1 \input texinfo @c -*- mode: texinfo -*-
4 @settitle EasyPG Assistant
7 @c @documentlanguage en
9 @dircategory GNU Emacs Lisp
11 * epa: (epa). EasyPG Assistant
15 This file describes EasyPG Assistant.
17 Copyright (C) 2007 Daiki Ueno.
19 Permission is granted to copy, distribute and/or modify this document
20 under the terms of the GNU Free Documentation License, Version 1.1 or
21 any later version published by the Free Software Foundation; with no
22 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
23 Texts. A copy of the license is included in the section entitled "GNU
24 Free Documentation License".
30 @title EasyPG Assistant
35 @vskip 0pt plus 1filll
36 Copyright @copyright{} 2007 Daiki Ueno.
38 Permission is granted to copy, distribute and/or modify this document
39 under the terms of the GNU Free Documentation License, Version 1.1 or
40 any later version published by the Free Software Foundation; with no
41 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
42 Texts. A copy of the license is included in the section entitled "GNU
43 Free Documentation License".
50 @top EasyPG Assistant user's manual
52 EasyPG Assistant is an Emacs user interface for GNU Privacy Guard
53 (GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}).
55 EasyPG Assistant is a part of the package called EasyPG, an all-in-one
56 GnuPG interface for Emacs. EasyPG also contains the library interface
57 called EasyPG Library.
59 This manual covers EasyPG version @value{VERSION}.
70 EasyPG Assistant provides the following features.
74 @item Cryptographic operations on regions.
75 @item Cryptographic operations on files.
76 @item Dired integration.
77 @item Mail-mode integration.
78 @item Automatic encryption/decryption of *.gpg files.
84 To install, just follow the standard CMMI installation instructions.
91 Then, add the following line to your @file{~/.emacs}
97 That's all. Restart emacs and type @kbd{M-x epa- TAB}, and you will see a
98 lot of commands available. For example,
101 @item To browse your keyring, type @kbd{M-x epa-list-keys}
103 @item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region}
106 You can also do some cryptographic operations from dired.
111 : e (or M-x epa-dired-do-encrypt)
112 (select recipients by 'm' and click [OK])
118 This chapter introduces various commands for typical use cases.
122 * Cryptographic operations on regions::
123 * Cryptographic operations on files::
124 * Dired integration::
125 * Mail-mode integration::
126 * Encrypting/decrypting *.gpg files::
130 @section Key management
131 Probably the first step of using EasyPG Assistant is to browse your
132 keyring. @kbd{M-x epa-list-keys} is corresponding to @samp{gpg
133 --list-keys} from the command line.
135 @deffn Command epa-list-keys name mode
136 Show all keys matched with @var{name} from the public keyring.
139 The output looks as follows.
142 u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org>
145 A character on the leftmost column indicates the trust level of the
146 key. If it is @samp{u}, the key is marked as ultimately trusted. The
147 second column is the key ID, and the rest is the user ID.
149 You can move over entries by @key{TAB}. If you type @key{RET} or
150 clicked button1 on an entry, you will see more detailed information
151 about the key you selected.
154 u Daiki Ueno <ueno@@unixuser.org>
155 u A5B6B2D4B15813FE 1024bits DSA
158 Capabilities: sign certify
159 Fingerprint: 8003 7CD0 0F1A 9400 03CA 50AA A5B6 B2D4 B158 13FE
160 u 4447461B2A9BEA2D 2048bits ELGAMAL_E
163 Capabilities: encrypt
164 Fingerprint: 9003 D76B 73B7 4A8A E588 10AF 4447 461B 2A9B EA2D
167 To browse your private keyring, use @kbd{M-x epa-list-secret-keys}.
169 @deffn Command epa-list-secret-keys name
170 Show all keys matched with @var{name} from the private keyring.
173 In @samp{*Keys*} buffer, several commands are available. The common
174 use case is to export some keys to a file. To do that, type @kbd{m}
175 to select keys, type @kbd{o}, and then supply the filename.
177 Below are other commands related to key management. Some of them take
178 a file as input/output, and others take the current region.
180 @deffn Command epa-insert-keys keys
181 Insert selected @var{keys} after the point. It will let you select
182 keys before insertion. By default, it will encode keys in the OpenPGP
186 @deffn Command epa-import-keys file
187 Import keys from @var{file} to your keyring.
190 @deffn Command epa-import-keys-region start end
191 Import keys from the current region between @var{start} and @var{end}
195 @deffn Command epa-import-armor-in-region start end
196 Import keys in the OpenPGP armor format in the current region between
197 @var{start} and @var{end}. The difference from
198 @code{epa-import-keys-region} is that
199 @code{epa-import-armor-in-region} searches armors in the region and
200 applies @code{epa-import-keys-region} to each of them.
203 @deffn Command epa-delete-keys allow-secret
204 Delete selected keys. If @var{allow-secret} is non-@code{nil}, it
205 also delete the secret keys.
208 @node Cryptographic operations on regions
209 @section Cryptographic operations on regions
211 @deffn Command epa-decrypt-region start end
212 Decrypt the current region between @var{start} and @var{end}. It
213 replaces the region with the decrypted text.
216 @deffn Command epa-decrypt-armor-in-region start end
217 Decrypt OpenPGP armors in the current region between @var{start} and
218 @var{end}. The difference from @code{epa-decrypt-region} is that
219 @code{epa-decrypt-armor-in-region} searches armors in the region
220 and applies @code{epa-decrypt-region} to each of them. That is, this
221 command does not alter the original text around armors.
224 @deffn Command epa-verify-region start end
225 Verify the current region between @var{start} and @var{end}. It sends
226 the verification result to the minibuffer or a popup window. It
227 replaces the region with the signed text.
230 @deffn Command epa-verify-cleartext-in-region
231 Verify OpenPGP cleartext blocks in the current region between
232 @var{start} and @var{end}. The difference from
233 @code{epa-verify-region} is that @code{epa-verify-cleartext-in-region}
234 searches OpenPGP cleartext blocks in the region and applies
235 @code{epa-verify-region} to each of them. That is, this command does
236 not alter the original text around OpenPGP cleartext blocks.
239 @deffn Command epa-sign-region start end signers type
240 Sign the current region between @var{start} and @var{end}. By
241 default, it creates a cleartext signature. If a prefix argument is
242 given, it will let you select signing keys, and then a signature
246 @deffn Command epa-encrypt-region start end recipients sign signers
247 Encrypt the current region between @var{start} and @var{end}. It will
248 let you select recipients. If a prefix argument is given, it will
249 also ask you whether or not to sign the text before encryption and if
250 you answered yes, it will let you select the signing keys.
253 @node Cryptographic operations on files
254 @section Cryptographic operations on files
256 @deffn Command epa-decrypt-file file
260 @deffn Command epa-verify-file file
264 @deffn Command epa-sign-file file signers type
265 Sign @var{file}. If a prefix argument is given, it will let you
266 select signing keys, and then a signature type.
269 @deffn Command epa-encrypt-file file recipients
270 Encrypt @var{file}. It will let you select recipients.
273 @node Dired integration
274 @section Dired integration
276 EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to
277 easily do cryptographic operations on files. The following keys are
283 @findex epa-dired-do-decrypt
284 Decrypt marked files.
288 @findex epa-dired-do-verify
293 @findex epa-dired-do-sign
298 @findex epa-dired-do-encrypt
299 Encrypt marked files.
303 @node Mail-mode integration
304 @section Mail-mode integration
306 EasyPG Assistant provides a minor mode to help composing clearsigned
307 or OpenPGP armored encrypted mails. The following keys are assigned.
311 @node Encrypting/decrypting *.gpg files
312 @section Encrypting/decrypting *.gpg files
313 Once @code{epa-setup} is loaded, every file whose extension is
314 @samp{.gpg} will be treated as encrypted. That is, when you attempt
315 to open such a file which already exists, the decrypted text is
316 inserted in the buffer rather than encrypted one. On the other hand,
317 when you attempt to save the buffer to a file whose extension is
318 @samp{.gpg}, encrypted data is written.
320 If you want to temporarily disable this behavior, use @kbd{M-x
321 epa-file-disable}, and then to enable this behavior use @kbd{M-x
324 @deffn Command epa-file-disable
325 Disable automatic encryption/decryption of *.gpg files.
328 @deffn Command epa-file-enable
329 Enable automatic encryption/decryption of *.gpg files.
332 @code{epa-file} will let you select recipients. If you want to
333 suppress this question, it might be a good idea to put the following
334 line on the first line of the text being encrypted.
335 @vindex epa-file-encrypt-to
338 ;; -*- epa-file-encrypt-to: ("ueno@@unixuser.org") -*-
341 Other variables which control the automatic encryption/decryption
344 @defvar epa-file-cache-passphrase-for-symmetric-encryption
345 If non-@code{nil}, cache passphrase for symmetric encryption. The
346 default value is @code{nil}.
349 @defvar epa-file-inhibit-auto-save
350 If non-@code{nil}, disable auto-saving when opening an encrypted file.
351 The default value is @code{t}.