Commit | Line | Data |
---|---|---|
c154c0be MO |
1 | \input texinfo @c -*- mode: texinfo -*- |
2 | @c %**start of header | |
3 | @setfilename ../../info/epa | |
4 | @settitle EasyPG Assistant User's Manual | |
c6ab4664 | 5 | @documentencoding UTF-8 |
c154c0be MO |
6 | @c %**end of header |
7 | ||
8 | @set VERSION 1.0.0 | |
9 | ||
10 | @copying | |
5dc584b5 | 11 | This file describes EasyPG Assistant @value{VERSION}. |
c154c0be | 12 | |
6bc383b1 | 13 | Copyright @copyright{} 2007--2014 Free Software Foundation, Inc. |
c154c0be MO |
14 | |
15 | @quotation | |
16 | Permission is granted to copy, distribute and/or modify this document | |
6a2c4aec | 17 | under the terms of the GNU Free Documentation License, Version 1.3 or |
c154c0be | 18 | any later version published by the Free Software Foundation; with no |
cd5c05d2 GM |
19 | Invariant Sections, with the Front-Cover texts being ``A GNU Manual,'' |
20 | and with the Back-Cover Texts as in (a) below. A copy of the license | |
0b1af106 | 21 | is included in the section entitled ``GNU Free Documentation License''. |
cd5c05d2 GM |
22 | |
23 | (a) The FSF's Back-Cover Text is: ``You have the freedom to copy and | |
6bf430d1 | 24 | modify this GNU manual.'' |
c154c0be MO |
25 | @end quotation |
26 | @end copying | |
27 | ||
0c973505 | 28 | @dircategory Emacs misc features |
c154c0be | 29 | @direntry |
62e034c2 | 30 | * EasyPG Assistant: (epa). An Emacs user interface to GNU Privacy Guard. |
c154c0be MO |
31 | @end direntry |
32 | ||
c154c0be MO |
33 | @titlepage |
34 | @title EasyPG Assistant | |
35 | ||
36 | @author by Daiki Ueno | |
37 | @page | |
38 | ||
39 | @vskip 0pt plus 1filll | |
40 | @insertcopying | |
41 | @end titlepage | |
c154c0be | 42 | |
5dc584b5 | 43 | @contents |
c154c0be MO |
44 | |
45 | @node Top | |
46 | @top EasyPG Assistant user's manual | |
47 | ||
48 | EasyPG Assistant is an Emacs user interface to GNU Privacy Guard | |
49 | (GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}). | |
50 | ||
51 | EasyPG Assistant is a part of the package called EasyPG, an all-in-one | |
52 | GnuPG interface for Emacs. EasyPG also contains the library interface | |
53 | called EasyPG Library. | |
54 | ||
5dc584b5 KB |
55 | @ifnottex |
56 | @insertcopying | |
57 | @end ifnottex | |
c154c0be MO |
58 | |
59 | @menu | |
1df7defd PE |
60 | * Overview:: |
61 | * Quick start:: | |
62 | * Commands:: | |
63 | * Caching Passphrases:: | |
64 | * Bug Reports:: | |
0b1af106 | 65 | * GNU Free Documentation License:: The license for this documentation. |
c154c0be MO |
66 | @end menu |
67 | ||
68 | @node Overview | |
69 | @chapter Overview | |
70 | ||
71 | EasyPG Assistant provides the following features. | |
72 | ||
73 | @itemize @bullet | |
34a3c587 | 74 | @item Key management. |
c154c0be MO |
75 | @item Cryptographic operations on regions. |
76 | @item Cryptographic operations on files. | |
77 | @item Dired integration. | |
78 | @item Mail-mode integration. | |
79 | @item Automatic encryption/decryption of *.gpg files. | |
80 | @end itemize | |
81 | ||
82 | @node Quick start | |
83 | @chapter Quick start | |
84 | ||
5a8d03e9 | 85 | EasyPG Assistant commands are prefixed by @samp{epa-}. For example, |
c154c0be MO |
86 | |
87 | @itemize @bullet | |
88 | @item To browse your keyring, type @kbd{M-x epa-list-keys} | |
89 | ||
90 | @item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region} | |
5a8d03e9 MO |
91 | |
92 | @item To encrypt a file, type @kbd{M-x epa-encrypt-file} | |
c154c0be MO |
93 | @end itemize |
94 | ||
5a8d03e9 MO |
