[bpt/emacs.git] / doc / misc / epa.texi

\input texinfo                  @c -*- mode: texinfo -*-
@c %**start of header
@setfilename ../../info/epa
@settitle EasyPG Assistant User's Manual
@c %**end of header

@set VERSION 1.0.0

@copying
This file describes EasyPG Assistant.

Copyright @copyright{} 2007, 2008 Free Software Foundation, Inc.

@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
Texts.  A copy of the license is included in the section entitled "GNU
Free Documentation License".
@end quotation
@end copying

@dircategory Emacs
@direntry
* EasyPG Assistant: (epa).   An Emacs user interface to GNU Privacy Guard.
@end direntry


@titlepage
@title EasyPG Assistant

@author by Daiki Ueno
@page

@vskip 0pt plus 1filll
@insertcopying
@end titlepage
@page

@c @summarycontents
@c @contents

@node Top
@top EasyPG Assistant user's manual

EasyPG Assistant is an Emacs user interface to GNU Privacy Guard
(GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}).

EasyPG Assistant is a part of the package called EasyPG, an all-in-one
GnuPG interface for Emacs.  EasyPG also contains the library interface
called EasyPG Library.

@noindent
This manual covers EasyPG version @value{VERSION}.

@menu
* Overview::                    
* Quick start::                 
* Commands::               
@end menu

@node  Overview
@chapter Overview

EasyPG Assistant provides the following features.

@itemize @bullet
@item Key manegement.
@item Cryptographic operations on regions.
@item Cryptographic operations on files.
@item Dired integration.
@item Mail-mode integration.
@item Automatic encryption/decryption of *.gpg files.
@end itemize

@node  Quick start
@chapter Quick start

To install, just follow the standard CMMI installation instructions.

@cartouche
@example
$ ./configure
$ sudo make install
@end example
@end cartouche

@noindent
Then, add the following line to your @file{~/.emacs}

@cartouche
@lisp
(require 'epa-setup)
@end lisp
@end cartouche

@noindent
That's all.  Restart emacs and type @kbd{M-x epa- @key{TAB}}, and you will see a
lot of commands available.  For example,

@itemize @bullet
@item To browse your keyring, type @kbd{M-x epa-list-keys}

@item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region}
@end itemize

@node Commands
@chapter Commands

This chapter introduces various commands for typical use cases.

@menu
* Key management::              
* Cryptographic operations on regions::  
* Cryptographic operations on files::  
* Dired integration::           
* Mail-mode integration::       
* Encrypting/decrypting *.gpg files::  
@end menu

@node Key management
@section Key management
Probably the first step of using EasyPG Assistant is to browse your
keyring.  @kbd{M-x epa-list-keys} is corresponding to @samp{gpg
--list-keys} from the command line.

@deffn Command epa-list-keys name mode
Show all keys matched with @var{name} from the public keyring.
@end deffn

@noindent
The output looks as follows.

@example
  u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org>
@end example

@noindent
A character on the leftmost column indicates the trust level of the
key.  If it is @samp{u}, the key is marked as ultimately trusted.  The
second column is the key ID, and the rest is the user ID.

You can move over entries by @key{TAB}.  If you type @key{RET} or
click button1 on an entry, you will see more detailed information
about the key you selected.

@example
 u Daiki Ueno <ueno@@unixuser.org>
 u A5B6B2D4B15813FE 1024bits DSA
	Created: 2001-10-09
	Expires: 2007-09-04
	Capabilities: sign certify
	Fingerprint: 8003 7CD0 0F1A 9400 03CA  50AA A5B6 B2D4 B158 13FE
 u 4447461B2A9BEA2D 2048bits ELGAMAL_E
	Created: 2001-10-09
	Expires: 2007-09-04
	Capabilities: encrypt
	Fingerprint: 9003 D76B 73B7 4A8A E588  10AF 4447 461B 2A9B EA2D
@end example

@noindent
To browse your private keyring, use @kbd{M-x epa-list-secret-keys}.

