=20 cipher=20 &optional encode) "With PASSPHRASE, use GPG to encode or decode the current buffer." (let* ((program gnus-encrypt-gpg-path) (input (buffer-substring-no-properties (point-min) (point-max))) (temp-maker (if (fboundp 'make-temp-file)=20 'make-temp-file=20 'make-temp-name)) (temp-file (funcall temp-maker gnus-encrypt-temp-prefix)) (default-enable-multibyte-characters nil) (args `("--cipher-algo" ,cipher "--status-fd" "2" "--logger-fd" "2" "--passphrase-fd" "0" "--no-tty")) exit-status exit-data) =20=20=20=20 (when encode (setq args (append args '("--symmetric" "--armor")))) (if program (with-temp-buffer (when passphrase (insert passphrase "\n")) (insert input) (setq exit-status (apply #'call-process-region (point-min) (point-max) program t `(t ,temp-file) nil args)) (if (equal exit-status 0) (setq exit-data (buffer-substring-no-properties (point-min) (point-max))) (with-temp-buffer (when (file-exists-p temp-file) (insert-file-contents temp-file)) (gnus-error 5 (format "%s exited abnormally: '%s' [%s]" program exit-status (buffer-string))))) (delete-file temp-file)) (gnus-error 5 "GPG is not installed.")) exit-data)) (provide 'gnus-encrypt) ;;; gnus-encrypt.el ends here ;; (defcustom netrc-encrypting-method nil ;; "Decoding method used for the netrc file. ;; Use the OpenSSL symmetric ciphers here. Leave nil for no ;; decoding. Encrypt the file with netrc-encrypt, but make sure you ;; have set netrc-encrypting-method to a non-nil value." ;; :type '(choice ;; (const :tag "DES-3" "des3") ;; (const :tag "IDEA" "idea") ;; (const :tag "RC4" "rc4") ;; (string :tag "Explicit cipher name") ;; (const :tag "None" nil)) ;; :group 'netrc) ;; (defcustom netrc-openssl-path (executable-find "openssl") ;; "File path of the OpenSSL shell." ;; :type '(choice (file :tag "Location of openssl") ;; (const :tag "openssl is not installed" nil)) ;; :group 'netrc) ;; (defun netrc-encrypt (plain-file encrypted-file) ;; (interactive "fPlain File: \nFEncrypted File: ") ;; "Encrypt FILE to ENCRYPTED-FILE with netrc-encrypting-method cipher." ;; (when (and (file-exists-p plain-file) ;; (stringp encrypted-file) ;; netrc-encrypting-method ;; netrc-openssl-path) ;; (let ((buffer-file-coding-system 'binary) ;; (coding-system-for-read 'binary) ;; (coding-system-for-write 'binary) ;; (password=20 ;; (password-read ;; (format "OpenSSL Password for cipher %s? " ;; netrc-encrypting-method) ;; (format "netrc-openssl-password-%s" ;; netrc-encrypting-method)))) ;; (when password ;; (with-temp-buffer ;; (insert-file-contents plain-file) ;; (setenv "NETRC_OPENSSL_PASSWORD" password) ;; (shell-command-on-region=20 ;; (point-min)=20 ;; (point-max) ;; (format "%s %s -pass env:NETRC_OPENSSL_PASSWORD -e" ;; netrc-openssl-path ;; netrc-encrypting-method) ;; t ;; t) ;; (write-file encrypted-file t)))))) ;; (if (and netrc-encrypting-method ;; netrc-openssl-path) ;; (let ((buffer-file-coding-system 'binary) ;; (coding-system-for-read 'binary) ;; (coding-system-for-write 'binary) ;; (password=20 ;; (password-read ;; (format "OpenSSL Password for cipher %s? " ;; netrc-encrypting-method) ;; (format "netrc-openssl-password-%s"=20 ;; netrc-encrypting-method)))) ;; (when password ;; (insert-file-contents file) ;; (setenv "NETRC_OPENSSL_PASSWORD" password) ;; (shell-command-on-region ;; (point-min)=20 ;; (point-max) ;; (format "%s %s -pass env:NETRC_OPENSSL_PASSWORD -d" ;; netrc-openssl-path ;; netrc-encrypting-method) ;; t ;; t))) --=-=-= Content-Type: application/emacs-lisp Content-Disposition: attachment; filename=netrc.el Content-Transfer-Encoding: quoted-printable ;;; netrc.el --- .netrc parsing functionality ;; Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002 ;; Free Software Foundation, Inc. ;; Author: Lars Magne Ingebrigtsen ;; Modularizer: Ted Zlatanov ;; Keywords: news ;; This file is part of GNU Emacs. ;; GNU Emacs is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to the ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330, ;; Boston, MA 02111-1307, USA. ;;; Commentary: ;; Just the .netrc parsing functionality, abstracted