Conversation
|
If I create a new encrypted file from the command line ( I also think that the password shouldn't be displayed when typing it in. You can use Also, could you perhaps provide some description of what the intended behavior is? I think this needs some more work before it can be merged but this is a great addition to the editor. Thanks for taking the time to contribute! |
|
I will fix things and make improvements.
The purpose of this pull request is to support PGP files encrypted with a
single password. The editor will be able to create a password encrypted
file or open/edit an existing password encrypted file. A file is assumed to
be encrypted if the file extension is gpg (binary format) or asc (text
format). If the user doesn't want to encrypt/decrypt a file then they won't
enter a password, and the file will be saved as is.
I should probably add support for looking at "magic" bytes to determine if
a file is a pgp/gpg encrypted file, so files with other extension can be
supported.
…On Tue, Jul 18, 2017 at 12:13 PM, Zachary Yedidia ***@***.***> wrote:
If I create a new encrypted file from the command line (micro test.asc)
it asks for a password but then thinks that the password was incorrect
(because the file didn't exist before) and the file just shows No name
and test.asc: EOF. I also think that the password shouldn't be displayed
when typing it in. You can use terminal.ReadPassword (from
golang.org/x/crypto/ssh/terminal which this already depends on) to read a
command line password without displaying it.
I think this needs some more work before it can be merged but I think this
is a great addition to the editor. Thanks for taking the time to contribute!
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#730 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAPZFP6r4bxPe9hG92tKLCcNGr5Prc78ks5sPPW7gaJpZM4OTtaY>
.
|
|
Sorry I've just been idling with this issue. I'll try to test it and hopefully merge it soon. |
|
Am I correct in my understanding that a file can only be encrypted if it has the extension |
cmd/micro/buffer.go
Outdated
| var err error | ||
| reader, err = b.Decode(reader, path, password) | ||
| if err != nil { | ||
| return NewBufferFromString(fmt.Sprintf("%s: %v", path, err), "") |
There was a problem hiding this comment.
Instead of just opening an empty file with the error message, I think micro should print the message and then open the encrypted file (without decrypting it). So this line should probably be something like
TermMessage(fmt.Sprintf("Error: %s: %v", path, err))
return NewBuffer(freader, size, path)I have renamed the argument reader to freader to avoid the reassignment of the variable.
|
Correct. Only files with .asc or .gpg are encrypted. |
|
Thanks for keeping this up-to-date. I'll try review and merge soon. My only concern is the |
Chore upgrade
|
build tag 'phat' is now required for openpgp support; gzip support has also been added @zyedidia |
|
I was just about to start building this feature. I'm presuming this was never merged in? @pointlander do you know if I can resurrect this merge or should I start a new one?? |
|
I will fix the conflicts @silverark |
|
merge completed @silverark |
|
Thank you @pointlander That's brilliant. Thanks for your hard work |
|
Thanks for updating this! I will try to take a look through it soon. |
|
I don't think micro should support OpenPGP in any way. The general consensus in the security community is that PGP does what it does quite badly: https://latacora.singles/2019/07/16/the-pgp-problem.html Adding support for it at this point would not be wise. It might make sense to create a plugin that does this (and change micro where it needs changes for the plugin to work). If users want OpenPGP support, just use the gpg on files micro produces. It is easy and works with the unix philosophy, e.g. |
|
How would the user write the file to disk in encrypted form? This feature also adds compression support, and vi encryption format should be supported. Should be using this: https://github.com/awnumar/memguard |
|
With version 2.0.3 you can also pipe the contents of a file edited with micro to another unix tool. I am not familiar with the unix tools used for encryption but presumably one could do something like Are you suggesting using memguard for keeping the file contents that are being edited in-memory by micro in a secure enclave? Correct me if I'm wrong but it doesn't seem like the implementation of this PR currently supports that. |
|
This pull request doesn't have memguard, but it would be a good idea. |
|
And what about multiple files? |
4 participants
No description provided.