@deffn Command epa-list-secret-keys name
Show all keys matched with @var{name} from the private keyring.
@end deffn

@noindent
In @samp{*Keys*} buffer, several commands are available.  The common
use case is to export some keys to a file.  To do that, type @kbd{m}
to select keys, type @kbd{o}, and then supply the filename.

Below are other commands related to key management.  Some of them take
a file as input/output, and others take the current region.

@deffn Command epa-insert-keys keys
Insert selected @var{keys} after the point.  It will let you select
keys before insertion.  By default, it will encode keys in the OpenPGP
armor format.
@end deffn

@deffn Command epa-import-keys file
Import keys from @var{file} to your keyring.
@end deffn

@deffn Command epa-import-keys-region start end
Import keys from the current region between @var{start} and @var{end}
to your keyring.
@end deffn

@deffn Command epa-import-armor-in-region start end
Import keys in the OpenPGP armor format in the current region between
@var{start} and @var{end}.  The difference from
@code{epa-import-keys-region} is that
@code{epa-import-armor-in-region} searches armors in the region and
applies @code{epa-import-keys-region} to each of them.
@end deffn

@deffn Command epa-delete-keys allow-secret
Delete selected keys.  If @var{allow-secret} is non-@code{nil}, it
also delete the secret keys.
@end deffn

@node Cryptographic operations on regions
@section Cryptographic operations on regions

@deffn Command epa-decrypt-region start end
Decrypt the current region between @var{start} and @var{end}.  It
replaces the region with the decrypted text.
@end deffn

@deffn Command epa-decrypt-armor-in-region start end
Decrypt OpenPGP armors in the current region between @var{start} and
@var{end}.  The difference from @code{epa-decrypt-region} is that
@code{epa-decrypt-armor-in-region} searches armors in the region
and applies @code{epa-decrypt-region} to each of them.  That is, this
command does not alter the original text around armors.
@end deffn

@deffn Command epa-verify-region start end
Verify the current region between @var{start} and @var{end}.  It sends
the verification result to the minibuffer or a popup window.  It
replaces the region with the signed text.
@end deffn

@deffn Command epa-verify-cleartext-in-region
Verify OpenPGP cleartext blocks in the current region between
@var{start} and @var{end}.  The difference from
@code{epa-verify-region} is that @code{epa-verify-cleartext-in-region}
searches OpenPGP cleartext blocks in the region and applies
@code{epa-verify-region} to each of them.  That is, this command does
not alter the original text around OpenPGP cleartext blocks.
@end deffn

@deffn Command epa-sign-region start end signers type
Sign the current region between @var{start} and @var{end}.  By
default, it creates a cleartext signature.  If a prefix argument is
given, it will let you select signing keys, and then a signature
type.
@end deffn

@deffn Command epa-encrypt-region start end recipients sign signers
Encrypt the current region between @var{start} and @var{end}.  It will
let you select recipients.  If a prefix argument is given, it will
also ask you whether or not to sign the text before encryption and if
you answered yes, it will let you select the signing keys.
@end deffn

@node Cryptographic operations on files
@section Cryptographic operations on files

@deffn Command epa-decrypt-file file
Decrypt @var{file}.
@end deffn

@deffn Command epa-verify-file file
Verify @var{file}.
@end deffn

@deffn Command epa-sign-file file signers type
Sign @var{file}.  If a prefix argument is given, it will let you
select signing keys, and then a signature type.
@end deffn

@deffn Command epa-encrypt-file file recipients
Encrypt @var{file}.  It will let you select recipients.
@end deffn

@node Dired integration
@section Dired integration

EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to
easily do cryptographic operations on files.  For example,

@example
M-x dired
(mark some files)
: e (or M-x epa-dired-do-encrypt)
(select recipients by 'm' and click [OK])
@end example

@noindent
The following keys are assigned.

@table @kbd
@item : d
@kindex @kbd{: d}
@findex epa-dired-do-decrypt
Decrypt marked files.

@item : v
@kindex @kbd{: v}
@findex epa-dired-do-verify
Verify marked files.

