Commit | Line | Data |
---|---|---|
c154c0be MO |
1 | \input texinfo @c -*- mode: texinfo -*- |
2 | @c %**start of header | |
3 | @setfilename ../../info/epa | |
4 | @settitle EasyPG Assistant User's Manual | |
5 | @c %**end of header | |
6 | ||
7 | @set VERSION 1.0.0 | |
8 | ||
9 | @copying | |
5dc584b5 | 10 | This file describes EasyPG Assistant @value{VERSION}. |
c154c0be | 11 | |
ab422c4d | 12 | Copyright @copyright{} 2007--2013 Free Software Foundation, Inc. |
c154c0be MO |
13 | |
14 | @quotation | |
15 | Permission is granted to copy, distribute and/or modify this document | |
6a2c4aec | 16 | under the terms of the GNU Free Documentation License, Version 1.3 or |
c154c0be | 17 | any later version published by the Free Software Foundation; with no |
cd5c05d2 GM |
18 | Invariant Sections, with the Front-Cover texts being ``A GNU Manual,'' |
19 | and with the Back-Cover Texts as in (a) below. A copy of the license | |
0b1af106 | 20 | is included in the section entitled ``GNU Free Documentation License''. |
cd5c05d2 GM |
21 | |
22 | (a) The FSF's Back-Cover Text is: ``You have the freedom to copy and | |
6bf430d1 | 23 | modify this GNU manual.'' |
c154c0be MO |
24 | @end quotation |
25 | @end copying | |
26 | ||
0c973505 | 27 | @dircategory Emacs misc features |
c154c0be | 28 | @direntry |
62e034c2 | 29 | * EasyPG Assistant: (epa). An Emacs user interface to GNU Privacy Guard. |
c154c0be MO |
30 | @end direntry |
31 | ||
c154c0be MO |
32 | @titlepage |
33 | @title EasyPG Assistant | |
34 | ||
35 | @author by Daiki Ueno | |
36 | @page | |
37 | ||
38 | @vskip 0pt plus 1filll | |
39 | @insertcopying | |
40 | @end titlepage | |
c154c0be | 41 | |
5dc584b5 | 42 | @contents |
c154c0be MO |
43 | |
44 | @node Top | |
45 | @top EasyPG Assistant user's manual | |
46 | ||
47 | EasyPG Assistant is an Emacs user interface to GNU Privacy Guard | |
48 | (GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}). | |
49 | ||
50 | EasyPG Assistant is a part of the package called EasyPG, an all-in-one | |
51 | GnuPG interface for Emacs. EasyPG also contains the library interface | |
52 | called EasyPG Library. | |
53 | ||
5dc584b5 KB |
54 | @ifnottex |
55 | @insertcopying | |
56 | @end ifnottex | |
c154c0be MO |
57 | |
58 | @menu | |
1df7defd PE |
59 | * Overview:: |
60 | * Quick start:: | |
61 | * Commands:: | |
62 | * Caching Passphrases:: | |
63 | * Bug Reports:: | |
0b1af106 | 64 | * GNU Free Documentation License:: The license for this documentation. |
c154c0be MO |
65 | @end menu |
66 | ||
67 | @node Overview | |
68 | @chapter Overview | |
69 | ||
70 | EasyPG Assistant provides the following features. | |
71 | ||
72 | @itemize @bullet | |
34a3c587 | 73 | @item Key management. |
c154c0be MO |
74 | @item Cryptographic operations on regions. |
75 | @item Cryptographic operations on files. | |
76 | @item Dired integration. | |
77 | @item Mail-mode integration. | |
78 | @item Automatic encryption/decryption of *.gpg files. | |
79 | @end itemize | |
80 | ||
81 | @node Quick start | |
82 | @chapter Quick start | |
83 | ||
5a8d03e9 | 84 | EasyPG Assistant commands are prefixed by @samp{epa-}. For example, |
c154c0be MO |
85 | |
86 | @itemize @bullet | |
87 | @item To browse your keyring, type @kbd{M-x epa-list-keys} | |
88 | ||
89 | @item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region} | |
5a8d03e9 MO |
90 | |
91 | @item To encrypt a file, type @kbd{M-x epa-encrypt-file} | |
c154c0be MO |
92 | @end itemize |
93 | ||
5a8d03e9 MO |
