Accueil Explorer Aide
Connexion
swflint
/
org-mode-mirror
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Prompt for MobileOrg encryption password

* doc/org.texi (Setting up the staging area): Document use of crypt password.
* lisp/org-mobile.el (org-mobile-encryption-password): Improve docstring.
(org-mobile-encryption-password-session): New variable.
(org-mobile-encryption-password): New function.
(org-mobile-check-setup):
(org-mobile-encrypt-file):
(org-mobile-decrypt-file): Use the new function.
Carsten Dominik il y a 14 ans
Parent
91af408bf4
commit
5460c4b7d8
2 fichiers modifiés avec 43 ajouts et 20 suppressions
Vue unifiée Afficher les stats Diff
  1. 19 15
      doc/org.texi
  2. 24 5
      lisp/org-mobile.el

+ 19 - 15
doc/org.texi
Voir le fichier 

@@ -14235,12 +14235,14 @@ MobileOrg needs to interact with Emacs through directory on a
 
 server@footnote{If you are using a public server, you might prefer to encrypt
 
 server@footnote{If you are using a public server, you might prefer to encrypt
 
 the files on the server.  This can be done with Org-mode 6.35 and, hopefully,
 
 the files on the server.  This can be done with Org-mode 6.35 and, hopefully,
 
 with MobileOrg 1.5 (please check before trying to use this).  On the Emacs
 
 with MobileOrg 1.5 (please check before trying to use this).  On the Emacs
 
-side, configure the variables @code{org-mobile-use-encryption} and
 
-@code{org-mobile-encryption-password}.}.  The easiest way to create that
 
-directory is to use a free @uref{http://dropbox.com,Dropbox.com}
 
-account@footnote{If you cannot use Dropbox, or if your version of MobileOrg
 
-does not support it, you can use a webdav server.  For more information,
 
-check out the the documentation of MobileOrg and also this
 
+side, configure the variable @code{org-mobile-use-encryption}.  If you can
 
+safely store the password in your Emacs setup, you might also want to
 
+configure @code{org-mobile-encryption-password}.  Please read the docstring
 
+of that variable.}.  The easiest way to create that directory is to use a
 
+free @uref{http://dropbox.com,Dropbox.com} account@footnote{If you cannot use
 
+Dropbox, or if your version of MobileOrg does not support it, you can use a
 
+webdav server.  For more information, check out the the documentation of
 
+MobileOrg and also this
 
 @uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}.
 
 @uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}.
 
 When MobileOrg first connects to your Dropbox, it will create a directory
 
 When MobileOrg first connects to your Dropbox, it will create a directory
 
 @i{MobileOrg} inside the Dropbox.  After the directory has been created, tell
 
 @i{MobileOrg} inside the Dropbox.  After the directory has been created, tell
 
@@ -14263,15 +14265,17 @@ can be included by customizing @code{org-mobiles-files}.  File names will be
 
 staged with path relative to @code{org-directory}, so all files should be
 
 staged with path relative to @code{org-directory}, so all files should be
 
 inside this directory.  The push operation also creates a special Org file
 
 inside this directory.  The push operation also creates a special Org file
 
 @file{agendas.org} with all custom agenda view defined by the
 
 @file{agendas.org} with all custom agenda view defined by the
 
-user@footnote{While creating the agendas, Org-mode will force (see the
 
-variable @code{org-mobile-force-id-on-agenda-items}) ID properties on all
 
-referenced entries, so that these entries can be uniquely
 
-identified if @i{MobileOrg} flags them for further action.}.  Finally, Org
 
-writes the file @file{index.org}, containing links to all other files.
 
-@i{MobileOrg} first reads this file from the server, and then downloads all
 
-agendas and Org files listed in it.  To speed up the download, MobileOrg will
 
-only read files whose checksums@footnote{stored automatically in the file
 
-@file{checksums.dat}} have changed.
 
+user@footnote{While creating the agendas, Org-mode will force ID properties
 
+on all referenced entries, so that these entries can be uniquely identified
 
+if @i{MobileOrg} flags them for further action.  If you do not want to get
 
+these properties in so many entries, you can set the variable
 
+@code{org-mobile-force-id-on-agenda-items} to @code{nil}.  Org mode will then
 
+rely on outline paths, in the hope that these will be unique enough.}.
 
+Finally, Org writes the file @file{index.org}, containing links to all other
 
+files.  @i{MobileOrg} first reads this file from the server, and then
 
+downloads all agendas and Org files listed in it.  To speed up the download,
 
+MobileOrg will only read files whose checksums@footnote{stored automatically
 
+in the file @file{checksums.dat}} have changed.
 
