💾 Archived View for henn.es › gemlog › en › 2023-07-17-setup-authinfo-gpg.gmi captured on 2024-07-08 at 23:46:44. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-07-22)

-=-=-=-=-=-=-

Setup .authinfo.gpg file for Emacs

My notes are based on the System Crafters video

How to Encrypt Your Passwords with Emacs

Some general information about

Gnus Authinfo

Make sure GnuPG and at least one Pinentry program to enter passphrases are installed.

Generate a secret GPG key (if not already present)

gpg --full-gen-key

Use RSA with 4096 key length. It does not need to expire.

The generated key shows up in the output of the following commands:

gpg --list-secret-keys
gpg --list-keys

Create .authinfo.gpg file

Open new file in Emacs `~/.authinfo.gpg` and add an entry like this:

machine mail.example.com login bob password s3cr3t port 993

Save this file. You will be asked to select recipients for encryption. Go to the line with your own key you want to use, mark it with `m` and press enter on `[OK]`.

It is recommended to allow read-write access for the own user only:

chmod 600 ~/.authinfo.gpg

Shell command to get the secret

A running Emacs server is required.

emacsclient -e "(funcall (plist-get (car (auth-source-search :host \"mail.example.com\" :login \"bob\")) :secret))" 2>/dev/null | cut -d\" -f2

Let Emacs prompt for passphrase in minibuffer

This part is based on

GnuPG pinentry via the Emacs minibuffer

Add this line to the file `~/.gnupg/gpg-agent.conf`:

allow-loopback-entry

Reload the configuration in the shell with:

gpgconf --reload gpg-agent

Add this line to your Emacs configuration:

(setq epg-pinentry-mode 'loopback)