(allout-mode), (allout-encrypt-string): Describe the problem with caching

of incorrect symmetric-decryption keys.
author: Ken Manheimer 2010-12-16 17:43:45 -0500
committer: Ken Manheimer 2010-12-16 17:43:45 -0500
commit: 0281bf138807e04b44b5891ec8d5a365dad8e3c1 (patch)
tree: 9c8dfd1d7d2aaa71780c4dff06856e84970c5893
parent: 075746e2c18959705ba7b186657fa84b01e42337 (diff)
download: emacs-0281bf138807e04b44b5891ec8d5a365dad8e3c1.tar.gz
emacs-0281bf138807e04b44b5891ec8d5a365dad8e3c1.zip
1 files changed, 15 insertions, 7 deletions
diff --git a/lisp/allout.el b/lisp/allout.el
index b67f8125a06..968c7081678 100644
--- a/lisp/allout.el
+++ b/lisp/allout.el
@@ -1920,12 +1920,12 @@ If the content of the topic containing the cursor was encrypted
 for a save, it is automatically decrypted for continued editing.
 PROBLEM: Attempting symmetric decryption with an incorrect key
-not only fails, but the incorrect key seems to be associated with
+not only fails, but for some GnuPG v2 versions the incorrect key
-the specific entry in the gpg cache, so that you do not get an
+is apparently retained in the gpg cache and reused, preventing
-opportunity to override the incorrect key and decrypt that
+decryption, until the cache finally times out.  That can take
-entry.  (Decryption of other entries is not affected.)  To clear
+several minutes.  \(Decryption of other entries is not affected.)
-this problem, clear your gpg-agent's cache by sending it a '-HUP'
+To clear this problem before the cache times out, deliberately
-signal.
+clear your gpg-agent's cache by sending it a '-HUP' signal.
 See `allout-toggle-current-subtree-encryption' function docstring
 and `allout-encrypt-unencrypted-on-saves' customization variable
@@ -6169,7 +6169,15 @@ dialog.
 Optional REJECTED is for internal use, to convey the number of
 rejections due to matches against
 `allout-encryption-ciphertext-rejection-regexps', as limited by
-`allout-encryption-ciphertext-rejection-ceiling'."
+`allout-encryption-ciphertext-rejection-ceiling'.
+PROBLEM: Attempting symmetric decryption with an incorrect key
+not only fails, but for some GnuPG v2 versions the incorrect key
+is apparently retained in the gpg cache and reused, preventing
+decryption, until the cache finally times out.  That can take
+several minutes.  \(Decryption of other entries is not affected.)
+To clear this problem before the cache times out, deliberately
+clear your gpg-agent's cache by sending it a '-HUP' signal."
  (require 'epg)
  (require 'epa)
author	Ken Manheimer	2010-12-16 17:43:45 -0500
committer	Ken Manheimer	2010-12-16 17:43:45 -0500
commit	0281bf138807e04b44b5891ec8d5a365dad8e3c1 (patch)
tree	9c8dfd1d7d2aaa71780c4dff06856e84970c5893
parent	075746e2c18959705ba7b186657fa84b01e42337 (diff)
download	emacs-0281bf138807e04b44b5891ec8d5a365dad8e3c1.tar.gz emacs-0281bf138807e04b44b5891ec8d5a365dad8e3c1.zip

diff --git a/lisp/allout.el b/lisp/allout.el index b67f8125a06..968c7081678 100644 --- a/lisp/allout.el +++ b/lisp/allout.el
@@ -1920,12 +1920,12 @@ If the content of the topic containing the cursor was encrypted
1920	for a save, it is automatically decrypted for continued editing.	1920	for a save, it is automatically decrypted for continued editing.
1921		1921
1922	PROBLEM: Attempting symmetric decryption with an incorrect key	1922	PROBLEM: Attempting symmetric decryption with an incorrect key
1923	not only fails, but the incorrect key seems to be associated with	1923	not only fails, but for some GnuPG v2 versions the incorrect key
1924	the specific entry in the gpg cache, so that you do not get an	1924	is apparently retained in the gpg cache and reused, preventing
1925	opportunity to override the incorrect key and decrypt that	1925	decryption, until the cache finally times out. That can take
1926	entry. (Decryption of other entries is not affected.) To clear	1926	several minutes. \(Decryption of other entries is not affected.)
1927	this problem, clear your gpg-agent's cache by sending it a '-HUP'	1927	To clear this problem before the cache times out, deliberately
1928	signal.	1928	clear your gpg-agent's cache by sending it a '-HUP' signal.
1929		1929
1930	See `allout-toggle-current-subtree-encryption' function docstring	1930	See `allout-toggle-current-subtree-encryption' function docstring
1931	and `allout-encrypt-unencrypted-on-saves' customization variable	1931	and `allout-encrypt-unencrypted-on-saves' customization variable
@@ -6169,7 +6169,15 @@ dialog.
6169	Optional REJECTED is for internal use, to convey the number of	6169	Optional REJECTED is for internal use, to convey the number of
6170	rejections due to matches against	6170	rejections due to matches against
6171	`allout-encryption-ciphertext-rejection-regexps', as limited by	6171	`allout-encryption-ciphertext-rejection-regexps', as limited by
6172	`allout-encryption-ciphertext-rejection-ceiling'."	6172	`allout-encryption-ciphertext-rejection-ceiling'.
		6173
		6174	PROBLEM: Attempting symmetric decryption with an incorrect key
		6175	not only fails, but for some GnuPG v2 versions the incorrect key
		6176	is apparently retained in the gpg cache and reused, preventing
		6177	decryption, until the cache finally times out. That can take
		6178	several minutes. \(Decryption of other entries is not affected.)
		6179	To clear this problem before the cache times out, deliberately
		6180	clear your gpg-agent's cache by sending it a '-HUP' signal."
6173		6181
6174	(require 'epg)	6182	(require 'epg)
6175	(require 'epa)	6183	(require 'epa)