3 EasyPG is yet another GnuPG interface for Emacs. It consists of two
4 parts: transparent file encryption utility and easy-to-use elisp
5 library to interact with GnuPG.
9 ** GNU Emacs 21.4 or later
11 ** XEmacs 21.4 or later
13 ** GnuPG 1.4.3 or later
17 (0) Put (require 'epg-file) in your ~/.emacs.el
21 (2) C-x C-f ~/test.gpg
23 * Advantages over other competitors
25 There are many competitors of EasyPG such as Mailcrypt, PGG, gpg.el,
26 etc. EasyPG has some advantages over them.
28 ** EasyPG avoides potential security flaws of Emacs.
30 *** `call-process-region' writes data in region to temporary files.
32 `call-process-region' writes data in region to temporary files. PGG
33 and gpg.el use `call-process-region' to communicate with a gpg
34 subprocess. Your passphrases leak to the filesystem!
36 *** There is no way to clear strings safely.
38 If Emacs crashed and dumps core, passphrase strings in memory are also
39 dumped within the core file. `read-passwd' function clears passphrase
40 strings by `(fillarray string 0)'. However, Emacs performs compaction
41 in gc_sweep phase. If GC happens before `fillarray', passphrase
42 strings may be moved elsewhere in memory. It is recommended that as
43 soon as you are done with passphrase you should clear it manually.
44 However, PGG and gpg.el can keep passphrase strings in cache for a
45 while and this behavior is their default!
47 ** GnuPG features are directly accessible from Emacs
49 Other competitors provide only specific features of GnuPG since they
50 still support PGP 2.*, 5.*, 6.*. As the name indicates, EasyPG is
51 inspired by GPGME (GnuPG Made Easy), and the library interface is
52 close to GPGME. With EasyPG you can benefit from a lot of features of