* What's this? EasyPG is yet another GnuPG interface for Emacs. It consists of three parts: transparent file encryption utility, Gnus/PGG backend, and elisp library to interact with GnuPG. * Requirements ** GNU Emacs 21.4 or later, XEmacs 21.4 or later ** GnuPG 1.4.3 or later ** Gnus 5.10.8 or later (optional) * Quick start ** Installation $ ./configure $ sudo make install ** Transparent file encryption utility EasyPG provides transparent file encryption utility similar to crypt++, alpaca.el, hedgehog. To try this, add the following line to your ~/.emacs and C-x C-f ~/test.txt.gpg. (require 'epf) ** Gnus/PGG backend EasyPG provides an implementation of the backend interface of Gnus/PGG. To use EasyPG instead of pgg-gpg, install pgg-epg.el and add the following line to your ~/.gnus. (setq pgg-scheme 'epg) * Advantages over other competitors There are many competitors of EasyPG such as Mailcrypt, Gnus/PGG, gpg.el, etc. EasyPG has some advantages over them. ** EasyPG avoides potential security flaws of Emacs See "Security consideration" section. ** GnuPG features are directly accessible from Emacs Other competitors provide only specific features of GnuPG since they still support PGP 2.*, 5.*, 6.*. As the name indicates, EasyPG is inspired by GPGME (GnuPG Made Easy), and the library interface is close to GPGME. With EasyPG you can benefit from a lot of features of GnuPG. * Security consideration ** `call-process-region' writes data in region to a temporary file `call-process-region' writes data in region to a temporary file. EasyPG does *not* use `call-process-region' to communicate with a gpg subprocess. ** `(fillarray string 0)' is not enough to clear passphrases If Emacs crashed and dumps core, passphrase strings in memory are also dumped within the core file. `read-passwd' function clears passphrase strings by `(fillarray string 0)'. However, Emacs performs compaction in gc_sweep phase. If GC happens before `fillarray', passphrase strings may be moved elsewhere in memory. Fortunately, there is gpg-agent to cache passphrases in more secure way, so EasyPG dares *not* to cache passphrase. Elisp programs can set `epg-context-passphrase-callback' to cache user's passphrases.