2015-07-24 Gmail, Gnus and GPG

I wrote some instructions for setting up Gmail, Gnus and GPG. I used Emacs 24.5 and GPG 2.0 for this tutorial.

Gmail, Gnus and GPG

If you’re on Windows

I installed gnupg 1.4 using Cygwin and it worked just as well.

If you’re on a Mac

I tried this using my Mac and a Guest account. A Guest account has all its files deleted when you log out. It’s as “clean” as I could get.

You can install Emacs in various ways. You could use Emacs For Mac OS X. “Pure Emacs! No Extras! No Nonsense!” This is what I used to run. I’ve also built Emacs from source many times. Just remember to `./configure --with-ns` before you start. You can install it from Homebrew: You could `brew install emacs` or you could install Yamamoto Mitsuharu’s Emacs Mac Port. This last variant is what I’m using right now.

Emacs For Mac OS X

Homebrew

Emacs Mac Port

brew tap railwaycat/emacsmacport
brew install emacs-mac --with-gnutls --with-imagemagick --with-official-icon --with-xml2
brew linkapps emacs-mac

As for GPG, you have two options. You can install GPG via GPG Suite. This is what I used at first. `gpg --version` said `gpg (GnuPG/MacGPG2) 2.0.27` (the current, stable version is 2.0.28). But I wanted to install GPG via Homebrew. If you want to try it as well, make sure you uninstall the GPG Suite if you had it installed.

GPG Suite

Homebrew

uninstall the GPG Suite

If you just install `gpg2`, you won’t be able to enter your passphrase from within Emacs with a GUI. You’ll see a simple, cut off message saying `epa-file--find-file-not-found-function: Opening input file: Decryption failed,`. If you only use Emacs within terminal windows, no problem. No need to do anything. But if you like to use Emacs with fonts and colors, menus and scrollbars, then you need to install a special variant of pinentry in order to get a separate Pinentry window:

brew install gpg2
brew install pinentry-mac

Once you have done that, change your `~/.gnupg/gpg-agent.conf` file so that it has only this one line:

pinentry-program /usr/local/bin/pinentry-mac

When you install `gpg2`, it tells you to put `use-standard-socket` in your `~/.gnupg/gpg-agent.conf` file. Don’t do that unless you only want to use Emacs from a terminal. Here’s a sample session in a terminal, showing you what you’ll get, if you don’t use `pinentry-mac`:

alex@Megabombus:~$ echo "This is a test." > test
alex@Megabombus:~$ gpg --recipient kensanata --encrypt test
alex@Megabombus:~$ ls test*
test     test.gpg
alex@Megabombus:~$ gpg --output test2 test.gpg

You need a passphrase to unlock the secret key for
user: "Alex Schroeder <kensanata@keybase.io>"
8192-bit RSA key, ID 4529A45C, created 2015-03-01 (main key ID ACECFEAE)

gpg: encrypted with 8192-bit RSA key, ID 4529A45C, created 2015-03-01
      "Alex Schroeder <kensanata@keybase.io>"
alex@Megabombus:~$ ls test*
test     test.gpg test2
alex@Megabombus:~$ diff test test2

When asked for your passphrase, you’ll see something like the following:

┌────────────────────────────────────────────────────────────────────────────────────┐
│ Please enter the passphrase to unlock the secret key for the OpenPGP certificate:  │
│ "Alex Schroeder <kensanata@keybase.io>"                                            │
│ 8192-bit RSA key, ID 4529A45C,                                                     │
│ created 2015-03-01 (main key ID ACECFEAE).                                         │
│                                                                                    │
│                                                                                    │
│ Passphrase *****************************************************************______ │
│                                                                                    │
│            <OK>                                                  <Cancel>          │
└────────────────────────────────────────────────────────────────────────────────────┘

This pinentry works in a terminal, but it won’t show up when GPG is called by GUI Emacs! Install `pinentry-mac` and you’ll be able to provide your passphrase when using Emacs.

If you already tinkered with gpg before changing `~/.gnupg/gpg-agent.conf`, you’ll have to reload `gpg-agent`.

alex@Megabombus:~$ echo RELOADAGENT | gpg-connect-agent
OK

​#Emacs ​#Security ​#Software

Comments

(Please contact me if you want to remove your comment.)

Today I was able to copy that config file for my Emacs installation at work, use the public keys of both my work account and my private account for `mml2015-signers`, and it worked! Yay. 😄

– Alex Schroeder 2015-11-23 20:24 UTC