 
 
 @node Pulling from MobileOrg,  , Pushing to MobileOrg, MobileOrg
 
 @node Pulling from MobileOrg,  , Pushing to MobileOrg, MobileOrg
 
 @section Pulling from MobileOrg
 
 @section Pulling from MobileOrg

+ 24 - 5
lisp/org-mobile.el
Voir le fichier 

@@ -90,12 +90,29 @@ You might want to put this file into a directory where only you have access."
 
 This is a single password which is used for AES-256 encryption.  The same
 
 This is a single password which is used for AES-256 encryption.  The same
 
 password must also be set in the MobileOrg application.  All Org files,
 
 password must also be set in the MobileOrg application.  All Org files,
 
 including mobileorg.org will be encrypted using this password.
 
 including mobileorg.org will be encrypted using this password.
 
+
 
+SECURITY CONSIDERATIONS:
 
+
 
 Note that, when Org runs the encryption commands, the password could
 
 Note that, when Org runs the encryption commands, the password could
 
-be visible on your system with the `ps' command.  So this method is only
 
-intended to keep the files secure on the server, not on your own machine."
 
+be visible briefly on your system with the `ps' command.  So this method is
 
+only intended to keep the files secure on the server, not on your own machine.
 
+
 
+Also, if you set this variable in an init file (.emacs or .emacs.d/init.el
 
+or custom.el...) and if that file is stored in a way so that other can read
 
+it, this also limits the security of this approach.  You can also leave
 
+this variable empty - Org will then ask for the password once per Emacs
 
+session."
 
   :group 'org-mobile
 
   :group 'org-mobile
 
   :type '(string :tag "Password"))
 
   :type '(string :tag "Password"))
 
 
 
+(defvar org-mobile-encryption-password-session nil)
 
+
 
+(defun org-mobile-encryption-password ()
 
+  (or (org-string-nw-p org-mobile-encryption-password)
 
+      (org-string-nw-p org-mobile-encryption-password-session)
 
+      (setq org-mobile-encryption-password-session
 
+	    (read-passwd "Password for MobileOrg: " t))))
 
+
 
 (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
 
 (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
 
   "The file where captured notes and flags will be appended to.
 
   "The file where captured notes and flags will be appended to.
 
 During the execution of `org-mobile-pull', the file
 
 During the execution of `org-mobile-pull', the file
 
@@ -356,7 +373,7 @@ agenda view showing the flagged items."
 
 	       (string-match "\\S-" org-mobile-checksum-binary))
 
 	       (string-match "\\S-" org-mobile-checksum-binary))
 
     (error "No executable found to compute checksums"))
 
     (error "No executable found to compute checksums"))
 
   (when org-mobile-use-encryption
 
   (when org-mobile-use-encryption
 
-    (unless (string-match "\\S-" org-mobile-encryption-password)
 
+    (unless (string-match "\\S-" (org-mobile-encryption-password))
 
       (error
 
       (error
 
        "To use encryption, you must set `org-mobile-encryption-password'"))
 
        "To use encryption, you must set `org-mobile-encryption-password'"))
 
     (unless (file-writable-p org-mobile-encryption-tempfile)
 
     (unless (file-writable-p org-mobile-encryption-tempfile)
 
@@ -649,7 +666,8 @@ encryption program does not understand them."
 
   "Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
 
   "Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
 
   (shell-command
 
   (shell-command
 
    (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
 
    (format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
 
-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
 
+	   (shell-quote-argument (concat "pass:"
 
+					 (org-mobile-encryption-password)))
 
 	   (shell-quote-argument (expand-file-name infile))
 
 	   (shell-quote-argument (expand-file-name infile))
 
 	   (shell-quote-argument (expand-file-name outfile)))))
 
 	   (shell-quote-argument (expand-file-name outfile)))))
 
 
 
@@ -657,7 +675,8 @@ encryption program does not understand them."
 
   "Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
 
   "Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
 
   (shell-command
 
   (shell-command
 
    (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
 
    (format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
 
-	   (shell-quote-argument (concat "pass:" org-mobile-encryption-password))
 
+	   (shell-quote-argument (concat "pass:"
 
+					 (org-mobile-encryption-password)))
 
 	   (shell-quote-argument (expand-file-name infile))
 
 	   (shell-quote-argument (expand-file-name infile))
 
 	   (shell-quote-argument (expand-file-name outfile)))))
 
 	   (shell-quote-argument (expand-file-name outfile)))))