95 | EasyPG Assistant provides several cryptographic features which can be |
96 | integrated into other Emacs functionalities. For example, automatic | |
97 | encryption/decryption of @samp{*.gpg} files. | |
98 | ||
c154c0be MO |
99 | @node Commands |
100 | @chapter Commands | |
101 | ||
102 | This chapter introduces various commands for typical use cases. | |
103 | ||
104 | @menu | |
1df7defd PE |
105 | * Key management:: |
106 | * Cryptographic operations on regions:: | |
107 | * Cryptographic operations on files:: | |
108 | * Dired integration:: | |
109 | * Mail-mode integration:: | |
55f612f0 | 110 | * Encrypting/decrypting gpg files:: |
c154c0be MO |
111 | @end menu |
112 | ||
113 | @node Key management | |
114 | @section Key management | |
115 | Probably the first step of using EasyPG Assistant is to browse your | |
116 | keyring. @kbd{M-x epa-list-keys} is corresponding to @samp{gpg | |
117 | --list-keys} from the command line. | |
118 | ||
119 | @deffn Command epa-list-keys name mode | |
120 | Show all keys matched with @var{name} from the public keyring. | |
121 | @end deffn | |
122 | ||
123 | @noindent | |
124 | The output looks as follows. | |
125 | ||
126 | @example | |
127 | u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org> | |
128 | @end example | |
129 | ||
130 | @noindent | |
131 | A character on the leftmost column indicates the trust level of the | |
132 | key. If it is @samp{u}, the key is marked as ultimately trusted. The | |
133 | second column is the key ID, and the rest is the user ID. | |
134 | ||
135 | You can move over entries by @key{TAB}. If you type @key{RET} or | |
136 | click button1 on an entry, you will see more detailed information | |
137 | about the key you selected. | |
138 | ||
139 | @example | |
140 | u Daiki Ueno <ueno@@unixuser.org> | |
141 | u A5B6B2D4B15813FE 1024bits DSA | |
b1fbbb32 GM |
142 | Created: 2001-10-09 |
143 | Expires: 2007-09-04 | |
144 | Capabilities: sign certify | |
145 | Fingerprint: 8003 7CD0 0F1A 9400 03CA 50AA A5B6 B2D4 B158 13FE | |
c154c0be | 146 | u 4447461B2A9BEA2D 2048bits ELGAMAL_E |
b1fbbb32 GM |
147 | Created: 2001-10-09 |
148 | Expires: 2007-09-04 | |
149 | Capabilities: encrypt | |
150 | Fingerprint: 9003 D76B 73B7 4A8A E588 10AF 4447 461B 2A9B EA2D | |
c154c0be MO |
151 | @end example |
152 | ||
153 | @noindent | |
154 | To browse your private keyring, use @kbd{M-x epa-list-secret-keys}. | |
155 | ||
156 | @deffn Command epa-list-secret-keys name | |
157 | Show all keys matched with @var{name} from the private keyring. | |
158 | @end deffn | |
159 | ||
160 | @noindent | |
161 | In @samp{*Keys*} buffer, several commands are available. The common | |
162 | use case is to export some keys to a file. To do that, type @kbd{m} | |
163 | to select keys, type @kbd{o}, and then supply the filename. | |
164 | ||
165 | Below are other commands related to key management. Some of them take | |
166 | a file as input/output, and others take the current region. | |
167 | ||
168 | @deffn Command epa-insert-keys keys | |
169 | Insert selected @var{keys} after the point. It will let you select | |
170 | keys before insertion. By default, it will encode keys in the OpenPGP | |
171 | armor format. | |
172 | @end deffn | |
173 | ||
174 | @deffn Command epa-import-keys file | |
175 | Import keys from @var{file} to your keyring. | |
176 | @end deffn | |
177 | ||
178 | @deffn Command epa-import-keys-region start end | |
179 | Import keys from the current region between @var{start} and @var{end} | |
180 | to your keyring. | |