@item : s
@kindex @kbd{: s}
@findex epa-dired-do-sign
Sign marked files.

@item : e
@kindex @kbd{: e}
@findex epa-dired-do-encrypt
Encrypt marked files.

@end table

@node Mail-mode integration
@section Mail-mode integration

EasyPG Assistant provides a minor mode to help user compose inline PGP
messages.  Inline PGP is sending the OpenPGP blobs directly inside a
mail message and it is not recommended and you should consider to use
PGP/MIME.  See
@uref{http://josefsson.org/inline-openpgp-considered-harmful.html,
Inline PGP in E-mail is bad, Mm'kay?}.

@noindent
The following keys are assigned.

@table @kbd
@item C-c C-e d
@kindex @kbd{C-c C-e d}
@findex epa-mail-decrypt
Decrypt OpenPGP armors in the current buffer.

@item C-c C-e v
@kindex @kbd{C-c C-e v}
@findex epa-mail-verify
Verify OpenPGP cleartext signed messages in the current buffer.

@item C-c C-e s
@kindex @kbd{C-c C-e s}
@findex epa-mail-sign
Compose a signed message from the current buffer.

@item C-c C-e e
@kindex @kbd{C-c C-e e}
@findex epa-mail-encrypt
Compose an encrypted message from the current buffer.

@end table

@node Encrypting/decrypting *.gpg files
@section Encrypting/decrypting *.gpg files
Once @code{epa-setup} is loaded, every file whose extension is
@samp{.gpg} will be treated as encrypted.  That is, when you attempt
to open such a file which already exists, the decrypted text is
inserted in the buffer rather than encrypted one.  On the other hand,
when you attempt to save the buffer to a file whose extension is
@samp{.gpg}, encrypted data is written.

If you want to temporarily disable this behavior, use @kbd{M-x
epa-file-disable}, and then to enable this behavior use @kbd{M-x
epa-file-enable}.

@deffn Command epa-file-disable
Disable automatic encryption/decryption of *.gpg files.
@end deffn

@deffn Command epa-file-enable
Enable automatic encryption/decryption of *.gpg files.
@end deffn

@noindent
@code{epa-file} will let you select recipients.  If you want to
suppress this question, it might be a good idea to put the following
line on the first line of the text being encrypted.
@vindex epa-file-encrypt-to

@cartouche
@lisp
;; -*- epa-file-encrypt-to: ("ueno@@unixuser.org") -*-
@end lisp
@end cartouche

Other variables which control the automatic encryption/decryption
behavior are below.

@defvar epa-file-cache-passphrase-for-symmetric-encryption
If non-@code{nil}, cache passphrase for symmetric encryption.  The
default value is @code{nil}.
@end defvar

@defvar epa-file-inhibit-auto-save
If non-@code{nil}, disable auto-saving when opening an encrypted file.
The default value is @code{t}.
@end defvar

