EasyPG 0.0.12

EasyPG 0.0.12

[Daiki Ueno]

The 12th (the one year anniversary) release of EasyPG is available from
http://www.easypg.org.

EasyPG is an all-in-one GnuPG interface for Emacs.  It has two
aspects: convenient tools which allow to use GnuPG from Emacs (EasyPG
Assistant), and a fully functional interface library to GnuPG (EasyPG
Library).

* Major changes in 0.0.12

** epa-file.el usability improvements.

*** Ask recipients only the first time.

*** Respect epa-armor and epa-textmode.

*** Customizing epa-file-name-regexp now works.

*** Backup files for "*.gpg" are also encrypted.

Regards,
-- 
Daiki Ueno

Re: EasyPG 0.0.12

[Adrian Aichner]

Daiki Ueno <ueno@unixuser.org> writes:

> The 12th (the one year anniversary) release of EasyPG is available from
> http://www.easypg.org.
>
> EasyPG is an all-in-one GnuPG interface for Emacs.  It has two
> aspects: convenient tools which allow to use GnuPG from Emacs (EasyPG
> Assistant), and a fully functional interface library to GnuPG (EasyPG
> Library).
>
> * Major changes in 0.0.12
>
> ** epa-file.el usability improvements.
>
> *** Ask recipients only the first time.
>
> *** Respect epa-armor and epa-textmode.
>
> *** Customizing epa-file-name-regexp now works.
>
> *** Backup files for "*.gpg" are also encrypted.

Hello Daiki and All!

I have migrated from crypt++ (which I used for years) to epg-0.0.12
over the Pentecost-weekend, and I like it!

The biggest issue I found is that ediff-revision will not work with it
out of the box.

Unlike crypt++ easypg overloads write-region.

When vc-find-version writes the retrieved (encrypted) file.gpg.~REV~
to disk, epa-file kicks in and encrypts the data again :-)

I can prove that by decrypting the seemingly corrupted data in the
created file one more time with `epa-decrypt-region' after visiting.

Do you know a solution for this issue (already encrypted data coming
from processes and being written to files matching
epa-file-name-regexp) while epa-file is enabled?

My awkward (and unacceptable) workaround (just to prove the fact and
get me going) is to epa-file-disable and then epa-file-enable again
inside vc-find-version in vc.el.

Another issue is that local-variable-p requires the BUFFER argument in
XEmacs 21.5  (beta28) "fuki" (+CVS-20070525) [Lucid] (i586-pc-win32, Mule) of Sat May 26 2007 on TANG

Thirdly I would suggest to extend
epa-file-name-regexp to
"\\.gpg\\(~\\|\\.~[.0-9]+~\\)?\\'"
in order to handle files created by vc-find-version.

Finally, buffers read in are marked as modified, but that seems to be
due to a recent change in XEmacs (probably GNU Emacs as well).

Are the latest sources of easypg publicly available anywhere?

They don't seem to be at sourceforge (?)

Best regards!

Adrian

>
> Regards,

-- 
Adrian Aichner
 mailto:adrian@xemacs.org
 http://www.xemacs.org/

Re: EasyPG 0.0.12

[Daiki Ueno]

>>>>> In <646dvu6g.fsf@mx.qsc.de> 
>>>>>	Adrian Aichner <adrian@elisp.de> wrote:
> The biggest issue I found is that ediff-revision will not work with it
> out of the box.

> Unlike crypt++ easypg overloads write-region.

> When vc-find-version writes the retrieved (encrypted) file.gpg.~REV~
> to disk, epa-file kicks in and encrypts the data again :-)

> I can prove that by decrypting the seemingly corrupted data in the
> created file one more time with `epa-decrypt-region' after visiting.

> Do you know a solution for this issue (already encrypted data coming
> from processes and being written to files matching
> epa-file-name-regexp) while epa-file is enabled?

If I change epa-file-name-regexp to "\\.gpg\\(~\\|\\.~[.0-9]+~\\)?\\'"
as you suggested, I can reproduce.  Is that the problem?  If so, which
is your preferred behavior to make diffs for encrypted data or decrypted
text?

> Another issue is that local-variable-p requires the BUFFER argument in
> XEmacs 21.5  (beta28) "fuki" (+CVS-20070525) [Lucid] (i586-pc-win32, Mule) of Sat May 26 2007 on TANG

> Finally, buffers read in are marked as modified, but that seems to be
> due to a recent change in XEmacs (probably GNU Emacs as well).

Thanks.  It's a good timing as these two changes will be included in
0.0.13 scheduled for today.

> Are the latest sources of easypg publicly available anywhere?

Yes, check INSTALL-CVS in http://cvs.m17n.org/viewcvs/root/epg/

Regards,
-- 
Daiki Ueno

Re: EasyPG 0.0.12

[Adrian Aichner]

Daiki Ueno <ueno <at> unixuser.org> writes:

> 
> >>>>> In <646dvu6g.fsf <at> mx.qsc.de> 
> >>>>>	Adrian Aichner <adrian <at> elisp.de> wrote:
> > The biggest issue I found is that ediff-revision will not work with it
> > out of the box.
> 
> > Unlike crypt++ easypg overloads write-region.
> 
> > When vc-find-version writes the retrieved (encrypted) file.gpg.~REV~
> > to disk, epa-file kicks in and encrypts the data again 
> 
> > I can prove that by decrypting the seemingly corrupted data in the
> > created file one more time with `epa-decrypt-region' after visiting.
> 
> > Do you know a solution for this issue (already encrypted data coming
> > from processes and being written to files matching
> > epa-file-name-regexp) while epa-file is enabled?
> 
> If I change epa-file-name-regexp to "\\.gpg\\(~\\|\\.~[.0-9]+~\\)?\\'"
> as you suggested, I can reproduce.  Is that the problem?  If so, which
> is your preferred behavior to make diffs for encrypted data or decrypted
> text?

