Implement encryption for MobileOrg

This commit is contained in:
Carsten Dominik 2010-03-16 07:32:50 +01:00
parent ebbf085ec7
commit f84a8a8651
4 changed files with 121 additions and 17 deletions

View File

@ -1,6 +1,8 @@
2010-04-01 Carsten Dominik <carsten.dominik@gmail.com> 2010-04-01 Carsten Dominik <carsten.dominik@gmail.com>
* org.texi (The export dispatcher): Renamed from ASCII export. * org.texi (The export dispatcher): Renamed from ASCII export.
(Setting up the staging area): Document the availability of
encryption for MobileOrg.
2010-03-29 Carsten Dominik <carsten.dominik@gmail.com> 2010-03-29 Carsten Dominik <carsten.dominik@gmail.com>

View File

@ -12335,11 +12335,14 @@ in-buffer settings, but it will understand the logistics of todo state
Org-mode has commands to prepare a directory with files for @i{MobileOrg}, Org-mode has commands to prepare a directory with files for @i{MobileOrg},
and to read captured notes from there. If Emacs can directly write to the and to read captured notes from there. If Emacs can directly write to the
WebDAV directory accessed by @i{MobileOrg}, just point to this directory WebDAV directory@footnote{If you are using a public server, you might prefer
using the variable @code{org-mobile-directory}. Using the @file{tramp} to encrypt the files on the server. This can be done with Org-mode 6.35 and
method, @code{org-mobile-directory} may point to a remote directory MobileOrg 1.2. On the Emacs side, configure the variables
accessible through, for example, @code{org-mobile-use-encryption} and @code{org-mobile-encryption-password}.}
@file{ssh/scp}: accessed by @i{MobileOrg}, just point to this directory using the variable
@code{org-mobile-directory}. Using the @file{tramp} method,
@code{org-mobile-directory} may point to a remote directory accessible
through, for example, @file{ssh/scp}:
@smallexample @smallexample
(setq org-mobile-directory "/scpc:user@@remote.host:org/webdav/") (setq org-mobile-directory "/scpc:user@@remote.host:org/webdav/")

View File

@ -1,5 +1,16 @@
2010-04-01 Carsten Dominik <carsten.dominik@gmail.com> 2010-04-01 Carsten Dominik <carsten.dominik@gmail.com>
* org-mobile.el (org-mobile-use-encryption)
(org-mobile-encryption-tempfile, org-mobile-encryption-password):
New options.
(org-mobile-check-setup): CHeck the encryption setup.
(org-mobile-copy-agenda-files, org-mobile-sumo-agenda-command)
(org-mobile-create-sumo-agenda): Use encryption code.
(org-mobile-encrypt-and-move): New function.
(org-mobile-encrypt-file, org-mobile-decrypt-file): New
functions.
(org-mobile-move-capture): Decrypt the capture file.
* org.el (org-entities): Require the new file. * org.el (org-entities): Require the new file.
(org-export-latex-default-packages-alist): New variable. (org-export-latex-default-packages-alist): New variable.
(org-complete): Use new entity code for completion. (org-complete): Use new entity code for completion.