so other packages ;; besides Gnus can use it. ;;; Code: ;;; ;;; .netrc and .authinfo rc parsing ;;; ;; autoload gnus-encrypt (eval-and-compile (autoload 'gnus-encrypt-find-model "gnus-encrypt") (autoload 'gnus-encrypt-insert-file-contents "gnus-encrypt")) (defgroup netrc nil "Netrc configuration.") (defvar netrc-services-file "/etc/services" "The name of the services file.") (defun netrc-parse (file) (interactive "fFile to Parse: ") "Parse FILE and return an list of all entries in the file." (when (file-exists-p file) (with-temp-buffer (let ((tokens '("machine" "default" "login" "password" "account" "macdef" "force" "port")) (encryption-model (gnus-encrypt-find-model file)) alist elem result pair) (if encryption-model (gnus-encrypt-insert-file-contents file encryption-model) (insert-file-contents file)) (goto-char (point-min)) ;; Go through the file, line by line. (while (not (eobp)) (narrow-to-region (point) (point-at-eol)) ;; For each line, get the tokens and values. (while (not (eobp)) (skip-chars-forward "\t ") ;; Skip lines that begin with a "#". (if (eq (char-after) ?#) (goto-char (point-max)) (unless (eobp) (setq elem (if (=3D (following-char) ?\") (read (current-buffer)) (buffer-substring (point) (progn (skip-chars-forward "^\t ") (point))))) (cond ((equal elem "macdef") ;; We skip past the macro definition. (widen) (while (and (zerop (forward-line 1)) (looking-at "$"))) (narrow-to-region (point) (point))) ((member elem tokens) ;; Tokens that don't have a following value are ignored, ;; except "default". (when (and pair (or (cdr pair) (equal (car pair) "default"))) (push pair alist)) (setq pair (list elem))) (t ;; Values that haven't got a preceding token are ignored. (when pair (setcdr pair elem) (push pair alist) (setq pair nil))))))) (when alist (push (nreverse alist) result)) (setq alist nil pair nil) (widen) (forward-line 1)) (nreverse result))))) (defun netrc-machine (list machine &optional port defaultport) "Return the netrc values from LIST for MACHINE or for the default entry. If PORT specified, only return entries with matching port tokens. Entries without port tokens default to DEFAULTPORT." (let ((rest list) result) (while list (when (equal (cdr (assoc "machine" (car list))) machine) (push (car list) result)) (pop list)) (unless result ;; No machine name matches, so we look for default entries. (while rest (when (assoc "default" (car rest)) (push (car rest) result)) (pop rest))) (when result (setq result (nreverse result)) (while (and result (not (netrc-port-equal (or port defaultport "nntp") (or (netrc-get (car result) "port") defaultport "nntp")))) (pop result)) (car result)))) (defun netrc-get (alist type) "Return the value of token TYPE from ALIST." (cdr (assoc type alist))) (defun netrc-port-equal (port1 port2) (when (numberp port1) (setq port1 (or (netrc-find-service-name port1) port1))) (when (numberp port2) (setq port2 (or (netrc-find-service-name port2) port2))) (equal port1 port2)) (defun netrc-parse-services () (when (file-exists-p netrc-services-file) (let ((services nil)) (with-temp-buffer (insert-file-contents netrc-services-file) (while (search-forward "#" nil t) (delete-region (1- (point)) (line-end-position))) (goto-char (point-min)) (while (re-search-forward "^ *\\([^ \n\t]+\\)[ \t]+\\([0-9]+\\)/\\([^ \t\n]+\\)" nil t) (push (list (match-string 1) (string-to-number (match-string 2)) (intern (downcase (match-string 3)))) services)) (nreverse services))))) (defun netrc-find-service-name (number &optional type) (let ((services (netrc-parse-services)) service) (setq type (or type 'tcp)) (while (and (setq service (pop services)) (not (and (=3D number (cadr service)) (eq type (caddr service))))) ) (car service))) (defun netrc-find-service-number (name &optional type) (let ((services (netrc-parse-services)) service) (setq type (or type 'tcp)) (while (and (setq service (pop services)) (not (and (string=3D name (car service)) (eq type (caddr service))))) ) (cadr service))) (provide 'netrc) ;;; arch-tag: af9929cc-2d12-482f-936e-eb4366f9fa55 ;;; netrc.el ends here --=-=-=--