* Requirements
** GNU Emacs 21.4 or later
+
** XEmacs 21.4 or later
+
** GnuPG 1.4.3 or later
* Quick start
** EasyPG avoides potential security flaws of Emacs.
*** `call-process-region' writes data in region to a temporary file.
-PGG and gpg.el use `call-process-region' to communicate with a
-subprocess "gpg". So, your passphrases may leak to the filesystem.
+
+PGG and gpg.el use `call-process-region' to communicate with a gpg
+subprocess. Your passphrases may leak to the filesystem.
*** There is no way to clear strings safely.
-To prevent passphrases from been stealing from cores, `read-passwd'
-function clears passphrase strings by `(fillarray string 0)'.
-However, it is not enough. Emacs does compaction of small strings in
-GC sweep phase. If GC happens before `fillarray', passphrase strings
-may be copied elsewhere in the memory. PGG and gpg.el enables
+
+If Emacs crashed and dumps core, passphrase strings in memory are also
+dumped with the core file. `read-passwd' function clears passphrase
+strings by `(fillarray string 0)'. However, it is not perfect. Emacs
+does compaction of small strings in gc_sweep phase. If GC happens
+before `fillarray', passphrase strings may be copied elsewhere in
+memory. So, it is recommended that if you are done with passphrase
+you should clear it manually. However, PGG and gpg.el enables
passphrase caching by default.
** Most GnuPG features are accessible from Emacs
-As the name says, EasyPG is inspired by GPGME (GnuPG Made Easy), and
-the API is close to GPGME.
\ No newline at end of file
+
+As the name indicates, EasyPG is inspired by GPGME (GnuPG Made Easy),
+and the library interface is close to GPGME.
projects / elisp / epg.git / blobdiff