A light hearted look at getting Emacs to cache your encryption
passwords.
Today I decided to try out the git version of gnus. After cloning the
repo and setting my .emacs to load gnus, I was prompted to enter the
details for my various email accounts, currently stored in my
.authinfo file. Gnus then saved these in a .authinfo.gpg file, which
astute reader may realize is a gpg encrypted file. "Good", I thought
that makes my system a bit more secure. Gnus then prompted me for the
pas phrase for my .authinfo.gpg file for each of my accounts. When you
have three or more accounts repeated typing "Richard Stallman has a
very long beard" gets a bit repetitive. Less patient users may change
their password to "gnus", "1234", or some other four letter word not
suitable for the eyes of emacs org-mode readers.
After perusing various Emacs mailing lists, which had various answers,
many from denizens of this list; I worked out the gnus was using
symmetric encryption.
I added (setq epa-file-cache-passphrase-for-symmetric-encryption t),
but still no joy. Finally I found I needed to add (setenv
"GPG_AGENT_INFO" nil). Joy of joys I only had to type "Richard
Stallman..." once. I went and had a cup of tea.
When I got back I needed to open the org gpg file with all my
passwords. I was prompted for my password. Since I had only opened the
file a few minutes previously and gnupg-agent normally cached my
passwords for a couple of hours, I was surprised. Further
investigation revealed what many readers already know that setenv
"GPG_AGENT_INFO" nil had disabled gnupg-agent. My password file is
encrypted using public key encryption, not symmetric encryption, so I
couldn't have password caching enabled for both types of encryption. I
had to choose between typing in "Richard Stallman has a very long
beard" or "Wilkesley cows only produce white milk" multiple
times. Deep gloom descended.
Suddenly a ray of sunshine illuminated the problem. What if I could
persuade gnus to use public key encryption? A bit of digging in Emacs
customization revealed I could do something like (setq
auth-source-gpg-encrypt-to (quote ("ABC124"))), where ABC1234 is they
key I use to encrypt my password file. This means that gnus and org
both use public key encryption and I can now use gnupg-agent. So I
only have to type in "Wilkesley cows only produce white milk" once and
I can both read my email and open my passwords file. Happiness
restored.
Ian.