@bye

@c End:
Commit	Line	Data
c154c0be MO	1	\input texinfo @c -- mode: texinfo --
	2	@c %**start of header
	3	@setfilename ../../info/epa
	4	@settitle EasyPG Assistant User's Manual
	5	@c %**end of header
	6
	7	@set VERSION 1.0.0
	8
	9	@copying
	10	This file describes EasyPG Assistant.
	11
	12	Copyright @copyright{} 2007, 2008 Free Software Foundation, Inc.
	13
	14	@quotation
	15	Permission is granted to copy, distribute and/or modify this document
	16	under the terms of the GNU Free Documentation License, Version 1.2 or
	17	any later version published by the Free Software Foundation; with no
	18	Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
	19	Texts. A copy of the license is included in the section entitled "GNU
	20	Free Documentation License".
	21	@end quotation
	22	@end copying
	23
	24	@dircategory Emacs
	25	@direntry
	26	* EasyPG Assistant: (epa). An Emacs user interface to GNU Privacy Guard.
	27	@end direntry
	28
	29
	30	@titlepage
	31	@title EasyPG Assistant
	32
	33	@author by Daiki Ueno
	34	@page
	35
	36	@vskip 0pt plus 1filll
	37	@insertcopying
	38	@end titlepage
	39	@page
	40
	41	@c @summarycontents
	42	@c @contents
	43
	44	@node Top
	45	@top EasyPG Assistant user's manual
	46
	47	EasyPG Assistant is an Emacs user interface to GNU Privacy Guard
	48	(GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}).
	49
	50	EasyPG Assistant is a part of the package called EasyPG, an all-in-one
	51	GnuPG interface for Emacs. EasyPG also contains the library interface
	52	called EasyPG Library.
	53
	54	@noindent
	55	This manual covers EasyPG version @value{VERSION}.
	56
	57	@menu
	58	* Overview::
	59	* Quick start::
	60	* Commands::
	61	@end menu
	62
	63	@node Overview
	64	@chapter Overview
65
66	EasyPG Assistant provides the following features.
67
68	@itemize @bullet
69	@item Key manegement.
70	@item Cryptographic operations on regions.
71	@item Cryptographic operations on files.
72	@item Dired integration.
73	@item Mail-mode integration.
74	@item Automatic encryption/decryption of *.gpg files.
75	@end itemize
76
77	@node Quick start
78	@chapter Quick start
79
80	To install, just follow the standard CMMI installation instructions.
81
82	@cartouche
83	@example
84	$ ./configure
85	$ sudo make install
86	@end example
87	@end cartouche
88
89	@noindent
90	Then, add the following line to your @file{~/.emacs}
91
92	@cartouche
93	@lisp
94	(require 'epa-setup)
95	@end lisp
96	@end cartouche
97
98	@noindent
99	That's all. Restart emacs and type @kbd{M-x epa- @key{TAB}}, and you will see a
100	lot of commands available. For example,
101
102	@itemize @bullet
103	@item To browse your keyring, type @kbd{M-x epa-list-keys}
104
105	@item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region}
106	@end itemize
107
108	@node Commands
109	@chapter Commands
110
111	This chapter introduces various commands for typical use cases.
112
113	@menu
114	* Key management::
115	* Cryptographic operations on regions::
116	* Cryptographic operations on files::
117	* Dired integration::
118	* Mail-mode integration::
119	* Encrypting/decrypting *.gpg files::
120	@end menu
121
122	@node Key management
123	@section Key management
124	Probably the first step of using EasyPG Assistant is to browse your
125	keyring. @kbd{M-x epa-list-keys} is corresponding to @samp{gpg
126	--list-keys} from the command line.
127
128	@deffn Command epa-list-keys name mode
129	Show all keys matched with @var{name} from the public keyring.
130	@end deffn
131
132	@noindent
133	The output looks as follows.
134
135	@example
136	u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org>
137	@end example
138
139	@noindent
140	A character on the leftmost column indicates the trust level of the
141	key. If it is @samp{u}, the key is marked as ultimately trusted. The
142	second column is the key ID, and the rest is the user ID.
143
144	You can move over entries by @key{TAB}. If you type @key{RET} or
145	click button1 on an entry, you will see more detailed information
146	about the key you selected.
147
148	@example
149	u Daiki Ueno <ueno@@unixuser.org>
150	u A5B6B2D4B15813FE 1024bits DSA
