On Sat, Sep 01 2007, Anupam Sengupta wrote: > I use epg to encrypt the org-mode files. EPG expects the files to have > a suffix of .gpg, which conflicts with the .org suffix - however, I > circumvent this with a file local mode setting as the first line in my > org files: > > # -*- mode: org; epa-file-encrypt-to: ("<my private key email ID here>"); > coding: utf-8-unix; -*- > > This allows the file's major mode to be Org-mode. > > In addition, the archive files are also encrypted, and hence an > over-ride is needed for the file name (otherwise the defaults will > conflict): > > I have ... > > #+ARCHIVE: ~/org/<filename>.org_archive.gpg:: > > In my active Org files - which works fine for the archival process, > and ensures that the archives are also encrypted.
A few other options: - EPG also has the function epa-encrypt-region. It asks for a recipient's key to use for encrypting, and does symmetric encryption if none is selected. This could be used to selectively encrypt certain subtrees. Especially given that... - message-mode has functions like mml-secure-encrypt (there are lots of others in the mml-secure-* family). These functions use the strategy of inserting tags around the region to be encrypted. I haven't actually read the functions, but from the outside it looks like the tags are used to set the region, the region is encrypted/signed, and then the tags are removed from the outgoing copy of the message. FWIW, the tags look like (the leading # was added by me to keep the tag from actually doing anything in this message): # <#secure method=pgpmime mode=sign> For interactive encrypting, I think epa-encrypt-region is probably already good enough to do what folks have asked for. For permanently marking a subtree for encryption, maybe we could set a property like ENCRYPT_CHILDREN, or set pairs of properties like ENCRYPT_BEGIN and ENCRYPT_END. The presence of these properties would cause the appropriate region to be selected and passed to epa-encrypt-region when org-encrypt-subtrees or org-encrypt-buffer is called (just speculating about some possible function names). Maybe on org-encrypt-buffer the default is to call epa-encrypt-file unless some portion of the file is marked for encryption, in which case it calls epa-encrypt-region on the appropriate text. The values of the ENCRYPT_* properties could be the key to use, or just t. If the value is t, either the key will be pulled from a file-level variable, or the user will be prompted for which key to use (as epa-encrypt-region normally does). Thanks, /au -- Austin Frank http://aufrank.net GPG Public Key (D7398C2F): http://aufrank.net/personal.asc _______________________________________________ Emacs-orgmode mailing list Emacs-orgmode@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-orgmode