Grandma's Fridge

A TitanOfOld dev blog

Encrypt on the fly with Emacs

Encrypting and decrypting a file with Emacs is straightforward and fairly transparent.

Somewhere in your init file have the following:

(require 'epa-file)

Then whichever file you want to encrypt, just save it with a .gpg ending and have this at the top:

# -*- mode:org; epa-file-encrypt-to: "0x2153C852F779174F" -*-

Replace 0x2153C852F779174F with your key ID. The mode:... lets Emacs know which mode it should load after it decrypts the file.

It's better to use the 0xlong format when specifying the key to use as Emacs can pick the wrong key. For example, I got the following error when I used my email instead of the key ID:

Error while encrypting with "/usr/bin/gpg2":

gpg: 5713AA03D1BBFDA0: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key

Here 5713AA03D1BBFDA0 is an expired key I used to sign my new key. I let that one expire because it used a weak encryption standard. It expired years ago, but Emacs kept picking it up. If you run into that issue, change your encrypt to, and type M-S-: (setq epa-file-encrypt-to "0xyourkeyid") to get it to save the first time.