; This is just a quick hack I banged out to use OpenSSL's encryption
; capabilities to maintain a few secure files. I suppose that I'd be
; better off using crypt++.el, but 1) I didn't find it until after I
; wrote this and 2) The complexity of crypt++ worries me. This package
; is very straightforward since it doesn't try for extensive integration
; with other emacs packages or magical deduction of
; encryption/compression methods. It attempts to be emacsly well-behaved
; by using the smallest functional footprint possible. 
; 
; 2 functions:
; 	ssl-find-file	; behaves just like find-file
; 	ssl-write-file	; behave-alike for write-file
 
; ssl-find-file installs a write-file-data-hook and disables auto-saving
; for the encrypted file so that we never let it get to disk in the
; clear. The only real security weaknesses come from caching keyphrases
; inside emacs and using the openssl command line to pass the
; keyphrase. The latter is the serious one, but is only vulnerable to a
; (IMHO fairly) determined attacker as its only visible for the amount
; of time it takes to actually encrypt/decrypt. I can reduce this
; vulnerability by running openssl through a pty, but I just don't have
; the time to go to that level of implementation complexity. 

; I find it dismaying how little free (speech) software exists for
; securing files (as opposed to email). Here's my US$0.02. I'm hoping
; that someone finds it useful. 
 
; david rush
 
;;; openSSL hacks
 
(defvar ssl-program "openssl")
(defvar ssl-pass-phrases '())
(defvar ssl-encoding "bf")

(defun ssl-pass-phrase (file)
  (let* ((xfile (expand-file-name file))
	 (ssl-metadata (assoc xfile ssl-pass-phrases)))
    (read-passwd "SSL passphrase: " nil
		 (if ssl-metadata (cdr ssl-metadata) nil))))

(defun ssl-add-write-hook ()
  (if (not (member 'ssl-write-file-data-hook
		   write-file-data-hooks))
      (setq write-file-data-hooks (cons 'ssl-write-file-data-hook
					write-file-data-hooks))))

(defun ssl-find-file (file)
  (interactive "fFind encrypted file: ")
  (let* ((xfile (expand-file-name file))
	 (ssl-metadata (assoc xfile ssl-pass-phrases))
	 (pass-phrase (read-passwd "SSL passphrase: " nil
				   (if ssl-metadata (cdr ssl-metadata) nil))))
    (if ssl-metadata
	(setcdr ssl-metadata pass-phrase)
      (setq ssl-pass-phrases (cons (cons xfile pass-phrase) ssl-pass-phrases))) 
    
    (let ((buffer (or (find-buffer-visiting xfile)
		      (create-file-buffer xfile))))
      (call-process ssl-program xfile buffer t
		    "enc" "-d" (format "-%s" ssl-encoding)
		    "-k" pass-phrase)
      (switch-to-buffer buffer)
      (set-visited-file-name xfile)
      (setq buffer-auto-save-file-name nil)
      (ssl-add-write-hook)
      (set-buffer-modified-p nil)
      (goto-char (point-min))
      )))

(defun ssl-write-file (file)
  (interactive "FWrite encrypted file: ")
  (let* ((xfile (expand-file-name file))
	 (pass-phrase (ssl-pass-phrase xfile))
	 (ssl-buffer (get-buffer-create "*SSL Output*")))
    
    (if (not (equal xfile (expand-file-name (buffer-file-name)))) (set-visited-file-name xfile))
    
    (cond ((not
	    (= 0
	       (call-process-region (point-min) (point-max)
				    ssl-program
				    nil ssl-buffer t
				    "enc" "-e" (format "-%s" ssl-encoding)
				    "-k" pass-phrase
				    "-out" xfile)))
	   (switch-to-buffer-other-window ssl-buffer)
	   nil)
	  (t
	   (setq buffer-auto-save-file-name nil)
	   (ssl-add-write-hook)
	   (set-buffer-modified-p nil)
	   t))
    ))

(defun ssl-write-file-data-hook (file)
  (let* ((xfile (expand-file-name file)))
    (and (assoc xfile ssl-pass-phrases)
	 (ssl-write-file xfile)
	 )))