Simple inline AES encryption via openssl
This package may be useful if you’d just like to encrypt parts of files or buffers, and to have encrypted output in the same line as other unencrypted text.
I’m unsure about exactly how secure this OpenSSL setup is, so I am
marking this package as deprecated. You can use it if you like,
but I don’t quite trust it enough for my own secrets. (I use the
pass command now.)
I’ve only tested this in Emacs 24, on a *Nix system. You will also need to have the openssl command-line utility installed.
If openssl isn’t in your PATH, customize the `inline-crypt-openssl-command’ variable to point to it.
There are four main interactive commands that encrypt and decrypt text. Each of these commands will prompt you for the encryption password. Encrypted data is produced and consumed in base64, not binary.
`inline-crypt-encrypt-region’ encrypts the current region, and displays the encrypted output in a temporary buffer. Or, with a prefix argument (`C-u’), the region will be replaced with the encrypted output.
`inline-crypt-decrypt-region’ decrypts the current region, and displays the decrypted output in a temporary buffer. Or, with a prefix argument (`C-u’), the region will be replaced with the decrypted output.
`inline-crypt-encrypt-string’ prompts the user for a string to encode, and displays the encrypted output in a temporary buffer. Or, with a prefix argument (`C-u’), the encrypted output will be inserted into the current buffer at the point.
`inline-crypt-decrypt-string’ prompts the user for a string to encode, and displays the decrypted output in a temporary buffer. Or, with a prefix argument (`C-u’), the decrypted output will be inserted into the current buffer at the point.
Select the following encrypted text, and type `C-u M-x inline-crypt-decrypt-region’.
The password is `foo’: U2FsdGVkX1+dYdbNSIt8vtU2EBP6ZaoEhL9uOHTKH88=
For a long time, I used KeepassX to store my mountains of passwords, so I don’t have to click the Link of Shame (“I forgot my password”) every time I spend too much time away from a site. KeepassX is great, except it uses a binary database. I keep all my stuff under source control, so plain text is a lot more convenient. (Automatic merging? Line-by-line diffs? Delicious.)
So, instead of KeepassX, I now store all my passwords in an org file, and use this code to only encrypt the sensitive bits.
I don’t mean to suggest that this code is complete, elegant, or even “good enough” for you. But, it does exactly what I need. Maybe it’ll be useful for someone else, too!
And, before you ask, I used openssl instead of aes.el “because reasons”.