14 years ago · 5460c4b7d8
--- a/doc/org.texi
+++ b/doc/org.texi
@@ -14235,12 +14235,14 @@ MobileOrg needs to interact with Emacs through directory on a
 
				 server@footnote{If you are using a public server, you might prefer to encrypt
			
 
				 the files on the server.  This can be done with Org-mode 6.35 and, hopefully,
			
 
				 with MobileOrg 1.5 (please check before trying to use this).  On the Emacs
			
 
				-side, configure the variables @code{org-mobile-use-encryption} and
			
 
				-@code{org-mobile-encryption-password}.}.  The easiest way to create that
			
 
				-directory is to use a free @uref{http://dropbox.com,Dropbox.com}
			
 
				-account@footnote{If you cannot use Dropbox, or if your version of MobileOrg
			
 
				-does not support it, you can use a webdav server.  For more information,
			
 
				-check out the the documentation of MobileOrg and also this
			
 
				+side, configure the variable @code{org-mobile-use-encryption}.  If you can
			
 
				+safely store the password in your Emacs setup, you might also want to
			
 
				+configure @code{org-mobile-encryption-password}.  Please read the docstring
			
 
				+of that variable.}.  The easiest way to create that directory is to use a
			
 
				+free @uref{http://dropbox.com,Dropbox.com} account@footnote{If you cannot use
			
 
				+Dropbox, or if your version of MobileOrg does not support it, you can use a
			
 
				+webdav server.  For more information, check out the the documentation of
			
 
				+MobileOrg and also this
			
 
				 @uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}.
			
 
				 When MobileOrg first connects to your Dropbox, it will create a directory
			
 
				 @i{MobileOrg} inside the Dropbox.  After the directory has been created, tell
			
@@ -14263,15 +14265,17 @@ can be included by customizing @code{org-mobiles-files}.  File names will be
 
				 staged with path relative to @code{org-directory}, so all files should be
			
 
				 inside this directory.  The push operation also creates a special Org file
			
 
				 @file{agendas.org} with all custom agenda view defined by the
			
 
				-user@footnote{While creating the agendas, Org-mode will force (see the
			
 
				-variable @code{org-mobile-force-id-on-agenda-items}) ID properties on all
			
 
				-referenced entries, so that these entries can be uniquely
			
 
				-identified if @i{MobileOrg} flags them for further action.}.  Finally, Org
			
 
				-writes the file @file{index.org}, containing links to all other files.
			
 
				-@i{MobileOrg} first reads this file from the server, and then downloads all
			
 
				-agendas and Org files listed in it.  To speed up the download, MobileOrg will
			
 
				-only read files whose checksums@footnote{stored automatically in the file
			
 
				-@file{checksums.dat}} have changed.
			
 
				+user@footnote{While creating the agendas, Org-mode will force ID properties
			
 
				+on all referenced entries, so that these entries can be uniquely identified
			
 
				+if @i{MobileOrg} flags them for further action.  If you do not want to get
			
 
				+these properties in so many entries, you can set the variable
			
 
				+@code{org-mobile-force-id-on-agenda-items} to @code{nil}.  Org mode will then
			
 
				+rely on outline paths, in the hope that these will be unique enough.}.
			
 
				+Finally, Org writes the file @file{index.org}, containing links to all other
			
 
				+files.  @i{MobileOrg} first reads this file from the server, and then
			
 
				+downloads all agendas and Org files listed in it.  To speed up the download,
			
 
				+MobileOrg will only read files whose checksums@footnote{stored automatically
			
 
				+in the file @file{checksums.dat}} have changed.
			
 
				 
			
 
				 @node Pulling from MobileOrg,  , Pushing to MobileOrg, MobileOrg
			
 
				 @section Pulling from MobileOrg
			
--- a/lisp/org-mobile.el
+++ b/lisp/org-mobile.el
@@ -90,12 +90,29 @@ You might want to put this file into a directory where only you have access."
 
				 This is a single password which is used for AES-256 encryption.  The same
			
 
				 password must also be set in the MobileOrg application.  All Org files,
			
 
				 including mobileorg.org will be encrypted using this password.
			
 
				+
			
 
				+SECURITY CONSIDERATIONS:
			
 
				+
			
 
				 Note that, when Org runs the encryption commands, the password could
			
 
				-be visible on your system with the `ps' command.  So this method is only
			
 
				-intended to keep the files secure on the server, not on your own machine."
			
 
				+be visible briefly on your system with the `ps' command.  So this method is
			
 
				+only intended to keep the files secure on the server, not on your own machine.
			
 
				+
			
 
				+Also, if you set this variable in an init file (.emacs or .emacs.d/init.el
			
 
				+or custom.el...) and if that file is stored in a way so that other can read
			
 
				+it, this also limits the security of this approach.  You can also leave
			
 
				+this variable empty - Org will then ask for the password once per Emacs
			
 
				+session."
			
 
				   :group 'org-mobile
			
 
				   :type '(string :tag "Password"))
			
 
				 
			
 
				+(defvar org-mobile-encryption-password-session nil)
			
 
				+
			
 
				+(defun org-mobile-encryption-password ()
			
 
				+  (or (org-string-nw-p org-mobile-encryption-password)
			
 
				+      (org-string-nw-p org-mobile-encryption-password-session)
			
 
				+      (setq org-mobile-encryption-password-session
			
 
				+	    (read-passwd "Password for MobileOrg: " t))))
			
 
				+
			
 
				 (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
			
 
				   "The file where captured notes and flags will be appended to.
			
 
				 During the execution of `org-mobile-pull', the file
			
@@ -356,7 +373,7 @@ agenda view showing the flagged items."
 
				 	       (string-match "\\S-" org-mobile-checksum-binary))
			
 
				     (error "No executable found to compute checksums"))
			
 
				   (when org-mobile-use-encryption
			
 
				-    (unless (string-match "\\S-" org-mobile-encryption-password)
			
 
				+    (unless (string-match "\\S-" (org-mobile-encryption-password))
			
 
				       (error
			
 
				        "To use encryption, you must set `org-mobile-encryption-password'"))
			
 
				     (unless (file-writable-p org-mobile-encryption-tempfile)
			
@@ -649,7 +666,8 @@ encryption program does not understand them."
 
				   "Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
			
 
				   (shell-command
			
 
				    (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
			
 
				-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
			
 
				+	   (shell-quote-argument (concat "pass:"
			
 
				+					 (org-mobile-encryption-password)))
			
 
				 	   (shell-quote-argument (expand-file-name infile))
			
 
				 	   (shell-quote-argument (expand-file-name outfile)))))
			
 
				 
			
@@ -657,7 +675,8 @@ encryption program does not understand them."
 
				   "Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
			
 
				   (shell-command
			
 
				    (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
			
 
				-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
			
 
				+	   (shell-quote-argument (concat "pass:"
			
 
				+					 (org-mobile-encryption-password)))
			
 
				 	   (shell-quote-argument (expand-file-name infile))
			
 
				 	   (shell-quote-argument (expand-file-name outfile)))))