181 | @end deffn | |
182 | ||
183 | @deffn Command epa-import-armor-in-region start end | |
184 | Import keys in the OpenPGP armor format in the current region between | |
185 | @var{start} and @var{end}. The difference from | |
186 | @code{epa-import-keys-region} is that | |
187 | @code{epa-import-armor-in-region} searches armors in the region and | |
188 | applies @code{epa-import-keys-region} to each of them. | |
189 | @end deffn | |
190 | ||
191 | @deffn Command epa-delete-keys allow-secret | |
192 | Delete selected keys. If @var{allow-secret} is non-@code{nil}, it | |
193 | also delete the secret keys. | |
194 | @end deffn | |
195 | ||
196 | @node Cryptographic operations on regions | |
197 | @section Cryptographic operations on regions | |
198 | ||
199 | @deffn Command epa-decrypt-region start end | |
200 | Decrypt the current region between @var{start} and @var{end}. It | |
201 | replaces the region with the decrypted text. | |
202 | @end deffn | |
203 | ||
204 | @deffn Command epa-decrypt-armor-in-region start end | |
205 | Decrypt OpenPGP armors in the current region between @var{start} and | |
206 | @var{end}. The difference from @code{epa-decrypt-region} is that | |
207 | @code{epa-decrypt-armor-in-region} searches armors in the region | |
208 | and applies @code{epa-decrypt-region} to each of them. That is, this | |
209 | command does not alter the original text around armors. | |
210 | @end deffn | |
211 | ||
212 | @deffn Command epa-verify-region start end | |
213 | Verify the current region between @var{start} and @var{end}. It sends | |
214 | the verification result to the minibuffer or a popup window. It | |
215 | replaces the region with the signed text. | |
216 | @end deffn | |
217 | ||
218 | @deffn Command epa-verify-cleartext-in-region | |
219 | Verify OpenPGP cleartext blocks in the current region between | |
220 | @var{start} and @var{end}. The difference from | |
221 | @code{epa-verify-region} is that @code{epa-verify-cleartext-in-region} | |
222 | searches OpenPGP cleartext blocks in the region and applies | |
223 | @code{epa-verify-region} to each of them. That is, this command does | |
224 | not alter the original text around OpenPGP cleartext blocks. | |
225 | @end deffn | |
226 | ||
227 | @deffn Command epa-sign-region start end signers type | |
228 | Sign the current region between @var{start} and @var{end}. By | |
229 | default, it creates a cleartext signature. If a prefix argument is | |
230 | given, it will let you select signing keys, and then a signature | |
231 | type. | |
232 | @end deffn | |
233 | ||
234 | @deffn Command epa-encrypt-region start end recipients sign signers | |
235 | Encrypt the current region between @var{start} and @var{end}. It will | |
236 | let you select recipients. If a prefix argument is given, it will | |
237 | also ask you whether or not to sign the text before encryption and if | |
238 | you answered yes, it will let you select the signing keys. | |
239 | @end deffn | |
240 | ||
241 | @node Cryptographic operations on files | |
242 | @section Cryptographic operations on files | |
243 | ||
2c71cd64 KY |
244 | @deffn Command epa-decrypt-file file &optional output |
245 | Decrypt @var{file}. If you do not specify the name @var{output} to | |
246 | use for the decrypted file, this function prompts for the value to use. | |
c154c0be MO |
247 | @end deffn |
248 | ||
249 | @deffn Command epa-verify-file file | |
250 | Verify @var{file}. | |
251 | @end deffn | |
252 | ||
253 | @deffn Command epa-sign-file file signers type | |
