💾 Archived View for henn.es › gemlog › en › 2023-07-17-setup-authinfo-gpg.gmi captured on 2024-12-17 at 09:52:01. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-07-22)
-=-=-=-=-=-=-
My notes are based on the System Crafters video
How to Encrypt Your Passwords with Emacs
Some general information about
Make sure GnuPG and at least one Pinentry program to enter passphrases are installed.
gpg --full-gen-key
Use RSA with 4096 key length. It does not need to expire.
The generated key shows up in the output of the following commands:
gpg --list-secret-keys gpg --list-keys
Open new file in Emacs `~/.authinfo.gpg` and add an entry like this:
machine mail.example.com login bob password s3cr3t port 993
Save this file. You will be asked to select recipients for encryption. Go to the line with your own key you want to use, mark it with `m` and press enter on `[OK]`.
It is recommended to allow read-write access for the own user only:
chmod 600 ~/.authinfo.gpg
A running Emacs server is required.
emacsclient -e "(funcall (plist-get (car (auth-source-search :host \"mail.example.com\" :login \"bob\")) :secret))" 2>/dev/null | cut -d\" -f2
This part is based on
GnuPG pinentry via the Emacs minibuffer
Add this line to the file `~/.gnupg/gpg-agent.conf`:
allow-loopback-entry
Reload the configuration in the shell with:
gpgconf --reload gpg-agent
Add this line to your Emacs configuration:
(setq epg-pinentry-mode 'loopback)