Next: Compatibility with older implementations, Previous: OpenPGP Header, Up: Security [Contents][Index]
Message with EasyPG internally calls GnuPG (the gpg or
gpgsm command) to perform
data encryption, and in certain cases (decrypting or signing for
example), gpg/gpgsm requires user’s passphrase.
Currently the recommended way to supply your passphrase is to use the
gpg-agent program.
In particular, the gpg-agent program supports passphrase
caching so that you do not need to enter your passphrase for every
decryption/sign operation. See Agent Options in Using the
GNU Privacy Guard.
How to use gpg-agent in Emacs depends on your version of
GnuPG. With GnuPG version 2.1, gpg-agent is started
automatically if necessary. With older versions you may need to run
the following command from the shell before starting Emacs.
eval `gpg-agent --daemon`
This will invoke gpg-agent and set the environment variable
GPG_AGENT_INFO to allow gpg to communicate with it.
It might be good idea to put this command in your .xsession or
.bash_profile. See Invoking GPG-AGENT in Using the
GNU Privacy Guard.
Once your gpg-agent is set up, it will ask you for a
passphrase as needed for gpg. Under the X Window System,
you will see a new passphrase input dialog appear. The dialog is
provided by PIN Entry (the pinentry command), reasonably
recent versions of which can also cooperate with Emacs on a text
console. If that does not work, you may need to put a passphrase into
gpg-agent’s cache beforehand. The following command does the trick.
gpg --use-agent --sign < /dev/null > /dev/null
Next: Compatibility with older implementations, Previous: OpenPGP Header, Up: Security [Contents][Index]