254 | Sign @var{file}. If a prefix argument is given, it will let you | |
255 | select signing keys, and then a signature type. | |
256 | @end deffn | |
257 | ||
258 | @deffn Command epa-encrypt-file file recipients | |
259 | Encrypt @var{file}. It will let you select recipients. | |
260 | @end deffn | |
261 | ||
262 | @node Dired integration | |
263 | @section Dired integration | |
264 | ||
265 | EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to | |
266 | easily do cryptographic operations on files. For example, | |
267 | ||
268 | @example | |
269 | M-x dired | |
270 | (mark some files) | |
271 | : e (or M-x epa-dired-do-encrypt) | |
272 | (select recipients by 'm' and click [OK]) | |
273 | @end example | |
274 | ||
275 | @noindent | |
276 | The following keys are assigned. | |
277 | ||
278 | @table @kbd | |
279 | @item : d | |
280 | @kindex @kbd{: d} | |
281 | @findex epa-dired-do-decrypt | |
282 | Decrypt marked files. | |
283 | ||
284 | @item : v | |
285 | @kindex @kbd{: v} | |
286 | @findex epa-dired-do-verify | |
287 | Verify marked files. | |
288 | ||
289 | @item : s | |
290 | @kindex @kbd{: s} | |
291 | @findex epa-dired-do-sign | |
292 | Sign marked files. | |
293 | ||
294 | @item : e | |
295 | @kindex @kbd{: e} | |
296 | @findex epa-dired-do-encrypt | |
297 | Encrypt marked files. | |
298 | ||
299 | @end table | |
300 | ||
301 | @node Mail-mode integration | |
302 | @section Mail-mode integration | |
303 | ||
3b7ab45f | 304 | EasyPG Assistant provides a minor mode @code{epa-mail-mode} to help |
c05c2b9b DU |
305 | user compose inline OpenPGP messages. Inline OpenPGP is a traditional |
306 | style of sending signed/encrypted emails by embedding raw OpenPGP | |
307 | blobs inside a message body, not using modern MIME format. | |
3b7ab45f | 308 | |
c05c2b9b | 309 | NOTE: Inline OpenPGP is not recommended and you should consider to use |
1df7defd | 310 | PGP/MIME@. See |
c154c0be | 311 | @uref{http://josefsson.org/inline-openpgp-considered-harmful.html, |
c05c2b9b | 312 | Inline OpenPGP in E-mail is bad@comma{} Mm'kay?}. |
c154c0be MO |
313 | |
314 | @noindent | |
0f215bca DU |
315 | Once @code{epa-mail-mode} is enabled, the following keys are assigned. |
316 | You can do it by @kbd{C-u 1 M-x epa-mail-mode} or through the Customize | |
317 | interface. Try @kbd{M-x customize-variable epa-global-mail-mode}. | |
c154c0be MO |
318 | |
319 | @table @kbd | |
d85d3b3a DU |
320 | @item C-c C-e C-d and C-c C-e d |
321 | @kindex @kbd{C-c C-e C-d} | |
c154c0be MO |
322 | @kindex @kbd{C-c C-e d} |
323 | @findex epa-mail-decrypt | |
324 | Decrypt OpenPGP armors in the current buffer. | |
325 | ||
d85d3b3a DU |
326 | @item C-c C-e C-v and C-c C-e v |
327 | @kindex @kbd{C-c C-e C-v} | |
c154c0be MO |
328 | @kindex @kbd{C-c C-e v} |
329 | @findex epa-mail-verify | |
330 | Verify OpenPGP cleartext signed messages in the current buffer. | |
331 | ||
d85d3b3a DU |
332 | @item C-c C-e C-s and C-c C-e s |
333 | @kindex @kbd{C-c C-e C-s} | |
c154c0be MO |
334 | @kindex @kbd{C-c C-e s} |
335 | @findex epa-mail-sign | |
336 | Compose a signed message from the current buffer. | |
337 | ||
d85d3b3a DU |
338 | @item C-c C-e C-e and C-c C-e e |
339 | @kindex @kbd{C-c C-e C-e} | |
c154c0be MO |
340 | @kindex @kbd{C-c C-e e} |
341 | @findex epa-mail-encrypt | |
342 | Compose an encrypted message from the current buffer. | |
7a603b73 DU |
343 | By default it tries to build the recipient list from @samp{to}, |
344 | @samp{cc}, and @samp{bcc} fields of the mail header. To include your | |