94 | EasyPG Assistant provides several cryptographic features which can be |
95 | integrated into other Emacs functionalities. For example, automatic | |
96 | encryption/decryption of @samp{*.gpg} files. | |
97 | ||
c154c0be MO |
98 | @node Commands |
99 | @chapter Commands | |
100 | ||
101 | This chapter introduces various commands for typical use cases. | |
102 | ||
103 | @menu | |
1df7defd PE |
104 | * Key management:: |
105 | * Cryptographic operations on regions:: | |
106 | * Cryptographic operations on files:: | |
107 | * Dired integration:: | |
108 | * Mail-mode integration:: | |
55f612f0 | 109 | * Encrypting/decrypting gpg files:: |
c154c0be MO |
110 | @end menu |
111 | ||
112 | @node Key management | |
113 | @section Key management | |
114 | Probably the first step of using EasyPG Assistant is to browse your | |
115 | keyring. @kbd{M-x epa-list-keys} is corresponding to @samp{gpg | |
116 | --list-keys} from the command line. | |
117 | ||
118 | @deffn Command epa-list-keys name mode | |
119 | Show all keys matched with @var{name} from the public keyring. | |
120 | @end deffn | |
121 | ||
122 | @noindent | |
123 | The output looks as follows. | |
124 | ||
125 | @example | |
126 | u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org> | |
127 | @end example | |
128 | ||
129 | @noindent | |
130 | A character on the leftmost column indicates the trust level of the | |
131 | key. If it is @samp{u}, the key is marked as ultimately trusted. The | |
132 | second column is the key ID, and the rest is the user ID. | |
133 | ||
134 | You can move over entries by @key{TAB}. If you type @key{RET} or | |
135 | click button1 on an entry, you will see more detailed information | |
136 | about the key you selected. | |
137 | ||
138 | @example | |
139 | u Daiki Ueno <ueno@@unixuser.org> | |
140 | u A5B6B2D4B15813FE 1024bits DSA | |
b1fbbb32 GM |
141 | Created: 2001-10-09 |
142 | Expires: 2007-09-04 | |
143 | Capabilities: sign certify | |
144 | Fingerprint: 8003 7CD0 0F1A 9400 03CA 50AA A5B6 B2D4 B158 13FE | |
c154c0be | 145 | u 4447461B2A9BEA2D 2048bits ELGAMAL_E |
b1fbbb32 GM |
146 | Created: 2001-10-09 |
147 | Expires: 2007-09-04 | |
148 | Capabilities: encrypt | |
149 | Fingerprint: 9003 D76B 73B7 4A8A E588 10AF 4447 461B 2A9B EA2D | |
c154c0be MO |
150 | @end example |
151 | ||
152 | @noindent | |
153 | To browse your private keyring, use @kbd{M-x epa-list-secret-keys}. | |
154 | ||
155 | @deffn Command epa-list-secret-keys name | |
156 | Show all keys matched with @var{name} from the private keyring. | |
157 | @end deffn | |
158 | ||
159 | @noindent | |
160 | In @samp{*Keys*} buffer, several commands are available. The common | |
161 | use case is to export some keys to a file. To do that, type @kbd{m} | |
162 | to select keys, type @kbd{o}, and then supply the filename. | |
163 | ||
164 | Below are other commands related to key management. Some of them take | |
165 | a file as input/output, and others take the current region. | |
166 | ||
167 | @deffn Command epa-insert-keys keys | |
168 | Insert selected @var{keys} after the point. It will let you select | |
169 | keys before insertion. By default, it will encode keys in the OpenPGP | |
170 | armor format. | |
171 | @end deffn | |
172 | ||
173 | @deffn Command epa-import-keys file | |
174 | Import keys from @var{file} to your keyring. | |
175 | @end deffn | |
176 | ||
177 | @deffn Command epa-import-keys-region start end | |
178 | Import keys from the current region between @var{start} and @var{end} | |
