3 EasyPG is a fully functional GnuPG interface for Emacs. It has two
7 A GUI frontend of GnuPG
9 A library to interact with GnuPG
13 ** GNU Emacs 21.4 or XEmacs 21.4
24 Add the following line to your ~/.emacs
28 Then you can browse your keyring by `M-x epa-list-keys'. In addition,
29 you can do some cryptographic operations on dired.
33 : e (or M-x epa-dired-do-encrypt)
34 (select recipients and click [OK])
38 The EasyPG Library can be used in combination with various MUA (Mail
41 ** CVS version of Gnus
43 CVS version of Gnus has the native EasyPG binding, simply put the
44 following line into your ~/.emacs.
46 (setq mml2015-use 'epg)
48 Other options which affect on the binding are
51 mml2015-encrypt-to-self
52 mml2015-cache-passphrase
53 mml2015-passphrase-cache-expiry
58 SEMI is the MIME library used by Wanderlust, cmail, T-gnus, etc.
60 There is an EasyPG capable SEMI library called EMIKO-EasyPG. It can
61 be downloaded from the same site of the EasyPG distribution point.
65 PGG is somewhat outdated PGP library used by old Gnus, MH-E, etc.
67 There is a PGG backend using EasyPG called pgg-epg.el. However,
68 pgg-epg.el provides no more additional features than pgg-gpg.el,
69 because PGG's API is restricted so that it supports old PGP 2.x/5.x.
73 There are security pitfalls around Emacs.
75 ** Passphrase may leak to a temporary file.
77 The function call-process-region writes data in region to a temporary
78 file. If your PGP library used this function, your passphrases would
79 leak to the filesystem.
81 The EasyPG Library does not use call-process-region to communicate
82 with a gpg subprocess.
84 ** Passphrase may be stolen from a core file.
86 If Emacs crashes and dumps core, Lisp strings in memory are also
87 dumped within the core file. read-passwd function clears passphrase
88 strings by (fillarray string 0) to avoid this risk. However, Emacs
89 performs compaction in gc_sweep phase. If GC happens before fillarray,
90 passphrase strings may be moved elsewhere in memory. Therefore,
91 passphrase caching in elisp is generally a bad idea.
93 The EasyPG Library dares to disable passphrase caching. Fortunately,
94 there is more secure way to cache passphrases - use gpg-agent.