search

nvim-neorg / neorg

Modernity meets insane extensibility. The future of organizing your life in Neovim.
GNU General Public License v3.0
6.47k stars 213 forks source link

Implementing Section-Based Encryption #1155

Open gungun974 opened 1 year ago

gungun974 commented 1 year ago

Issues

Feature description

I love Neorg, I find it a very promising project that delivers exactly what I want. It isn't perfect (for instance, I can't use my phone with it), but it is perfectly functional!

However, some time ago I discovered QOwnNotes, and I wouldn't say I prefer it over Neorg. But the encryption feature really intrigued me.

I know that if I want to keep something secret, I could just fully encrypt my whole Neorg file. But with QOwnNotes, with a single command, I can have a BEGIN/END ENCRYPTED TEXT section in my file with AES-256.

That's why I'm opening this issue to suggest and see if it would be possible to have a similar feature in Neorg where we could have multiple encrypted sections within the same Neorg file.

Just for the record, I'm not yet sure how a user would interact with these encrypted portions.

The only thing I'm convinced of is that a tag syntax would be a very good way to differentiate between clear texts and encrypted sections :

@encrypted
Secret, secret, secret
@end

In any case, I'm very curious to know what people think.

Help

Yes, but I don't know how to start. I would need guidance

Implementation help

No response

champignoom commented 1 year ago

Nice idea, but I believe encryption is orthogonal to norg syntax and should be implemented in another plugin without using norg syntax, otherwise notes like the following one would be syntatically wrong:

@encrypted
* heading
@end
vhyrro commented 12 months ago

This does sound like something that is possible with the macro system :thinking:. You could highlight some text, run :Neorg encrypt on it, provide a passphrase, and then it would be converted into:

@encrypted
<ENCRYPTED CONTENT>
@end

Then, whenever you want to decrypt it, you'd try to "bake" the macro. Since you didn't provide the required "password" parameter Neorg will prompt you for it and then will run the macro like so:

@encrypted <your-password>
<ENCRYPTED CONTENT>
@end

Which will execute the macro and return the decrypted text, thus converting the whole encrypted text back into its original state.

pysan3 commented 12 months ago

@vhyrro What happens in the following case?

@encrypted password
* Header
@end 

  Content <- how should we know that this was inside header before it is revealed?
  which will mess up the parser.
gungun974 commented 11 months ago

Sorry for didn't say one word about this. I was personally busy with my work and some other thing.

I read this conversation and I love the idea of a Macro (Honestly I understand what is a Macro in Neovim but I don't know what is a Macro inside Neorg. Those it's behave like a command with some lua code attach ?)

A command like :Neorg encrypt and :Neorg decrypt would be great and easy to use. 

@encrypted <your-password>
<ENCRYPTED CONTENT>
@end

I don't understand this example are you considering to write directly into the buffer the password in plain form ? This could be dangerous since someone can forget to remove it and leave the password in his document.

Also I think we should really consider to support multiple Encryption methods like AES-256 for builtin password base or tools external tools like PGP.

@vhyrro What happens in the following case?

@encrypted password
* Header
@end 

  Content <- how should we know that this was inside header before it is revealed?
  which will mess up the parser.

The only thing I think we should add an @decrypted block when the text is decrypted. So we don't run in a situation where we try to deciphered an unencrypted text.

In any case I'm really interested already if I can't by myself time to create a prototype version of what I have in mind to better illustrate it.

I don't have the time yet but I think that after the Christmas holidays I could try to have fun creating a Neorg module.

Afterwards if someone else wants to try something before me, they are free to contribute in my place ^^

ewanm89 commented 7 months ago

Should be noted, whatever is encrypted if implemented would likely be leaked in neovim's undo files (and other places in neovim). This is part of why :X for encryption in neovim has been an open issue since they removed that functionality after forking from Vim (back then Vim was also using some insecure encryption algorithms).