My preference is clearly on decrypted text (much easier on my eyes).

The issue, as I understand it, is that data written to disk into files
matching epa-file-name-regexp with write-region cannot just always be
encrypted.

It that data is coming from processes, like "cvs update ..." via
vc-find-version then it is already/still encrypted.

Perhaps I am missing some obvious point how to solve this problem.

> 
> > Another issue is that local-variable-p requires the BUFFER argument in
> > XEmacs 21.5  (beta28) "fuki" (+CVS-20070525) [Lucid] (i586-pc-win32, Mule)
of Sat May 26 2007 on TANG
> 
> > Finally, buffers read in are marked as modified, but that seems to be
> > due to a recent change in XEmacs (probably GNU Emacs as well).
> 
> Thanks.  It's a good timing as these two changes will be included in
> 0.0.13 scheduled for today.

I'll check this tonight!

> 
> > Are the latest sources of easypg publicly available anywhere?
> 
> Yes, check INSTALL-CVS in http://cvs.m17n.org/viewcvs/root/epg/

Thanks!

Adrian

> 
> Regards,

Re: EasyPG 0.0.12

[Daiki Ueno]

>>>>> In <loom.20070529T124032-777@post.gmane.org> 
>>>>>	Adrian Aichner <adrian@xemacs.org> wrote:
> > > The biggest issue I found is that ediff-revision will not work with it
> > > out of the box.
> > 
> > If I change epa-file-name-regexp to "\\.gpg\\(~\\|\\.~[.0-9]+~\\)?\\'"
> > as you suggested, I can reproduce.  Is that the problem?  If so, which
> > is your preferred behavior to make diffs for encrypted data or decrypted
> > text?

> My preference is clearly on decrypted text (much easier on my eyes).

> The issue, as I understand it, is that data written to disk into files
> matching epa-file-name-regexp with write-region cannot just always be
> encrypted.

> It that data is coming from processes, like "cvs update ..." via
> vc-find-version then it is already/still encrypted.

> Perhaps I am missing some obvious point how to solve this problem.

I see there are two different issues.  The first is, vc-find-version
doesn't inhibit file-name-handlers when creating backup files, as you
mentioned above.  The second is, if you want to make diffs for decrypted
text, it has to be written into files since ediff calls the external
program to compute diffs.  Which may cause a security problem unless
Emacs warns about it.

Something different.  jka-compr seems to have the same issue on "*.gz"
files.  So... can this kind of problem be better solved by advices (or
hooks, if any) to ediff-revision?

Regards,
-- 
Daiki Ueno

Re: EasyPG 0.0.12

[Adrian Aichner]

Daiki Ueno <ueno <at> unixuser.org> writes:

> 
> >>>>> In <loom.20070529T124032-777 <at> post.gmane.org> 
> >>>>>	Adrian Aichner <adrian <at> xemacs.org> wrote:
> > > > The biggest issue I found is that ediff-revision will not work with it
> > > > out of the box.

> > The issue, as I understand it, is that data written to disk into files
> > matching epa-file-name-regexp with write-region cannot just always be
> > encrypted.
> 
> > It that data is coming from processes, like "cvs update ..." via
> > vc-find-version then it is already/still encrypted.
> 
> > Perhaps I am missing some obvious point how to solve this problem.
> 
> I see there are two different issues.  The first is, vc-find-version
> doesn't inhibit file-name-handlers when creating backup files, as you
> mentioned above.  The second is, if you want to make diffs for decrypted

Hi Daiki!

ah, inhibiting file-name-handlers might be an option, even though I
don't know whether it will break existing cusomizations out there.

> text, it has to be written into files since ediff calls the external
> program to compute diffs.  Which may cause a security problem unless
> Emacs warns about it.

But epg does this already for
epg-decrypt-file
epg-decrypt-string
and the the encrypt and verify functions as well.

In this ediff-revision case data would still go to disk encrypted (but
encrypted only once).

> 
> Something different.  jka-compr seems to have the same issue on "*.gz"
> files.  So... can this kind of problem be better solved by advices (or
> hooks, if any) to ediff-revision?

No, by the time ediff-revision kicks in, the damage is already done.

The file written to disk by vc-find-version has been encrypted one more time.

Perhaps I try the inhibit file handlers ideea of your.

BTW, I'm running with CVS EasyPG now, and I'm happy to confirm the XEmacs
compatibility and buffer-modified issues fixed.

Best regards!

Adrian

> 
> Regards,

Re: EasyPG 0.0.12

[Daiki Ueno]

>>>>> In <loom.20070530T090846-624@post.gmane.org> 
>>>>>	Adrian Aichner <adrian@xemacs.org> wrote:
> Hi Daiki!

> ah, inhibiting file-name-handlers might be an option, even though I
> don't know whether it will break existing cusomizations out there.

I just tried the following setting.  It seems to work as you expected.

(setq epa-file-name-regexp "\\.gpg\\(~\\|\\.~[.0-9]+~\\)?\\'")

(defadvice vc-version-other-window
  (around inhibit-epa-file-handler)
  (let ((inhibit-file-name-handlers '(epa-file-handler))
	(inhibit-file-name-operation 'write-region)
	(coding-system-for-write 'binary)
	(coding-system-for-read 'binary))
    ad-do-it))

> > text, it has to be written into files since ediff calls the external
> > program to compute diffs.  Which may cause a security problem unless
> > Emacs warns about it.

> But epg does this already for
> epg-decrypt-file
> epg-decrypt-string
> and the the encrypt and verify functions as well.

These are library functions, not user commands.

Regards,
-- 
Daiki Ueno