179 | to your keyring. | |
180 | @end deffn | |
181 | ||
182 | @deffn Command epa-import-armor-in-region start end | |
183 | Import keys in the OpenPGP armor format in the current region between | |
184 | @var{start} and @var{end}. The difference from | |
185 | @code{epa-import-keys-region} is that | |
186 | @code{epa-import-armor-in-region} searches armors in the region and | |
187 | applies @code{epa-import-keys-region} to each of them. | |
188 | @end deffn | |
189 | ||
190 | @deffn Command epa-delete-keys allow-secret | |
191 | Delete selected keys. If @var{allow-secret} is non-@code{nil}, it | |
192 | also delete the secret keys. | |
193 | @end deffn | |
194 | ||
195 | @node Cryptographic operations on regions | |
196 | @section Cryptographic operations on regions | |
197 | ||
198 | @deffn Command epa-decrypt-region start end | |
199 | Decrypt the current region between @var{start} and @var{end}. It | |
200 | replaces the region with the decrypted text. | |
201 | @end deffn | |
202 | ||
203 | @deffn Command epa-decrypt-armor-in-region start end | |
204 | Decrypt OpenPGP armors in the current region between @var{start} and | |
205 | @var{end}. The difference from @code{epa-decrypt-region} is that | |
206 | @code{epa-decrypt-armor-in-region} searches armors in the region | |
207 | and applies @code{epa-decrypt-region} to each of them. That is, this | |
208 | command does not alter the original text around armors. | |
209 | @end deffn | |
210 | ||
211 | @deffn Command epa-verify-region start end | |
212 | Verify the current region between @var{start} and @var{end}. It sends | |
213 | the verification result to the minibuffer or a popup window. It | |
214 | replaces the region with the signed text. | |
215 | @end deffn | |
216 | ||
217 | @deffn Command epa-verify-cleartext-in-region | |
218 | Verify OpenPGP cleartext blocks in the current region between | |
219 | @var{start} and @var{end}. The difference from | |
220 | @code{epa-verify-region} is that @code{epa-verify-cleartext-in-region} | |
221 | searches OpenPGP cleartext blocks in the region and applies | |
222 | @code{epa-verify-region} to each of them. That is, this command does | |
223 | not alter the original text around OpenPGP cleartext blocks. | |
224 | @end deffn | |
225 | ||
226 | @deffn Command epa-sign-region start end signers type | |
227 | Sign the current region between @var{start} and @var{end}. By | |
228 | default, it creates a cleartext signature. If a prefix argument is | |
229 | given, it will let you select signing keys, and then a signature | |
230 | type. | |
231 | @end deffn | |
232 | ||
233 | @deffn Command epa-encrypt-region start end recipients sign signers | |
234 | Encrypt the current region between @var{start} and @var{end}. It will | |
235 | let you select recipients. If a prefix argument is given, it will | |
236 | also ask you whether or not to sign the text before encryption and if | |
237 | you answered yes, it will let you select the signing keys. | |
238 | @end deffn | |
239 | ||
240 | @node Cryptographic operations on files | |
241 | @section Cryptographic operations on files | |
242 | ||
243 | @deffn Command epa-decrypt-file file | |
244 | Decrypt @var{file}. | |
245 | @end deffn | |
246 | ||
247 | @deffn Command epa-verify-file file | |
248 | Verify @var{file}. | |
249 | @end deffn | |
250 | ||
251 | @deffn Command epa-sign-file file signers type | |
252 | Sign @var{file}. If a prefix argument is given, it will let you | |