345 | key in the recipient list, use @samp{encrypt-to} option in | |
346 | @file{~/.gnupg/gpg.conf}. | |
c154c0be MO |
347 | |
348 | @end table | |
349 | ||
55f612f0 GM |
350 | @node Encrypting/decrypting gpg files |
351 | @section Encrypting/decrypting gpg files | |
8b358e90 DU |
352 | By default, every file whose name ends with @samp{.gpg} will be |
353 | treated as encrypted. That is, when you open such a file, the | |
354 | decrypted text is inserted in the buffer rather than encrypted one. | |
355 | Similarly, when you save the buffer to a @samp{foo.gpg} file, | |
356 | encrypted data is written. | |
c154c0be | 357 | |
8b358e90 DU |
358 | The file name pattern for encrypted files can be controlled by |
359 | @var{epa-file-name-regexp}. | |
360 | ||
361 | @defvar epa-file-name-regexp | |
362 | Regexp which matches filenames treated as encrypted. | |
363 | @end defvar | |
364 | ||
365 | You can disable this behavior with @kbd{M-x epa-file-disable}, and | |
366 | then get it back with @kbd{M-x epa-file-enable}. | |
c154c0be MO |
367 | |
368 | @deffn Command epa-file-disable | |
369 | Disable automatic encryption/decryption of *.gpg files. | |
370 | @end deffn | |
371 | ||
372 | @deffn Command epa-file-enable | |
373 | Enable automatic encryption/decryption of *.gpg files. | |
374 | @end deffn | |
375 | ||
376 | @noindent | |
8b358e90 DU |
377 | By default, @code{epa-file} will try to use symmetric encryption, aka |
378 | password-based encryption. If you want to use public key encryption | |
379 | instead, do @kbd{M-x epa-file-select-keys}, which will pops up the key | |
380 | selection dialog. | |
381 | ||
382 | @deffn Command epa-file-select-keys | |
383 | Select recipient keys to encrypt the currently visiting file with | |
384 | public key encryption. | |
385 | @end deffn | |
386 | ||
387 | You can also change the default behavior with the variable | |
388 | @var{epa-file-select-keys}. | |
389 | ||
390 | @defvar epa-file-select-keys | |
391 | Control whether or not to pop up the key selection dialog. | |
392 | @end defvar | |
393 | ||
394 | For frequently visited files, it might be a good idea to tell Emacs | |
395 | which encryption method should be used through @xref{File Variables, , | |
396 | , emacs, the Emacs Manual}. Use the @code{epa-file-encrypt-to} local | |
397 | variable for this. | |
c154c0be MO |
398 | @vindex epa-file-encrypt-to |
399 | ||
f358e6e5 | 400 | For example, if you want an Elisp file to be encrypted with a |
8b358e90 DU |
401 | public key associated with an email address @samp{ueno@@unixuser.org}, |
402 | add the following line to the beginning of the file. | |
403 | ||
c154c0be MO |
404 | @cartouche |
405 | @lisp | |
406 | ;; -*- epa-file-encrypt-to: ("ueno@@unixuser.org") -*- | |
407 | @end lisp | |
408 | @end cartouche | |
409 | ||
8b358e90 DU |
410 | Instead, if you want the file always (regardless of the value of the |
411 | @code{epa-file-select-keys} variable) encrypted with symmetric | |
412 | encryption, change the line as follows. | |
2c6c404a | 413 | |
8b358e90 DU |
414 | @cartouche |
415 | @lisp | |
416 | ;; -*- epa-file-encrypt-to: nil -*- | |
417 | @end lisp | |
418 | @end cartouche | |
2c6c404a | 419 | |
c154c0be MO |
420 | Other variables which control the automatic encryption/decryption |
421 | behavior are below. | |
422 | ||
423 | @defvar epa-file-cache-passphrase-for-symmetric-encryption | |
424 | If non-@code{nil}, cache passphrase for symmetric encryption. The | |
425 | default value is @code{nil}. | |
426 | @end defvar | |
