[Click here to enlarge]
EasyPG is an all-in-one GnuPG interface for Emacs. It consists of two parts: EasyPG Assistant and EasyPG Library.
EasyPG Assistant is a set of convenient tools to use GnuPG from Emacs. EasyPG Library is a sort of an elisp port of GPGME, a wrapper library which provides API to access some of the GnuPG functions.
EasyPG Assistant provides the following features:
EasyPG Library provides the following features:
Current version is epg-0.0.16.tar.gz (PGP signature)
Past releases are in http://sourceforge.jp/projects/epg/files/.
Supplemental tools are also in http://sourceforge.jp/projects/epg/files/
There are security pitfalls around Emacs.
The function call-process-region writes data in region to a temporary file. If your PGP library used this function, your passphrases would leak to the filesystem.
EasyPG Library does not use call-process-region to communicate with a gpg subprocess.
If Emacs crashes and dumps core, Lisp strings in memory are also dumped within the core file. read-passwd function clears passphrase strings by (fillarray string 0) to avoid this risk. However, Emacs performs compaction in gc_sweep phase. If GC happens before fillarray, passphrase strings may be moved elsewhere in memory. Therefore, passphrase caching in elisp is generally a bad idea.
EasyPG Library dares to disable passphrase caching. Fortunately, there is more secure way to cache passphrases - use gpg-agent.
![[Click here to enlarge]](epg-000.png){kind=link}