View File

@ -65,6 +65,34 @@ org-agenda-text-search-extra-files
:group 'org-mobile :group 'org-mobile
:type 'directory) :type 'directory)
(defcustom org-mobile-use-encryption nil
"Non-nil means keep only encrypted files on the webdav server.
Encryption uses AES-256, with a password given in
`org-mobile-encryption-password'.
When nil, plain files are kept on the server.
Turning on encryption requires to set the same password in the MobileOrg
application."
:group 'org-mobile
:type 'boolean)
(defcustom org-mobile-encryption-tempfile "~/orgtmpcrypt"
"File that is being used as a temporary file for encryption.
This must be local file on your local machine (not on the webdav server).
You might want to put this file into a directory where only you have access."
:group 'org-mobile
:type 'directory)
(defcustom org-mobile-encryption-password ""
"Password for encrypting files uploaded to the server.
This is a single password which is used for AES-256 encryption. The same
password must also be set in the MobileOrg application. All Org files,
including mobileorg.org will be encrypted using this password.
Note that, whe Org runs the encryption commands, the password could
be visible on your system with the `ps' command. So this method is only
intended to keep the files secure on the server, not on your own machine."
:group 'org-mobile
:type '(string :tag "Password"))
(defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org" (defcustom org-mobile-inbox-for-pull "~/org/from-mobile.org"
"The file where captured notes and flags will be appended to. "The file where captured notes and flags will be appended to.
During the execution of `org-mobile-pull', the file During the execution of `org-mobile-pull', the file
@ -320,7 +348,16 @@ agenda view showing the flagged items."
(file-exists-p (file-exists-p
(file-name-directory org-mobile-inbox-for-pull))) (file-name-directory org-mobile-inbox-for-pull)))
(error (error
"Variable `org-mobile-inbox-for-pull' must point to a file in an existing directory"))) "Variable `org-mobile-inbox-for-pull' must point to a file in an existing directory"))
(when org-mobile-use-encryption
(unless (string-match "\\S-" org-mobile-encryption-password)
(error
"To use encryption, you must set `org-mobile-encryption-password'"))
(unless (file-writable-p org-mobile-encryption-tempfile)
(error "Cannot write to entryption tempfile %s"
org-mobile-encryption-tempfile))
(unless (executable-find "openssl")
(error "openssl is needed to encrypt files."))))
(defun org-mobile-create-index-file () (defun org-mobile-create-index-file ()
"Write the index file in the WebDAV directory." "Write the index file in the WebDAV directory."
@ -400,7 +437,9 @@ agenda view showing the flagged items."
target-dir (file-name-directory target-path)) target-dir (file-name-directory target-path))
(unless (file-directory-p target-dir) (unless (file-directory-p target-dir)
(make-directory target-dir 'parents)) (make-directory target-dir 'parents))
(copy-file file target-path 'ok-if-exists) (if org-mobile-use-encryption
(org-mobile-encrypt-and-move file target-path)
(copy-file file target-path 'ok-if-exists))
(setq check (shell-command-to-string (setq check (shell-command-to-string
(concat org-mobile-checksum-binary " " (concat org-mobile-checksum-binary " "
(shell-quote-argument (expand-file-name file))))) (shell-quote-argument (expand-file-name file)))))
@ -467,6 +506,11 @@ The table of checksums is written to the file mobile-checksums."
((memq (nth 2 e) '(todo-tree tags-tree occur-tree)) ((memq (nth 2 e) '(todo-tree tags-tree occur-tree))
;; These are trees, not really agenda commands ;; These are trees, not really agenda commands
) )
((and (memq (nth 2 e) '(todo tags tags-todo))
(or (null (nth 3 e))
(not (string-match "\\S-" (nth 3 e)))))
;; These would be interactive because the match string is empty
)
((memq (nth 2 e) '(agenda alltodo todo tags tags-todo)) ((memq (nth 2 e) '(agenda alltodo todo tags tags-todo))
;; a normal command ;; a normal command
(setq key (car e) desc (nth 1 e) type (nth 2 e) match (nth 3 e) (setq key (car e) desc (nth 1 e) type (nth 2 e) match (nth 3 e)
@ -570,26 +614,66 @@ The table of checksums is written to the file mobile-checksums."
(interactive) (interactive)
