view lisp/gnus/encrypt.el @ 91104:84f80c052155

*** empty log message ***
author Kenichi Handa <handa@m17n.org>
date Sun, 18 Nov 2007 09:13:01 +0000
parents ff86fe6b4194
children 3b6236108093
line wrap: on
line source

;;; encrypt.el --- file encryption routines
;; Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation, Inc.

;; Author: Teodor Zlatanov <tzz@lifelogs.com>
;; Created: 2003/01/24
;; Keywords: files

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3, or (at your option)
;; any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Commentary:

;;; This module addresses data encryption.  Page breaks are used for
;;; grouping declarations and documentation relating to each
;;; particular aspect.

;;; Use in Gnus like this:
;;; (setq
;;;   nnimap-authinfo-file "~/.authinfo.enc"
;;;   nntp-authinfo-file "~/.authinfo.enc"
;;;   smtpmail-auth-credentials "~/.authinfo.enc"
;;;   ;; using the AES256 cipher, feel free to use your own favorite
;;;   encrypt-file-alist (quote (("~/.authinfo.enc" (gpg "AES256"))))
;;;   password-cache-expiry 600)

;;; Then write ~/.authinfo.enc:

;;; 1) open the old authinfo
;;; C-x C-f ~/.authinfo

;;; 2) write the new authinfo.enc
;;; M-x encrypt-write-file-contents RET ~/.authinfo.enc

;;; 3) verify the new authinfo is correct (this will show the contents in the minibuffer)
;;; M-: (encrypt-get-file-contents "~/.authinfo.enc")


;;; Code:

;; autoload password
(eval-and-compile
  (autoload 'password-read "password"))

(defgroup encrypt '((password-cache custom-variable)
		    (password-cache-expiry custom-variable))
  "File encryption configuration."
  :group 'applications)

(defcustom encrypt-file-alist nil
  "List of file names or regexes matched with encryptions.
Format example:
 '((\"beta\"
    (gpg \"AES\"))
   (\"/home/tzz/alpha\"
    (encrypt-xor \"Semi-Secret\")))"

  :type '(repeat
	  (list :tag "Encryption entry"
	   (radio :tag "What to encrypt"
		  (file :tag "Filename")
		  (regexp :tag "Regular expression match"))
	   (radio :tag "How to encrypt it"
		  (list
		   :tag "GPG Encryption"
		   (const :tag "GPG Program" gpg)
		   (radio :tag "Choose a cipher"
			  (const :tag "3DES Encryption" "3DES")
			  (const :tag "CAST5 Encryption" "CAST5")
			  (const :tag "Blowfish Encryption" "BLOWFISH")
			  (const :tag "AES Encryption" "AES")
			  (const :tag "AES192 Encryption" "AES192")
			  (const :tag "AES256 Encryption" "AES256")
			  (const :tag "Twofish Encryption" "TWOFISH")
			  (string :tag "Cipher Name")))
		  (list
		   :tag "Built-in simple XOR"
		   (const :tag "XOR Encryption" encrypt-xor)
		   (string :tag "XOR Cipher Value (seed value)")))))
  :group 'encrypt)

;; TODO: now, load gencrypt.el and if successful, modify the
;; custom-type of encrypt-file-alist to add the gencrypt.el options

;; (plist-get (symbol-plist 'encrypt-file-alist) 'custom-type)
;; then use plist-put

(defcustom encrypt-gpg-path (executable-find "gpg")
  "Path to the GPG program."
  :type '(radio
	  (file :tag "Location of the GPG executable")
	  (const :tag "GPG is not installed" nil))
  :group 'encrypt)

(defvar encrypt-temp-prefix "encrypt"
  "Prefix for temporary filenames")

;;;###autoload
(defun encrypt-find-model (filename)
  "Given a filename, find a encrypt-file-alist entry"
  (dolist (entry encrypt-file-alist)
    (let ((match (nth 0 entry))
	  (model (nth 1 entry)))
      (when (or (eq match filename)
		(string-match match filename))
	(return model)))))

;;;###autoload
(defun encrypt-insert-file-contents (file &optional model)
  "Decrypt FILE into the current buffer."
  (interactive "fFile to insert: ")
  (let* ((model (or model (encrypt-find-model file)))
	 (method (nth 0 model))
	 (cipher (nth 1 model))
	 (password-key (format "encrypt-password-%s-%s %s"
			       (symbol-name method) cipher file))
	 (passphrase
	  (password-read-and-add
	   (format "%s password for cipher %s (file %s)? "
		   file (symbol-name method) cipher)
	   password-key))
	  (buffer-file-coding-system 'binary)
	 (coding-system-for-read 'binary)
	 outdata)

    ;; note we only insert-file-contents if the method is known to be valid
    (cond
     ((eq method 'gpg)
      (insert-file-contents file)
      (setq outdata (encrypt-gpg-decode-buffer passphrase cipher)))
     ((eq method 'encrypt-xor)
      (insert-file-contents file)
      (setq outdata (encrypt-xor-decode-buffer passphrase cipher))))

    (if outdata
	(progn
	  (message "%s was decrypted with %s (cipher %s)"
		   file (symbol-name method) cipher)
	  (delete-region (point-min) (point-max))
	  (goto-char (point-min))
	  (insert outdata))
      ;; the decryption failed, alas
      (password-cache-remove password-key)
      (gnus-error 5 "%s was NOT decrypted with %s (cipher %s)"
		  file (symbol-name method) cipher))))