151	Created: 2001-10-09
152	Expires: 2007-09-04
153	Capabilities: sign certify
154	Fingerprint: 8003 7CD0 0F1A 9400 03CA 50AA A5B6 B2D4 B158 13FE
155	u 4447461B2A9BEA2D 2048bits ELGAMAL_E
156	Created: 2001-10-09
157	Expires: 2007-09-04
158	Capabilities: encrypt
159	Fingerprint: 9003 D76B 73B7 4A8A E588 10AF 4447 461B 2A9B EA2D
160	@end example
161
162	@noindent
163	To browse your private keyring, use @kbd{M-x epa-list-secret-keys}.
164
165	@deffn Command epa-list-secret-keys name
166	Show all keys matched with @var{name} from the private keyring.
167	@end deffn
168
169	@noindent
170	In @samp{Keys} buffer, several commands are available. The common
171	use case is to export some keys to a file. To do that, type @kbd{m}
172	to select keys, type @kbd{o}, and then supply the filename.
173
174	Below are other commands related to key management. Some of them take
175	a file as input/output, and others take the current region.
176
177	@deffn Command epa-insert-keys keys
178	Insert selected @var{keys} after the point. It will let you select
179	keys before insertion. By default, it will encode keys in the OpenPGP
180	armor format.
181	@end deffn
182
183	@deffn Command epa-import-keys file
184	Import keys from @var{file} to your keyring.
185	@end deffn
186
187	@deffn Command epa-import-keys-region start end
188	Import keys from the current region between @var{start} and @var{end}
189	to your keyring.
190	@end deffn
191
192	@deffn Command epa-import-armor-in-region start end
193	Import keys in the OpenPGP armor format in the current region between
194	@var{start} and @var{end}. The difference from
195	@code{epa-import-keys-region} is that
196	@code{epa-import-armor-in-region} searches armors in the region and
197	applies @code{epa-import-keys-region} to each of them.
198	@end deffn
199
200	@deffn Command epa-delete-keys allow-secret
201	Delete selected keys. If @var{allow-secret} is non-@code{nil}, it
202	also delete the secret keys.
203	@end deffn
204
205	@node Cryptographic operations on regions
206	@section Cryptographic operations on regions
207
208	@deffn Command epa-decrypt-region start end
209	Decrypt the current region between @var{start} and @var{end}. It
210	replaces the region with the decrypted text.
211	@end deffn
212
213	@deffn Command epa-decrypt-armor-in-region start end
214	Decrypt OpenPGP armors in the current region between @var{start} and
215	@var{end}. The difference from @code{epa-decrypt-region} is that
216	@code{epa-decrypt-armor-in-region} searches armors in the region
217	and applies @code{epa-decrypt-region} to each of them. That is, this
218	command does not alter the original text around armors.
219	@end deffn
220
221	@deffn Command epa-verify-region start end
222	Verify the current region between @var{start} and @var{end}. It sends
223	the verification result to the minibuffer or a popup window. It
224	replaces the region with the signed text.
225	@end deffn
226
227	@deffn Command epa-verify-cleartext-in-region
228	Verify OpenPGP cleartext blocks in the current region between
229	@var{start} and @var{end}. The difference from
230	@code{epa-verify-region} is that @code{epa-verify-cleartext-in-region}
231	searches OpenPGP cleartext blocks in the region and applies
232	@code{epa-verify-region} to each of them. That is, this command does
233	not alter the original text around OpenPGP cleartext blocks.
234	@end deffn
235
236	@deffn Command epa-sign-region start end signers type
237	Sign the current region between @var{start} and @var{end}. By
238	default, it creates a cleartext signature. If a prefix argument is
239	given, it will let you select signing keys, and then a signature
240	type.
241	@end deffn
242
243	@deffn Command epa-encrypt-region start end recipients sign signers
244	Encrypt the current region between @var{start} and @var{end}. It will
245	let you select recipients. If a prefix argument is given, it will
246	also ask you whether or not to sign the text before encryption and if
247	you answered yes, it will let you select the signing keys.
248	@end deffn
249
250	@node Cryptographic operations on files
251	@section Cryptographic operations on files