253 | select signing keys, and then a signature type. | |
254 | @end deffn | |
255 | ||
256 | @deffn Command epa-encrypt-file file recipients | |
257 | Encrypt @var{file}. It will let you select recipients. | |
258 | @end deffn | |
259 | ||
260 | @node Dired integration | |
261 | @section Dired integration | |
262 | ||
263 | EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to | |
264 | easily do cryptographic operations on files. For example, | |
265 | ||
266 | @example | |
267 | M-x dired | |
268 | (mark some files) | |
269 | : e (or M-x epa-dired-do-encrypt) | |
270 | (select recipients by 'm' and click [OK]) | |
271 | @end example | |
272 | ||
273 | @noindent | |
274 | The following keys are assigned. | |
275 | ||
276 | @table @kbd | |
277 | @item : d | |
278 | @kindex @kbd{: d} | |
279 | @findex epa-dired-do-decrypt | |
280 | Decrypt marked files. | |
281 | ||
282 | @item : v | |
283 | @kindex @kbd{: v} | |
284 | @findex epa-dired-do-verify | |
285 | Verify marked files. | |
286 | ||
287 | @item : s | |
288 | @kindex @kbd{: s} | |
289 | @findex epa-dired-do-sign | |
290 | Sign marked files. | |
291 | ||
292 | @item : e | |
293 | @kindex @kbd{: e} | |
294 | @findex epa-dired-do-encrypt | |
295 | Encrypt marked files. | |
296 | ||
297 | @end table | |
298 | ||
299 | @node Mail-mode integration | |
300 | @section Mail-mode integration | |
301 | ||
3b7ab45f | 302 | EasyPG Assistant provides a minor mode @code{epa-mail-mode} to help |
c05c2b9b DU |
303 | user compose inline OpenPGP messages. Inline OpenPGP is a traditional |
304 | style of sending signed/encrypted emails by embedding raw OpenPGP | |
305 | blobs inside a message body, not using modern MIME format. | |
3b7ab45f | 306 | |
c05c2b9b | 307 | NOTE: Inline OpenPGP is not recommended and you should consider to use |
1df7defd | 308 | PGP/MIME@. See |
c154c0be | 309 | @uref{http://josefsson.org/inline-openpgp-considered-harmful.html, |
c05c2b9b | 310 | Inline OpenPGP in E-mail is bad@comma{} Mm'kay?}. |
c154c0be MO |
311 | |
312 | @noindent | |
0f215bca DU |
313 | Once @code{epa-mail-mode} is enabled, the following keys are assigned. |
314 | You can do it by @kbd{C-u 1 M-x epa-mail-mode} or through the Customize | |
315 | interface. Try @kbd{M-x customize-variable epa-global-mail-mode}. | |
c154c0be MO |
316 | |
317 | @table @kbd | |
d85d3b3a DU |
318 | @item C-c C-e C-d and C-c C-e d |
319 | @kindex @kbd{C-c C-e C-d} | |
c154c0be MO |
320 | @kindex @kbd{C-c C-e d} |
321 | @findex epa-mail-decrypt | |
322 | Decrypt OpenPGP armors in the current buffer. | |
323 | ||
d85d3b3a DU |
324 | @item C-c C-e C-v and C-c C-e v |
325 | @kindex @kbd{C-c C-e C-v} | |
c154c0be MO |
326 | @kindex @kbd{C-c C-e v} |
327 | @findex epa-mail-verify | |
328 | Verify OpenPGP cleartext signed messages in the current buffer. | |
329 | ||
d85d3b3a DU |
330 | @item C-c C-e C-s and C-c C-e s |
331 | @kindex @kbd{C-c C-e C-s} | |
c154c0be MO |
332 | @kindex @kbd{C-c C-e s} |
333 | @findex epa-mail-sign | |
334 | Compose a signed message from the current buffer. | |
335 | ||
d85d3b3a DU |
336 | @item C-c C-e C-e and C-c C-e e |
337 | @kindex @kbd{C-c C-e C-e} | |
c154c0be MO |
338 | @kindex @kbd{C-c C-e e} |
339 | @findex epa-mail-encrypt | |
340 | Compose an encrypted message from the current buffer. | |
7a603b73 DU |
341 | By default it tries to build the recipient list from @samp{to}, |
342 | @samp{cc}, and @samp{bcc} fields of the mail header. To include your | |
343 | key in the recipient list, use @samp{encrypt-to} option in | |
