1 \input texinfo @c -*- mode: texinfo -*-
3 @setfilename ../../info/epa
4 @settitle EasyPG Assistant User's Manual
10 This file describes EasyPG Assistant.
12 Copyright @copyright{} 2007, 2008 Free Software Foundation, Inc.
15 Permission is granted to copy, distribute and/or modify this document
16 under the terms of the GNU Free Documentation License, Version 1.2 or
17 any later version published by the Free Software Foundation; with no
18 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
19 Texts. A copy of the license is included in the section entitled "GNU
20 Free Documentation License".
26 * EasyPG Assistant: (epa). An Emacs user interface to GNU Privacy Guard.
31 @title EasyPG Assistant
36 @vskip 0pt plus 1filll
45 @top EasyPG Assistant user's manual
47 EasyPG Assistant is an Emacs user interface to GNU Privacy Guard
48 (GnuPG, @pxref{Top, , Top, gnupg, Using the GNU Privacy Guard}).
50 EasyPG Assistant is a part of the package called EasyPG, an all-in-one
51 GnuPG interface for Emacs. EasyPG also contains the library interface
52 called EasyPG Library.
55 This manual covers EasyPG version @value{VERSION}.
66 EasyPG Assistant provides the following features.
70 @item Cryptographic operations on regions.
71 @item Cryptographic operations on files.
72 @item Dired integration.
73 @item Mail-mode integration.
74 @item Automatic encryption/decryption of *.gpg files.
80 EasyPG Assistant commands are prefixed by @samp{epa-}. For example,
83 @item To browse your keyring, type @kbd{M-x epa-list-keys}
85 @item To create a cleartext signature of the region, type @kbd{M-x epa-sign-region}
87 @item To encrypt a file, type @kbd{M-x epa-encrypt-file}
90 EasyPG Assistant provides several cryptographic features which can be
91 integrated into other Emacs functionalities. For example, automatic
92 encryption/decryption of @samp{*.gpg} files.
94 To install these features, do @kbd{C-u 1 M-x epa-mode}. It can also
95 be turned on by customize. Try @kbd{M-x customize-variable epa-mode}.
100 This chapter introduces various commands for typical use cases.
104 * Cryptographic operations on regions::
105 * Cryptographic operations on files::
106 * Dired integration::
107 * Mail-mode integration::
108 * Encrypting/decrypting *.gpg files::
112 @section Key management
113 Probably the first step of using EasyPG Assistant is to browse your
114 keyring. @kbd{M-x epa-list-keys} is corresponding to @samp{gpg
115 --list-keys} from the command line.
117 @deffn Command epa-list-keys name mode
118 Show all keys matched with @var{name} from the public keyring.
122 The output looks as follows.
125 u A5B6B2D4B15813FE Daiki Ueno <ueno@@unixuser.org>
129 A character on the leftmost column indicates the trust level of the
130 key. If it is @samp{u}, the key is marked as ultimately trusted. The
131 second column is the key ID, and the rest is the user ID.
133 You can move over entries by @key{TAB}. If you type @key{RET} or
134 click button1 on an entry, you will see more detailed information
135 about the key you selected.
138 u Daiki Ueno <ueno@@unixuser.org>
139 u A5B6B2D4B15813FE 1024bits DSA
142 Capabilities: sign certify
143 Fingerprint: 8003 7CD0 0F1A 9400 03CA 50AA A5B6 B2D4 B158 13FE
144 u 4447461B2A9BEA2D 2048bits ELGAMAL_E
147 Capabilities: encrypt
148 Fingerprint: 9003 D76B 73B7 4A8A E588 10AF 4447 461B 2A9B EA2D
152 To browse your private keyring, use @kbd{M-x epa-list-secret-keys}.
154 @deffn Command epa-list-secret-keys name
155 Show all keys matched with @var{name} from the private keyring.
159 In @samp{*Keys*} buffer, several commands are available. The common
160 use case is to export some keys to a file. To do that, type @kbd{m}
161 to select keys, type @kbd{o}, and then supply the filename.
163 Below are other commands related to key management. Some of them take
164 a file as input/output, and others take the current region.
166 @deffn Command epa-insert-keys keys
167 Insert selected @var{keys} after the point. It will let you select
168 keys before insertion. By default, it will encode keys in the OpenPGP
172 @deffn Command epa-import-keys file
173 Import keys from @var{file} to your keyring.
176 @deffn Command epa-import-keys-region start end
177 Import keys from the current region between @var{start} and @var{end}
181 @deffn Command epa-import-armor-in-region start end
182 Import keys in the OpenPGP armor format in the current region between
183 @var{start} and @var{end}. The difference from
184 @code{epa-import-keys-region} is that
185 @code{epa-import-armor-in-region} searches armors in the region and
186 applies @code{epa-import-keys-region} to each of them.
189 @deffn Command epa-delete-keys allow-secret
190 Delete selected keys. If @var{allow-secret} is non-@code{nil}, it
191 also delete the secret keys.
194 @node Cryptographic operations on regions
195 @section Cryptographic operations on regions
197 @deffn Command epa-decrypt-region start end
198 Decrypt the current region between @var{start} and @var{end}. It
199 replaces the region with the decrypted text.