252
253	@deffn Command epa-decrypt-file file
254	Decrypt @var{file}.
255	@end deffn
256
257	@deffn Command epa-verify-file file
258	Verify @var{file}.
259	@end deffn
260
261	@deffn Command epa-sign-file file signers type
262	Sign @var{file}. If a prefix argument is given, it will let you
263	select signing keys, and then a signature type.
264	@end deffn
265
266	@deffn Command epa-encrypt-file file recipients
267	Encrypt @var{file}. It will let you select recipients.
268	@end deffn
269
270	@node Dired integration
271	@section Dired integration
272
273	EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to
274	easily do cryptographic operations on files. For example,
275
276	@example
277	M-x dired
278	(mark some files)
279	: e (or M-x epa-dired-do-encrypt)
280	(select recipients by 'm' and click [OK])
281	@end example
282
283	@noindent
284	The following keys are assigned.
285
286	@table @kbd
287	@item : d
288	@kindex @kbd{: d}
289	@findex epa-dired-do-decrypt
290	Decrypt marked files.
291
292	@item : v
293	@kindex @kbd{: v}
294	@findex epa-dired-do-verify
295	Verify marked files.
296
297	@item : s
298	@kindex @kbd{: s}
299	@findex epa-dired-do-sign
300	Sign marked files.
301
302	@item : e
303	@kindex @kbd{: e}
304	@findex epa-dired-do-encrypt
305	Encrypt marked files.
306
307	@end table
308
309	@node Mail-mode integration
310	@section Mail-mode integration
311
312	EasyPG Assistant provides a minor mode to help user compose inline PGP
313	messages. Inline PGP is sending the OpenPGP blobs directly inside a
314	mail message and it is not recommended and you should consider to use
315	PGP/MIME. See
316	@uref{http://josefsson.org/inline-openpgp-considered-harmful.html,
317	Inline PGP in E-mail is bad, Mm'kay?}.
318
319	@noindent
320	The following keys are assigned.
321
322	@table @kbd
323	@item C-c C-e d
324	@kindex @kbd{C-c C-e d}
325	@findex epa-mail-decrypt
326	Decrypt OpenPGP armors in the current buffer.
327
328	@item C-c C-e v
329	@kindex @kbd{C-c C-e v}
330	@findex epa-mail-verify
331	Verify OpenPGP cleartext signed messages in the current buffer.
332
333	@item C-c C-e s
334	@kindex @kbd{C-c C-e s}
335	@findex epa-mail-sign
336	Compose a signed message from the current buffer.
337
338	@item C-c C-e e
339	@kindex @kbd{C-c C-e e}
340	@findex epa-mail-encrypt
341	Compose an encrypted message from the current buffer.
342
343	@end table
344
345	@node Encrypting/decrypting *.gpg files
346	@section Encrypting/decrypting *.gpg files
347	Once @code{epa-setup} is loaded, every file whose extension is
348	@samp{.gpg} will be treated as encrypted. That is, when you attempt
349	to open such a file which already exists, the decrypted text is
350	inserted in the buffer rather than encrypted one. On the other hand,
351	when you attempt to save the buffer to a file whose extension is
352	@samp{.gpg}, encrypted data is written.
353
354	If you want to temporarily disable this behavior, use @kbd{M-x
355	epa-file-disable}, and then to enable this behavior use @kbd{M-x
356	epa-file-enable}.
357
358	@deffn Command epa-file-disable
359	Disable automatic encryption/decryption of *.gpg files.
360	@end deffn
361
362	@deffn Command epa-file-enable
363	Enable automatic encryption/decryption of *.gpg files.
364	@end deffn
365
366	@noindent
367	@code{epa-file} will let you select recipients. If you want to
368	suppress this question, it might be a good idea to put the following
369	line on the first line of the text being encrypted.
370	@vindex epa-file-encrypt-to
371
372	@cartouche
373	@lisp
374	;; -- epa-file-encrypt-to: ("ueno@@unixuser.org") --
375	@end lisp
376	@end cartouche
377
378	Other variables which control the automatic encryption/decryption
379	behavior are below.
380
381	@defvar epa-file-cache-passphrase-for-symmetric-encryption
382	If non-@code{nil}, cache passphrase for symmetric encryption. The
383	default value is @code{nil}.
384	@end defvar
385
386	@defvar epa-file-inhibit-auto-save
387	If non-@code{nil}, disable auto-saving when opening an encrypted file.
388	The default value is @code{t}.
389	@end defvar
390
391	@bye
392
393	@c End: