3 EasyPG is a GnuPG interface for Emacs. It has two aspects: convenient
4 tools which allow to use GnuPG from Emacs (EasyPG Assistant), and a
5 fully functional interface library to GnuPG (EasyPG Library).
9 ** GNU Emacs 21.4, XEmacs 21.4, or later
11 ** GnuPG 1.4.3 or later
20 Add the following line to your ~/.emacs
24 Then you can browse your keyring by `M-x epa-list-keys'. In addition,
25 you can do some cryptographic operations on dired.
29 : e (or M-x epa-dired-do-encrypt)
30 (select recipients by 'm' and click [OK])
34 The EasyPG Library can be used in combination with various MUA (Mail
37 ** CVS version of Gnus
39 CVS version of Gnus uses EasyPG by default. To make sure of that,
40 check mml2015-use set to 'epg. Other options which affect on the
44 mml2015-encrypt-to-self
45 mml2015-cache-passphrase
46 mml2015-passphrase-cache-expiry
49 NOTE: You don't need pgg-epg.el in this case.
53 PGG is outdated PGP library used by old Gnus (<= v5.11), MH-E, etc.
55 There is a PGG backend written EasyPG called pgg-epg.el. However,
56 EasyPG API is a superset of PGG and pgg-epg.el provides nothing but
57 compatibility with PGG.
61 - PGG doesn't have a user interface to select keys for typical
62 cryptographic operations
63 - PGG can't handle messages signed with multiple keys correctly
64 - PGG trusts any keys for encryption
68 SEMI is the MIME library used by Wanderlust, cmail, T-gnus, etc.
70 There is an EasyPG capable SEMI library called EMIKO-EasyPG. It can
71 be downloaded from the same site of the EasyPG distribution point.
75 There are security pitfalls around Emacs. EasyPG is written with
78 ** Passphrase may leak to a temporary file.
80 The function call-process-region writes data in region to a temporary
81 file. If your PGP library used this function, your passphrases would
82 leak to the filesystem.
84 The EasyPG Library does not use call-process-region to communicate
85 with a gpg subprocess.
87 ** Passphrase may be stolen from a core file.
89 If Emacs crashes and dumps core, Lisp strings in memory are also
90 dumped within the core file. read-passwd function clears passphrase
91 strings by (fillarray string 0) to avoid this risk. However, Emacs
92 performs compaction in gc_sweep phase. If GC happens before fillarray,
93 passphrase strings may be moved elsewhere in memory. Therefore,
94 passphrase caching in elisp is generally a bad idea.
96 The EasyPG Library dares to disable passphrase caching. Fortunately,
97 there is more secure way to cache passphrases - use gpg-agent.