344 | @file{~/.gnupg/gpg.conf}. | |
c154c0be MO |
345 | |
346 | @end table | |
347 | ||
55f612f0 GM |
348 | @node Encrypting/decrypting gpg files |
349 | @section Encrypting/decrypting gpg files | |
8b358e90 DU |
350 | By default, every file whose name ends with @samp{.gpg} will be |
351 | treated as encrypted. That is, when you open such a file, the | |
352 | decrypted text is inserted in the buffer rather than encrypted one. | |
353 | Similarly, when you save the buffer to a @samp{foo.gpg} file, | |
354 | encrypted data is written. | |
c154c0be | 355 | |
8b358e90 DU |
356 | The file name pattern for encrypted files can be controlled by |
357 | @var{epa-file-name-regexp}. | |
358 | ||
359 | @defvar epa-file-name-regexp | |
360 | Regexp which matches filenames treated as encrypted. | |
361 | @end defvar | |
362 | ||
363 | You can disable this behavior with @kbd{M-x epa-file-disable}, and | |
364 | then get it back with @kbd{M-x epa-file-enable}. | |
c154c0be MO |
365 | |
366 | @deffn Command epa-file-disable | |
367 | Disable automatic encryption/decryption of *.gpg files. | |
368 | @end deffn | |
369 | ||
370 | @deffn Command epa-file-enable | |
371 | Enable automatic encryption/decryption of *.gpg files. | |
372 | @end deffn | |
373 | ||
374 | @noindent | |
8b358e90 DU |
375 | By default, @code{epa-file} will try to use symmetric encryption, aka |
376 | password-based encryption. If you want to use public key encryption | |
377 | instead, do @kbd{M-x epa-file-select-keys}, which will pops up the key | |
378 | selection dialog. | |
379 | ||
380 | @deffn Command epa-file-select-keys | |
381 | Select recipient keys to encrypt the currently visiting file with | |
382 | public key encryption. | |
383 | @end deffn | |
384 | ||
385 | You can also change the default behavior with the variable | |
386 | @var{epa-file-select-keys}. | |
387 | ||
388 | @defvar epa-file-select-keys | |
389 | Control whether or not to pop up the key selection dialog. | |
390 | @end defvar | |
391 | ||
392 | For frequently visited files, it might be a good idea to tell Emacs | |
393 | which encryption method should be used through @xref{File Variables, , | |
394 | , emacs, the Emacs Manual}. Use the @code{epa-file-encrypt-to} local | |
395 | variable for this. | |
c154c0be MO |
396 | @vindex epa-file-encrypt-to |
397 | ||
8b358e90 DU |
398 | For example, if you want an Elisp file should be encrypted with a |
399 | public key associated with an email address @samp{ueno@@unixuser.org}, | |
400 | add the following line to the beginning of the file. | |
401 | ||
c154c0be MO |
402 | @cartouche |
403 | @lisp | |
404 | ;; -*- epa-file-encrypt-to: ("ueno@@unixuser.org") -*- | |
405 | @end lisp | |
406 | @end cartouche | |
407 | ||
8b358e90 DU |
408 | Instead, if you want the file always (regardless of the value of the |
409 | @code{epa-file-select-keys} variable) encrypted with symmetric | |
410 | encryption, change the line as follows. | |
2c6c404a | 411 | |
8b358e90 DU |
412 | @cartouche |
413 | @lisp | |
414 | ;; -*- epa-file-encrypt-to: nil -*- | |
415 | @end lisp | |
416 | @end cartouche | |
2c6c404a | 417 | |
c154c0be MO |
418 | Other variables which control the automatic encryption/decryption |
419 | behavior are below. | |
420 | ||
421 | @defvar epa-file-cache-passphrase-for-symmetric-encryption | |
422 | If non-@code{nil}, cache passphrase for symmetric encryption. The | |
423 | default value is @code{nil}. | |
424 | @end defvar | |
425 | ||
426 | @defvar epa-file-inhibit-auto-save | |
