org-crypt: make org-decrypt disable auto-save-mode (configurable)

As auto-save-mode can only cause leakage when there's actual decrypted
data lying around, don't check for it (and potentially cause annoyance)
on init, but only when org-decrypt-entry is called.

* lisp/org-crypt.el:
  - add defcustom `org-crypt-disable-auto-save'
  - `org-decrypt-entry': before decrypting, check whether
    `auto-save-mode' is enabled for the current buffer, and act
    on it according to how `org-crypt-disable-auto-save' is set.
  - remove comment re "encrypt[ing] Org auto-saved buffers"
  - remove on-init check for `auto-save-default'

lisp/org-crypt.el

@@ -94,6 +94,29 @@ This setting can also be overridden in the CRYPTKEY property."
   :type 'string 
   :group 'org-crypt)
 
+(defcustom org-crypt-disable-auto-save 'ask
+  "What org-decrypt should do if `auto-save-mode' is enabled.
+
+t        : Disable auto-save-mode for the current buffer
+           prior to decrypting an entry.
+
+nil      : Leave auto-save-mode enabled.
+           This may cause data to be written to disk unencrypted!
+
+'ask     : Ask user whether or not to disable auto-save-mode
+           for the current buffer.
+
+'encrypt : Leave auto-save-mode enabled for the current buffer,
+           but automatically re-encrypt all decrypted entries
+           *before* auto-saving.
+           NOTE: This only works for entries which have a tag
+           that matches `org-crypt-tag-matcher'."
+  :group 'org-crypt
+  :type '(choice (const :tag "Always"  t)
+                 (const :tag "Never"   nil)
+                 (const :tag "Ask"     ask)
+                 (const :tag "Encrypt" encrypt)))
+
 (defun org-crypt-key-for-heading ()
   "Return the encryption key for the current heading."
   (save-excursion
@@ -142,6 +165,30 @@ This setting can also be overridden in the CRYPTKEY property."
 (defun org-decrypt-entry ()
   "Decrypt the content of the current headline."
   (interactive)
+
+  ; auto-save-mode may cause leakage, so check whether it's enabled.
+  (when buffer-auto-save-file-name
+    (cond
+     ((or
+       (eq org-crypt-disable-auto-save t)
+       (and
+        (eq org-crypt-disable-auto-save 'ask)
+        (y-or-n-p "org-decrypt: auto-save-mode may cause leakage. Disable it for current buffer? ")))
+      (message (concat "org-decrypt: Disabling auto-save-mode for " (or (buffer-file-name) (current-buffer))))
+      ; The argument to auto-save-mode has to be "-1", since
+      ; giving a "nil" argument toggles instead of disabling.
+      (auto-save-mode -1))
+     ((eq org-crypt-disable-auto-save nil)
+      (message "org-decrypt: Decrypting entry with auto-save-mode enabled. This may cause leakage."))
+     ((eq org-crypt-disable-auto-save 'encrypt)
+      (message "org-decrypt: Enabling re-encryption on auto-save.")
+      (add-hook 'auto-save-hook
+                (lambda ()
+                  (message "org-crypt: Re-encrypting all decrypted entries due to auto-save.")
+                  (org-encrypt-entries))
+                nil t))
+     (t nil)))
+
   (require 'epg)
   (unless (org-before-first-heading-p)
     (save-excursion
@@ -201,19 +248,6 @@ This setting can also be overridden in the CRYPTKEY property."
    'org-mode-hook
    (lambda () (add-hook 'before-save-hook 'org-encrypt-entries nil t))))
 
-;; FIXME Find a better way to encrypt Org auto-saved buffers?
-;; When `auto-save-default' is non-nil, make sure entries are
-;; encrypted before auto-saving
-;; (when auto-save-default
-;;    (add-hook
-;;     'org-mode-hook
-;;     (lambda () (add-hook 'auto-save-hook 'org-encrypt-entries nil t))))
-
-(when (and (functionp 'daemonp)
-	   (not (daemonp)) auto-save-default)
-  (message "Warning: turn auto-save-mode off in Org buffers containing crypted entries.")
-  (sit-for 1))
-
 (add-hook 'org-reveal-start-hook 'org-decrypt-entry)
 
 (provide 'org-crypt)