## Storing solutions to homework problems in an org-file with encrypted headlines

| categories: orgmode | tags: | View Comments

I have been creating homework problems in org-files, which I distribute to students. A recurring dilemma I have had is where do you put the solution? If you put it in a separate file, there is not an elegant way to keep them connected, so if you end up changing the problem, it is easy to forget to update the solution.

Recently I learned about org-crypt. This allows you to encrypt the content of a heading. All you have to do is tag a heading with :crypt:, and when you save the file it will encrypt the contents of the heading. In this example, we try that out. We will use symmetric encryption, which just uses a password. Here is the setup for your init.el file.

(require 'org-crypt)
(org-crypt-use-before-save-magic)
(setq org-tags-exclude-from-inheritance (quote ("crypt")))
;;  set to nil to use symmetric encryption.
(setq org-crypt-key nil)


Now, for the question. What is the Answer to the Ultimate Question of Life, The Universe, and Everything?

The solution is encrypted below. Note, all you have to do is tag the headline with crypt, and when you save the file, you will be prompted for a passphrase and to confirm the passphrase (I used the passphrase 1234). To decrypt the solution, run org-decrypt-entries. You may get a warning that autosave can cause leakage, and a request to disable it for this buffer. You can do that. Then, You will be prompted for a passphrase for symmetric encryption. Enter 1234, and you should be rewarded with the solution!

This could be a good way to keep solutions and problems together, as long as you can remember the passphrase! The passphrase would obviously have to be different for each problem (or one passphrase would open all solutions), and unguessable for this to be useful. Once again, Emacs can help you out. We just need to remember one secret passphrase, and then compute a cryptographic hash that we could use for the encrypting passphrase. We could then just concatenate our secret key onto some unchanging property of the problem that will not change, and generate a secret password. Like this for example.

(let ((my-secret-key "1234"))
(format "This problem passphrase is %s." (secure-hash 'md5 (concat my-secret-key (org-get-heading t t)))))

This problem passphrase is 68ea5a0eefc31d34ee5d562891e4dcb7.


For this to work, you must keep your secret key absolutely secret, or someone could generate the passwords for each assignment. Also, you must make sure the property of the problem you use never changes, or you will not be able to generate a usable passphrase again! The property could be a filename, or problem label. All that really matters is that it not change, since the solution is stored in encrypted form. It might make sense to write the problem passphrase to a file, as long as the file is not accessible to students, and it is somehow always kept up to date.

Some other notes:

1. org-mode seems to save the passphrase somewhere, so when you save the file after decrypting it, the headline is automatically reencrypted with the same password.
2. If you remove the crypt tag, the file is saved in plain text
3. This seems to rely on GnuPG being installed on your computer.

## 1 Solution   crypt

–—BEGIN PGP MESSAGE–— Version: GnuPG v1

jA0EAwMC+AOmtRnbOY1gyZddPkzbHlSfApI4u29D3n05rwScSnx2jlmT8dPP6xES DWGfnByJhtHC/IhbmmECPH4F88lT8RsY8Ng6RmZjGsUJDXZzLBv3CITAgwx4sXz0 hq0dv4HvlW4OUNBoM6HzflMhJO/YlYHf00H94nzZ9T++mW+foHLMSiJ3XdglWMIA EwIz2uBmwEnsOLQ4M5W3lTBmet9iVKsT =Zo7c –—END PGP MESSAGE–—