English, Japanese

EasyPG with dired
[Click here to enlarge]

EasyPG is an all-in-one GnuPG interface for Emacs. It consists of two parts: EasyPG Assistant and EasyPG Library.

EasyPG Assistant is a set of convenient tools to use GnuPG from Emacs. EasyPG Library is a sort of an elisp port of GPGME, a wrapper library which provides API to access some of the GnuPG functions.



EasyPG Assistant provides the following features:

EasyPG Library provides the following features:


Current version is epg-0.0.16.tar.gz (PGP signature)

Past releases are in http://sourceforge.jp/projects/epg/files/.

Supplemental tools

Supplemental tools are also in http://sourceforge.jp/projects/epg/files/


There are security pitfalls around Emacs.

Passphrases may leak to temporary files

The function call-process-region writes data in region to a temporary file. If your PGP library used this function, your passphrases would leak to the filesystem.

EasyPG Library does not use call-process-region to communicate with a gpg subprocess.

Passphrases may be stolen from core files

If Emacs crashes and dumps core, Lisp strings in memory are also dumped within the core file. read-passwd function clears passphrase strings by (fillarray string 0) to avoid this risk. However, Emacs performs compaction in gc_sweep phase. If GC happens before fillarray, passphrase strings may be moved elsewhere in memory. Therefore, passphrase caching in elisp is generally a bad idea.

EasyPG Library dares to disable passphrase caching. Fortunately, there is more secure way to cache passphrases - use gpg-agent.


Copyright (c) 2006-2009 Daiki Ueno
$Id: index.html.en,v 1.55 2010-01-23 05:09:43 ueno Exp $