202 @deffn Command epa-decrypt-armor-in-region start end
203 Decrypt OpenPGP armors in the current region between @var{start} and
204 @var{end}. The difference from @code{epa-decrypt-region} is that
205 @code{epa-decrypt-armor-in-region} searches armors in the region
206 and applies @code{epa-decrypt-region} to each of them. That is, this
207 command does not alter the original text around armors.
210 @deffn Command epa-verify-region start end
211 Verify the current region between @var{start} and @var{end}. It sends
212 the verification result to the minibuffer or a popup window. It
213 replaces the region with the signed text.
216 @deffn Command epa-verify-cleartext-in-region
217 Verify OpenPGP cleartext blocks in the current region between
218 @var{start} and @var{end}. The difference from
219 @code{epa-verify-region} is that @code{epa-verify-cleartext-in-region}
220 searches OpenPGP cleartext blocks in the region and applies
221 @code{epa-verify-region} to each of them. That is, this command does
222 not alter the original text around OpenPGP cleartext blocks.
225 @deffn Command epa-sign-region start end signers type
226 Sign the current region between @var{start} and @var{end}. By
227 default, it creates a cleartext signature. If a prefix argument is
228 given, it will let you select signing keys, and then a signature
232 @deffn Command epa-encrypt-region start end recipients sign signers
233 Encrypt the current region between @var{start} and @var{end}. It will
234 let you select recipients. If a prefix argument is given, it will
235 also ask you whether or not to sign the text before encryption and if
236 you answered yes, it will let you select the signing keys.
239 @node Cryptographic operations on files
240 @section Cryptographic operations on files
242 @deffn Command epa-decrypt-file file
246 @deffn Command epa-verify-file file
250 @deffn Command epa-sign-file file signers type
251 Sign @var{file}. If a prefix argument is given, it will let you
252 select signing keys, and then a signature type.
255 @deffn Command epa-encrypt-file file recipients
256 Encrypt @var{file}. It will let you select recipients.
259 @node Dired integration
260 @section Dired integration
262 EasyPG Assistant extends Dired Mode for GNU Emacs to allow users to
263 easily do cryptographic operations on files. For example,
268 : e (or M-x epa-dired-do-encrypt)
269 (select recipients by 'm' and click [OK])
273 The following keys are assigned.
278 @findex epa-dired-do-decrypt
279 Decrypt marked files.
283 @findex epa-dired-do-verify
288 @findex epa-dired-do-sign
293 @findex epa-dired-do-encrypt
294 Encrypt marked files.
298 @node Mail-mode integration
299 @section Mail-mode integration
301 EasyPG Assistant provides a minor mode to help user compose inline PGP
302 messages. Inline PGP is sending the OpenPGP blobs directly inside a
303 mail message and it is not recommended and you should consider to use
305 @uref{http://josefsson.org/inline-openpgp-considered-harmful.html,
306 Inline PGP in E-mail is bad, Mm'kay?}.
309 The following keys are assigned.
313 @kindex @kbd{C-c C-e d}
314 @findex epa-mail-decrypt
315 Decrypt OpenPGP armors in the current buffer.
318 @kindex @kbd{C-c C-e v}
319 @findex epa-mail-verify
320 Verify OpenPGP cleartext signed messages in the current buffer.
323 @kindex @kbd{C-c C-e s}
324 @findex epa-mail-sign
325 Compose a signed message from the current buffer.
328 @kindex @kbd{C-c C-e e}
329 @findex epa-mail-encrypt
330 Compose an encrypted message from the current buffer.
334 @node Encrypting/decrypting *.gpg files
335 @section Encrypting/decrypting *.gpg files
336 Once @code{epa-setup} is loaded, every file whose extension is
337 @samp{.gpg} will be treated as encrypted. That is, when you attempt
338 to open such a file which already exists, the decrypted text is
339 inserted in the buffer rather than encrypted one. On the other hand,
340 when you attempt to save the buffer to a file whose extension is
341 @samp{.gpg}, encrypted data is written.
343 If you want to temporarily disable this behavior, use @kbd{M-x
344 epa-file-disable}, and then to enable this behavior use @kbd{M-x
347 @deffn Command epa-file-disable
348 Disable automatic encryption/decryption of *.gpg files.
351 @deffn Command epa-file-enable
352 Enable automatic encryption/decryption of *.gpg files.
356 @code{epa-file} will let you select recipients. If you want to
357 suppress this question, it might be a good idea to put the following
358 line on the first line of the text being encrypted.
359 @vindex epa-file-encrypt-to
363 ;; -*- epa-file-encrypt-to: ("ueno@@unixuser.org") -*-
367 Other variables which control the automatic encryption/decryption
370 @defvar epa-file-cache-passphrase-for-symmetric-encryption
371 If non-@code{nil}, cache passphrase for symmetric encryption. The
372 default value is @code{nil}.
375 @defvar epa-file-inhibit-auto-save
376 If non-@code{nil}, disable auto-saving when opening an encrypted file.
377 The default value is @code{t}.
385 arch-tag: 7404e246-7d4c-4db4-9332-c1293a455a4f