427 | If non-@code{nil}, disable auto-saving when opening an encrypted file. | |
428 | The default value is @code{t}. | |
429 | @end defvar | |
430 | ||
65f54520 DU |
431 | @node Caching Passphrases |
432 | @chapter Caching Passphrases | |
433 | ||
434 | Typing passphrases is an irritating task if you frequently open and | |
435 | close the same file. GnuPG and EasyPG Assistant provide mechanisms to | |
436 | remember your passphrases. However, the configuration is a bit | |
437 | confusing since it depends on your GnuPG installation (GnuPG version 1 or | |
438 | GnuPG version 2), encryption method (symmetric or public key), and whether or | |
439 | not you want to use gpg-agent. Here are some questions: | |
440 | ||
441 | @enumerate | |
442 | @item Do you use GnuPG version 2 instead of GnuPG version 1? | |
443 | @item Do you use symmetric encryption rather than public key encryption? | |
444 | @item Do you want to use gpg-agent? | |
445 | @end enumerate | |
446 | ||
447 | Here are configurations depending on your answers: | |
448 | ||
449 | @multitable {111} {222} {333} {configuration configuration configuration} | |
450 | @item @b{1} @tab @b{2} @tab @b{3} @tab Configuration | |
98e2b864 | 451 | @item Yes @tab Yes @tab Yes @tab Set up gpg-agent. |
65f54520 | 452 | @item Yes @tab Yes @tab No @tab You can't, without gpg-agent. |
98e2b864 | 453 | @item Yes @tab No @tab Yes @tab Set up gpg-agent. |
65f54520 DU |
454 | @item Yes @tab No @tab No @tab You can't, without gpg-agent. |
455 | @item No @tab Yes @tab Yes @tab Set up elisp passphrase cache. | |
456 | @item No @tab Yes @tab No @tab Set up elisp passphrase cache. | |
98e2b864 | 457 | @item No @tab No @tab Yes @tab Set up gpg-agent. |
65f54520 DU |
458 | @item No @tab No @tab No @tab You can't, without gpg-agent. |
459 | @end multitable | |
460 | ||
98e2b864 | 461 | To set up gpg-agent, follow the instruction in GnuPG manual. |
65f54520 DU |
462 | @pxref{Invoking GPG-AGENT, , Invoking GPG-AGENT, gnupg}. |
463 | ||
464 | To set up elisp passphrase cache, set | |
465 | @code{epa-file-cache-passphrase-for-symmetric-encryption}. | |
55f612f0 | 466 | @xref{Encrypting/decrypting gpg files}. |
65f54520 | 467 | |
b9476c04 DU |
468 | @node Bug Reports |
469 | @chapter Bug Reports | |
470 | ||
471 | Bugs and problems with EasyPG Assistant are actively worked on by the | |
472 | Emacs development team. Feature requests and suggestions are also | |
473 | more than welcome. Use @kbd{M-x report-emacs-bug}, @pxref{Bugs, , | |
474 | Bugs, emacs, Reporting Bugs}. | |
475 | ||
476 | When submitting a bug report, please try to describe in excruciating | |
477 | detail the steps required to reproduce the problem. Also try to | |
478 | collect necessary information to fix the bug, such as: | |
479 | ||
480 | @itemize @bullet | |
481 | @item the GnuPG version. Send the output of @samp{gpg --version}. | |
482 | @item the GnuPG configuration. Send the contents of @file{~/.gnupg/gpg.conf}. | |
483 | @end itemize | |
484 | ||
485 | Before reporting the bug, you should set @code{epg-debug} in the | |
486 | @file{~/.emacs} file and repeat the bug. Then, include the contents | |
487 | of the @samp{ *epg-debug*} buffer. Note that the first letter of the | |
488 | buffer name is a whitespace. | |
489 | ||
0b1af106 GM |
490 | @node GNU Free Documentation License |
491 | @appendix GNU Free Documentation License | |
492 | @include doclicense.texi | |
493 | ||
c154c0be MO |
494 | @bye |
495 | ||
496 | @c End: |