(let* ((file (expand-file-name "agendas.org" (let* ((file (expand-file-name "agendas.org"
org-mobile-directory)) org-mobile-directory))
(file1 (if org-mobile-use-encryption
org-mobile-encryption-tempfile
file))
(sumo (org-mobile-sumo-agenda-command)) (sumo (org-mobile-sumo-agenda-command))
(org-agenda-custom-commands (org-agenda-custom-commands
(list (append sumo (list (list file))))) (list (append sumo (list (list file1)))))
(org-mobile-creating-agendas t)) (org-mobile-creating-agendas t))
(unless (file-writable-p file) (unless (file-writable-p file1)
(error "Cannot write to file %s" file)) (error "Cannot write to file %s" file1))
(when sumo (when sumo
(org-store-agenda-views)))) (org-store-agenda-views))
(when org-mobile-use-encryption
(org-mobile-encrypt-file file1 file)
(delete-file file1))))
(defun org-mobile-encrypt-and-move (infile outfile)
"Encrypt INFILE locally to INFILE_enc, then move it to OUTFILE.
We do this in two steps so that remote paths will work, even if the
encryption program does not understand them."
(let ((encfile (concat infile "_enc")))
(org-mobile-encrypt-file infile encfile)
(when outfile
(copy-file encfile outfile 'ok-if-exists)
(delete-file encfile))))
(defun org-mobile-encrypt-file (infile outfile)
"Encrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
(shell-command
(format "openssl enc -aes-256-cbc -salt -pass %s -in %s -out %s"
(shell-quote-argument (concat "pass:" org-mobile-encryption-password))
(shell-quote-argument (expand-file-name infile))
(shell-quote-argument (expand-file-name outfile)))))
(defun org-mobile-decrypt-file (infile outfile)
"Decrypt INFILE to OUTFILE, using `org-mobile-encryption-password'."
(shell-command
(format "openssl enc -d -aes-256-cbc -salt -pass %s -in %s -out %s"
(shell-quote-argument (concat "pass:" org-mobile-encryption-password))
(shell-quote-argument (expand-file-name infile))
(shell-quote-argument (expand-file-name outfile)))))
(defun org-mobile-move-capture () (defun org-mobile-move-capture ()
"Move the contents of the capture file to the inbox file. "Move the contents of the capture file to the inbox file.
Return a marker to the location where the new content has been added. Return a marker to the location where the new content has been added.
If nothing new has been added, return nil." If nothing new has been added, return nil."
(interactive) (interactive)
(let ((inbox-buffer (find-file-noselect org-mobile-inbox-for-pull)) (let* ((encfile nil)
(capture-buffer (find-file-noselect (capture-file (expand-file-name org-mobile-capture-file
(expand-file-name org-mobile-capture-file org-mobile-directory))
org-mobile-directory))) (inbox-buffer (find-file-noselect org-mobile-inbox-for-pull))
(insertion-point (make-marker)) (capture-buffer
not-empty content) (if (not org-mobile-use-encryption)
(find-file-noselect capture-file)
(delete-file org-mobile-encryption-tempfile)
(setq encfile (concat org-mobile-encryption-tempfile "_enc"))
(copy-file capture-file encfile)
(org-mobile-decrypt-file encfile org-mobile-encryption-tempfile)
(find-file-noselect org-mobile-encryption-tempfile)))
(insertion-point (make-marker))
not-empty content)
(with-current-buffer capture-buffer (with-current-buffer capture-buffer
(setq content (buffer-string)) (setq content (buffer-string))
(setq not-empty (string-match "\\S-" content)) (setq not-empty (string-match "\\S-" content))
@ -606,9 +690,13 @@ If nothing new has been added, return nil."
(save-buffer) (save-buffer)
(org-mobile-update-checksum-for-capture-file (buffer-string)))) (org-mobile-update-checksum-for-capture-file (buffer-string))))
(kill-buffer capture-buffer) (kill-buffer capture-buffer)
(when org-mobile-use-encryption
(org-mobile-encrypt-and-move org-mobile-encryption-tempfile
capture-file))
(if not-empty insertion-point))) (if not-empty insertion-point)))
(defun org-mobile-update-checksum-for-capture-file (buffer-string) (defun org-mobile-update-checksum-for-capture-file (buffer-string)
"Find the checksum line and modify it to match BUFFER-STRING."
(let* ((file (expand-file-name "checksums.dat" org-mobile-directory)) (let* ((file (expand-file-name "checksums.dat" org-mobile-directory))
(buffer (find-file-noselect file))) (buffer (find-file-noselect file)))
(when buffer (when buffer