Commit 9efd720d authored by Ken Manheimer's avatar Ken Manheimer
Browse files

Synopsis: Migrate allout encryption provisions from pgg library, which is

obsolete, to epg library, which replaces pgg.

Due to the underlying GnuPG V2 restrictions on external handling of
passphrases (or epg's restrictions when working with GnuPG v2), we are
dropping allout's symmetric encryption passphrase hinting and verification.
This has the advantage that no emacs code has access to the passphrase,
leaving all passphrase handling in GnuPG, which is much more secure.  This,
together with the reduction in allout code complexity and logistical
complications the user would have in arranging to use GnuPG v1, requires
dropping these features.

Keypair encryption gains features, with adoption of respect for epa-file's
'epa-file-encrypt-to'.  This means that allout outlines can be associated
with recipients, and encryptions by default will be targeted to those
recipients.

The default encryption mode (whether to epa-file-encrypt-to recipients, if
any, or symmetric mode) is overridden by providing a universal argument
greater than 1 to the outline entry encryption command,
'allout-toggle-current-subtree-encryption'.  The user is then prompted to
select keypair identities from their list of known GnuPG keypairs.  If they
don't select any, then symmetric encryption is done.  Otherwise, the
selected keypair identities are targeted.  If the universal argument is
greater than 4 then the selected recipients (or none, if none were
selected) are associated with the outline using a file local variable, as
default recipients for subsequent encryptions.

This is a big merge from a private branch.

Code details:

(allout-toggle-current-subtree-encryption,
allout-toggle-subtree-encryption): Adjust docstrings to reflect defaulting
policy and other changes.
Change fetch-pass to keymode-cue, for simpler universal argument
interpretation.
(allout-toggle-subtree-encryption):  Adjust docstring to describe
changed encryption provisions.
Change fetch-pass to keymode-cue, for simpler universal argument
interpretation.
Remove provisions for handling key type and identity - they'll all be
within allout-encrypt-string or epg/epg or even contained all the way in
gpg.
(allout-encrypt-string): Include keymode-cue, for optionally prompting for
keypair recipients (universal argument > 1) and, in addition, associating the
specified recipients with the outline (universal argument > 4) using a file
local variable setting for 'epa-file-encrypt-to'.
Require epa, for recipients handling.
Change how regexp filtering elements are named.
Describe the problem with caching of incorrect symmetric-decryption keys.
Use the epa-passphrase-callback-function, in case the user is using GnuPG
v1.
Support saving of the selected keypair recipients when invoked with a
keymode-cue > 4.
Remove obsolete arguments 'fetch-pass', 'target-cache-id', 'retried'.
Require 'epa.
Establish epg-context with armoring and default epg-protocol.
Remove all passphrase cache, verification, and hinting code.
(allout-passphrase-verifier-handling, allout-passphrase-hint-handling):
No longer used, delete.
(allout-mode): Adjust docstring to describe changed encryption provisions.
Describe the problem with caching of incorrect symmetric-decryption keys.
(allout-obtain-passphrase, allout-epg-passphrase-callback-function,
allout-make-passphrase-state, allout-passphrase-state-passphrase,
allout-encrypted-key-info, allout-update-passphrase-mnemonic-aids,
allout-get-encryption-passphrase-verifier, allout-verify-passphrase):
Obsolete, remove.
parents 59a7e27d 0281bf13
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment