tzz, 6 months ago

@publicvoit @nickanderson I advocated years ago, and still think it’s the right move, for #emacs to handle encryption internally (all the functions are already there from the GnuTLS library) instead of relying on the external #gnupg tool.

galdor, 6 months ago

@tzz @publicvoit @nickanderson

Supporting some kind of encryption is easy. Supporting PGP encryption and signing would be a huge endeavor. Hence the value of using GnuPG as an external program.

And yes PGP is obsolete and should be replaced with something much simpler using modern cryptographic primitives, but as usual no one is doing the job, so in the mean time we’re stuck with GnuPg.

tzz, 6 months ago

@galdor @publicvoit @nickanderson I believe the great majority of #Emacs or any users do not need PGP’s complexity and providing a simple alternative would be very valuable. My attempts were not successful.

publicvoit, 5 months ago

@tzz @galdor @nickanderson I think I agree with the #Emacs-only restriction.

However, in my case, I'm using my #OpenPGP setup also for #mutt email workflows and file encryption outside of Emacs. With that, I do have some advantages when using only one encryption keyring from #gnupg.

YMMV

If there would be an Emacs-specific alternative, I'd still switch to it I guess. (Depends on the implementation details.)

AngryAnt, 6 months ago

@publicvoit Why not just downgrade that package on your NixOS install?

publicvoit, 6 months ago

@AngryAnt I still need to figure out how this can be done. NixOS seems to be cool but very hard to learn. Easy things from other distros like pinning a package version results in half a day of research, I guess.

omidmnz, 6 months ago

@publicvoit @AngryAnt I am using the following overlay to create a new package gnupg240, which I add to home-manager's programs.emacs.extraPackages.

    gnupg240 = prev.gnupg.overrideAttrs (old: rec {<br></br>      inherit (old) pname;<br></br>      version = "2.4.0";<br></br>      src = final.fetchurl {<br></br>        url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";<br></br>        hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";<br></br>      };<br></br>    });<br></br>

You could override the gnupg package itself, but that can trigger a rebuild of other packages, including systemd. This essentially reverts this commit: https://github.com/NixOS/nixpkgs/commit/dce1a85956e797ecee5dcd174c12fa9560fd5836

publicvoit, 6 months ago

@omidmnz @AngryAnt Thank you very much. I think I understand what's going on in your snippet and tomorrow, I might have time to try out to integrate it into my configuration: https://github.com/novoid/nixos-config

I'm not sure if your HM method works at my side because I tend to use gnupg via NixOS and not via HM for some reason I can't remember.

mykhaylo, 6 months ago

@publicvoit not just org-mode, of you want to write to any gpg encrypted file

publicvoit, 6 months ago

@mykhaylo Well, that's great because there's a higher chance of a short term fix.

nickanderson, 6 months ago

@publicvoit @mykhaylo the comments in the reddit thread seemed to indicate the issue is specific to symmetric encryption. My impression is it also wouldn't affect encrypted headings in org.

publicvoit, 6 months ago

@nickanderson @mykhaylo At least my issue at hand is that I may decrypt :crypt:-headings, modify them but when trying to save (encrypt), I get an error or the whole heading content is gone.

nickanderson, 6 months ago

@publicvoit @mykhaylo are you encrypting with a password or a key?

I'll have to try this myself, I use crypt tag, but not daily. Plus I'm still on emacs 28.

publicvoit, 6 months ago

@nickanderson @mykhaylo I'm encrypting a handful Org-mode headings using the :crypt: tag with a specific OpenPGP-Orgmode-encryption key that is protected by a gnupg passphrase.