(defun encrypt-get-file-contents (file &optional model)
  "Decrypt FILE and return the contents."
  (interactive "fFile to decrypt: ")
  (with-temp-buffer
    (encrypt-insert-file-contents file model)
    (buffer-string)))

(defun encrypt-put-file-contents (file data &optional model)
  "Encrypt the DATA to FILE, then continue normally."
  (with-temp-buffer
    (insert data)
    (encrypt-write-file-contents file model)))

(defun encrypt-write-file-contents (file &optional model)
  "Encrypt the current buffer to FILE, then continue normally."
  (interactive "sFile to write: ")
  (setq model (or model (encrypt-find-model file)))
  (if model
      (let* ((method (nth 0 model))
	     (cipher (nth 1 model))
	     (password-key (format "encrypt-password-%s-%s %s"
				   (symbol-name method) cipher file))
	     (passphrase
	      (password-read
	       (format "%s password for cipher %s? "
		       (symbol-name method) cipher)
	       password-key))
	     outdata)

	(cond
	 ((eq method 'gpg)
	  (setq outdata (encrypt-gpg-encode-buffer passphrase cipher)))
	 ((eq method 'encrypt-xor)
	  (setq outdata (encrypt-xor-encode-buffer passphrase cipher))))

	(if outdata
	    (progn
	      (message "%s was encrypted with %s (cipher %s)"
		       file (symbol-name method) cipher)
	      (delete-region (point-min) (point-max))
	      (goto-char (point-min))
	      (insert outdata)
	      ;; do not confirm overwrites
	      (write-file file nil))
	  ;; the decryption failed, alas
	  (password-cache-remove password-key)
	  (gnus-error 5 "%s was NOT encrypted with %s (cipher %s)"
		      file (symbol-name method) cipher)))
    (gnus-error 1 "%s has no associated encryption model!  See encrypt-file-alist." file)))

(defun encrypt-xor-encode-buffer (passphrase cipher)
  (encrypt-xor-process-buffer passphrase cipher t))

(defun encrypt-xor-decode-buffer (passphrase cipher)
  (encrypt-xor-process-buffer passphrase cipher nil))

(defun encrypt-xor-process-buffer (passphrase
					cipher
					&optional encode)
  "Given PASSPHRASE, xor-encode or decode the contents of the current buffer."
  (let* ((bs (buffer-substring-no-properties (point-min) (point-max)))
	 ;; passphrase-sum is a simple additive checksum of the
	 ;; passphrase and the cipher
	(passphrase-sum
	 (when (stringp passphrase)
	   (apply '+ (append cipher passphrase nil))))
	new-list)

    (with-temp-buffer
      (if encode
	  (progn
	    (dolist (x (append bs nil))
	      (setq new-list (cons (logxor x passphrase-sum) new-list)))

	    (dolist (x new-list)
	      (insert (format "%d " x))))
	(progn
	  (setq new-list (reverse (split-string bs)))
	  (dolist (x new-list)
	    (setq x (string-to-number x))
	    (insert (format "%c" (logxor x passphrase-sum))))))
      (buffer-substring-no-properties (point-min) (point-max)))))

(defun encrypt-gpg-encode-buffer (passphrase cipher)
  (encrypt-gpg-process-buffer passphrase cipher t))

(defun encrypt-gpg-decode-buffer (passphrase cipher)
  (encrypt-gpg-process-buffer passphrase cipher nil))

(defun encrypt-gpg-process-buffer (passphrase 
					cipher 
					&optional encode)
  "With PASSPHRASE, use GPG to encode or decode the current buffer."
  (let* ((program encrypt-gpg-path)
	 (input (buffer-substring-no-properties (point-min) (point-max)))
	 (temp-maker (if (fboundp 'make-temp-file) 
			 'make-temp-file 
		       'make-temp-name))
	 (temp-file (funcall temp-maker encrypt-temp-prefix))
	 (default-enable-multibyte-characters nil)
	 (args `("--cipher-algo" ,cipher
		 "--status-fd" "2"
		 "--logger-fd" "2"
		 "--passphrase-fd" "0"
		 "--no-tty"))
	 exit-status exit-data)
    
    (when encode
      (setq args
	    (append args
		    '("--symmetric"
		      "--armor"))))

    (if program
	(with-temp-buffer
	  (when passphrase
	    (insert passphrase "\n"))
	  (insert input)
	  (setq exit-status
		(apply #'call-process-region (point-min) (point-max) program
		       t `(t ,temp-file) nil args))
	  (if (equal exit-status 0)
	      (setq exit-data
		    (buffer-substring-no-properties (point-min) (point-max)))
	    (with-temp-buffer
	      (when (file-exists-p temp-file)
		(insert-file-contents temp-file))
	      (gnus-error 5 (format "%s exited abnormally: '%s' [%s]"
				    program exit-status (buffer-string)))))
	  (delete-file temp-file))
      (gnus-error 5 "GPG is not installed."))
    exit-data))

(provide 'encrypt)
;;; encrypt.el ends here

;; arch-tag: d907e4f1-71b5-42b1-a180-fc7b84ff0648