427 | ||
428 | @defvar epa-file-inhibit-auto-save | |
429 | If non-@code{nil}, disable auto-saving when opening an encrypted file. | |
430 | The default value is @code{t}. | |
431 | @end defvar | |
432 | ||
65f54520 DU |
433 | @node Caching Passphrases |
434 | @chapter Caching Passphrases | |
435 | ||
436 | Typing passphrases is an irritating task if you frequently open and | |
437 | close the same file. GnuPG and EasyPG Assistant provide mechanisms to | |
438 | remember your passphrases. However, the configuration is a bit | |
439 | confusing since it depends on your GnuPG installation (GnuPG version 1 or | |
440 | GnuPG version 2), encryption method (symmetric or public key), and whether or | |
441 | not you want to use gpg-agent. Here are some questions: | |
442 | ||
443 | @enumerate | |
444 | @item Do you use GnuPG version 2 instead of GnuPG version 1? | |
445 | @item Do you use symmetric encryption rather than public key encryption? | |
446 | @item Do you want to use gpg-agent? | |
447 | @end enumerate | |
448 | ||
449 | Here are configurations depending on your answers: | |
450 | ||
451 | @multitable {111} {222} {333} {configuration configuration configuration} | |
452 | @item @b{1} @tab @b{2} @tab @b{3} @tab Configuration | |
98e2b864 | 453 | @item Yes @tab Yes @tab Yes @tab Set up gpg-agent. |
65f54520 | 454 | @item Yes @tab Yes @tab No @tab You can't, without gpg-agent. |
98e2b864 | 455 | @item Yes @tab No @tab Yes @tab Set up gpg-agent. |
65f54520 DU |
456 | @item Yes @tab No @tab No @tab You can't, without gpg-agent. |
457 | @item No @tab Yes @tab Yes @tab Set up elisp passphrase cache. | |
458 | @item No @tab Yes @tab No @tab Set up elisp passphrase cache. | |
98e2b864 | 459 | @item No @tab No @tab Yes @tab Set up gpg-agent. |
65f54520 DU |
460 | @item No @tab No @tab No @tab You can't, without gpg-agent. |
461 | @end multitable | |
462 | ||
98e2b864 | 463 | To set up gpg-agent, follow the instruction in GnuPG manual. |
65f54520 DU |
464 | @pxref{Invoking GPG-AGENT, , Invoking GPG-AGENT, gnupg}. |
465 | ||
466 | To set up elisp passphrase cache, set | |
467 | @code{epa-file-cache-passphrase-for-symmetric-encryption}. | |
55f612f0 | 468 | @xref{Encrypting/decrypting gpg files}. |
65f54520 | 469 | |
b9476c04 DU |
470 | @node Bug Reports |
471 | @chapter Bug Reports | |
472 | ||
473 | Bugs and problems with EasyPG Assistant are actively worked on by the | |
474 | Emacs development team. Feature requests and suggestions are also | |
475 | more than welcome. Use @kbd{M-x report-emacs-bug}, @pxref{Bugs, , | |
476 | Bugs, emacs, Reporting Bugs}. | |
477 | ||
478 | When submitting a bug report, please try to describe in excruciating | |
479 | detail the steps required to reproduce the problem. Also try to | |
480 | collect necessary information to fix the bug, such as: | |
481 | ||
482 | @itemize @bullet | |
483 | @item the GnuPG version. Send the output of @samp{gpg --version}. | |
484 | @item the GnuPG configuration. Send the contents of @file{~/.gnupg/gpg.conf}. | |
485 | @end itemize | |
486 | ||
487 | Before reporting the bug, you should set @code{epg-debug} in the | |
488 | @file{~/.emacs} file and repeat the bug. Then, include the contents | |
489 | of the @samp{ *epg-debug*} buffer. Note that the first letter of the | |
490 | buffer name is a whitespace. | |
491 | ||
0b1af106 GM |
492 | @node GNU Free Documentation License |
493 | @appendix GNU Free Documentation License | |
494 | @include doclicense.texi | |
495 | ||
c154c0be MO |
496 | @bye |
497 | ||
498 | @c End: |