Prompt for MobileOrg encryption password
* doc/org.texi (Setting up the staging area): Document use of crypt password. * lisp/org-mobile.el (org-mobile-encryption-password): Improve docstring. (org-mobile-encryption-password-session): New variable. (org-mobile-encryption-password): New function. (org-mobile-check-setup): (org-mobile-encrypt-file): (org-mobile-decrypt-file): Use the new function.
This commit is contained in:
Carsten Dominik
parent
91af408bf4
commit
5460c4b7d8
34
doc/org.texi
34
doc/org.texi
|
|
@ -14235,12 +14235,14 @@ MobileOrg needs to interact with Emacs through directory on a
|
|||
server@footnote{If you are using a public server, you might prefer to encrypt
|
||||
the files on the server. This can be done with Org-mode 6.35 and, hopefully,
|
||||
with MobileOrg 1.5 (please check before trying to use this). On the Emacs
|
||||
side, configure the variables @code{org-mobile-use-encryption} and
|
||||
@code{org-mobile-encryption-password}.}. The easiest way to create that
|
||||
directory is to use a free @uref{http://dropbox.com,Dropbox.com}
|
||||
account@footnote{If you cannot use Dropbox, or if your version of MobileOrg
|
||||
does not support it, you can use a webdav server. For more information,
|
||||
check out the the documentation of MobileOrg and also this
|
||||
side, configure the variable @code{org-mobile-use-encryption}. If you can
|
||||
safely store the password in your Emacs setup, you might also want to
|
||||
configure @code{org-mobile-encryption-password}. Please read the docstring
|
||||
of that variable.}. The easiest way to create that directory is to use a
|
||||
free @uref{http://dropbox.com,Dropbox.com} account@footnote{If you cannot use
|
||||
Dropbox, or if your version of MobileOrg does not support it, you can use a
|
||||
webdav server. For more information, check out the the documentation of
|
||||
MobileOrg and also this
|
||||
@uref{http://orgmode.org/worg/org-faq.php#mobileorg_webdav, FAQ entry}.}.
|
||||
When MobileOrg first connects to your Dropbox, it will create a directory
|
||||
@i{MobileOrg} inside the Dropbox. After the directory has been created, tell
|
||||
|
|
@ -14263,15 +14265,17 @@ can be included by customizing @code{org-mobiles-files}. File names will be
|
|||
staged with path relative to @code{org-directory}, so all files should be
|
||||
inside this directory. The push operation also creates a special Org file
|
||||
@file{agendas.org} with all custom agenda view defined by the
|
||||
user@footnote{While creating the agendas, Org-mode will force (see the
|
||||
variable @code{org-mobile-force-id-on-agenda-items}) ID properties on all
|
||||
referenced entries, so that these entries can be uniquely
|
||||
identified if @i{MobileOrg} flags them for further action.}. Finally, Org
|
||||
writes the file @file{index.org}, containing links to all other files.
|
||||
@i{MobileOrg} first reads this file from the server, and then downloads all
|
||||
agendas and Org files listed in it. To speed up the download, MobileOrg will
|
||||
only read files whose checksums@footnote{stored automatically in the file
|
||||
@file{checksums.dat}} have changed.
|
||||
user@footnote{While creating the agendas, Org-mode will force ID properties
|
||||
on all referenced entries, so that these entries can be uniquely identified
|
||||
if @i{MobileOrg} flags them for further action. If you do not want to get
|
||||
these properties in so many entries, you can set the variable
|
||||
@code{org-mobile-force-id-on-agenda-items} to @code{nil}. Org mode will then
|
||||
rely on outline paths, in the hope that these will be unique enough.}.
|
||||
Finally, Org writes the file @file{index.org}, containing links to all other
|
||||
files. @i{MobileOrg} first reads this file from the server, and then
|
||||
downloads all agendas and Org files listed in it. To speed up the download,
|
||||
MobileOrg will only read files whose checksums@footnote{stored automatically
|
||||
in the file @file{checksums.dat}} have changed.
|
||||
|
||||
@node Pulling from MobileOrg, , Pushing to MobileOrg, MobileOrg
|
||||
@section Pulling from MobileOrg
|
||||
|
|
|
|||
|
|
@ -90,12 +90,29 @@ You might want to put this file into a directory where only you have access."
|
|||
This is a single password which is used for AES-256 encryption. The same
|
||||
password must also be set in the MobileOrg application. All Org files,
|
||||
including mobileorg.org will be encrypted using this password.
|
||||
|
||||
SECURITY CONSIDERATIONS:
|
||||
|
||||
Note that, when Org runs the encryption commands, the password could
|
||||
be visible on your system with the `ps' command. So this method is only
|
||||
intended to keep the files secure on the server, not on your own machine."
|
||||
be visible briefly on your system with the `ps' command. So this method is
|
||||
only intended to keep the files secure on the server, not on your own machine.
|
||||
|
||||
Also, if you set this variable in an init file (.emacs or .emacs.d/init.el
|
||||
or custom.el...) and if that file is stored in a way so that other can read
|
||||
it, this also limits the security of this approach. You can also leave
|
||||
this variable empty - Org will then ask for the password once per Emacs
|
||||
session."
|
||||
:group 'org-mobile
|
||||
:type '(string :tag "Password"))
|
||||
|
||||
(defvar org-mobile-encryption-password-session nil)
|
||||
|
||||
(defun org-mobile-encryption-password ()
|
||||
(or (org-string-nw-p org-mobile-encryption-password)
|
||||
(org-string-nw-p org-mobile-encryption-password-session)
|
||||
(setq org-mobile-encryption-password-session
|
||||
(read-passwd "Password for MobileOrg: " t))))
|
||||
|
||||
(defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
|
||||
"The file where captured notes and flags will be appended to.
|
||||
During the execution of `org-mobile-pull', the file
|
||||
|
|
@ -356,7 +373,7 @@ agenda view showing the flagged items."
|
|||
(string-match "\\S-" org-mobile-checksum-binary))
|
||||
(error "No executable found to compute checksums"))
|
||||
(when org-mobile-use-encryption
|
||||
(unless (string-match "\\S-" org-mobile-encryption-password)
|
||||
(unless (string-match "\\S-" (org-mobile-encryption-password))
|
||||
(error
|
||||
"To use encryption, you must set `org-mobile-encryption-password'"))
|
||||
(unless (file-writable-p org-mobile-encryption-tempfile)
|
||||
|
|
@ -649,7 +666,8 @@ encryption program does not understand them."
|
|||
"Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
|
||||
(shell-command
|
||||
(format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
|
||||
(shell-quote-argument (concat "pass:" org-mobile-encryption-password))
|
||||
(shell-quote-argument (concat "pass:"
|
||||
(org-mobile-encryption-password)))
|
||||
(shell-quote-argument (expand-file-name infile))
|
||||
(shell-quote-argument (expand-file-name outfile)))))
|
||||
|
||||
|
|
@ -657,7 +675,8 @@ encryption program does not understand them."
|
|||
"Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
|
||||
(shell-command
|
||||
(format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
|
||||
(shell-quote-argument (concat "pass:" org-mobile-encryption-password))
|
||||
(shell-quote-argument (concat "pass:"
|
||||
(org-mobile-encryption-password)))
|
||||
(shell-quote-argument (expand-file-name infile))
|
||||
(shell-quote-argument (expand-file-name outfile)))))
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue