* What's this?

EasyPG is yet another GnuPG interface for Emacs.  It consists of two
parts:

- "The EasyPG Assistant"
  A GUI frontend of GnuPG
- "The EasyPG Library"
  A library to interact with GnuPG

* Requirements

** GNU Emacs 21.4 or XEmacs 21.4

** GnuPG 1.4.3

* Quick start

** Installation

  $ ./configure
  $ sudo make install

Add the following line to your ~/.emacs

  (require 'epa-setup)

Then you can browse your keyring by `M-x epa-list-keys'.  In addition,
you can do some cryptographic operations on dired.

  M-x dired
  (mark some files)
  : e (or M-x epa-dired-do-encrypt)
  (select recipients and click [OK])

* Security

There are security pitfalls around Emacs.

** Passphrase may leak to a temporary file.

The function call-process-region writes data in region to a temporary
file. If your PGP library used this function, your passphrases would
leak to the filesystem.

The EasyPG Library does not use call-process-region to communicate
with a gpg subprocess.

** Passphrase may be stolen from a core file.

If Emacs crashes and dumps core, Lisp strings in memory are also
dumped within the core file. read-passwd function clears passphrase
strings by (fillarray string 0) to avoid this risk. However, Emacs
performs compaction in gc_sweep phase. If GC happens before fillarray,
passphrase strings may be moved elsewhere in memory. Therefore,
passphrase caching in elisp is generally a bad idea.

The EasyPG Library dares to disable passphrase caching. Fortunately,
there is more secure way to cache passphrases - use gpg-agent.