2

I use symmetric encryption in emacs 24 and somewhere along the line the variable named epa-file-cache-passphrase-for-symmetric-encryption seems to have disappeared from emacs. I am going crazy entering the passphrase twice each time I try to save or open a file. I must have missed some big change but google does not seem to be helping much figure out what I need to do to get some sort of caching of the passphrase during a session.

mcheema
  • 123
  • 4

2 Answers2

3

I cannot comment on Emacs 24, but here's how I solved this for Emacs 25:

By default epa in Emacs 25 uses gpg2 (GnuPG 2.x). According to the Epa manual, caching with gpg2 requires gpg-agent.

For some reason, I had to enable pinentry in the minibuffer, see: Enabling minibuffer pinentry with Emacs 25 and GnuPG 2.1 on Ubuntu Xenial

The documentation string for the variable epa-file-cache-passphrase-for-symmetric-encryption states that it has no effect with GnuPG 2.0. I don't know whether that is literally for 2.0, but if it is, it's certainly misleading as with GnuPG 2.1.11 (default on Ubuntu Xenial), you have to set it to t in order to enable password caching for symmetric encryption.

Stefan
  • 26,154
  • 3
  • 46
  • 84
Oliver Scholz
  • 846
  • 7
  • 12
  • Thanks, that definitely helps for GnuPG > 2.0 (strictly greater than). For me I had to enter the passphrase 4 times each time I would save a `.gpg` file. Setting `epa-file-cache-passphrase-for-symmetric-encryption` to `t` reduces to prompting the passphrase only twice. Once for "Passphrase for symmetric encryption for ~/tmpXXXXXX", and once for "Confirm". But I guess confirming is a good thing. You don't want to loose your data by mistyping the passphrase. For the record, I am using gnupg 2.2.17 and GNU Emacs 27.0.50. – armando.sano Jul 19 '19 at 23:50
  • Actually, setting `epa-file-cache-pasphrase-for-symmetric-encryption` to `t` is a bad idea, since all the variables that control gpg stash in `gpg-agent.conf` are then irrelevant (e.g. `max-cache-ttl`). The problem I had with the passphrase being asked four times for me was because I had customized `file-precious-flag` to `t` and that means first creating a temporary file – armando.sano Aug 20 '19 at 01:04
1

To prevent EPG from prompting for a key every time you save a file, put the following at the top of your file:

-*- epa-file-encrypt-to: ("your@email.address") -*-
jtgd
  • 944
  • 4
  • 13
  • That is for asymmetric encryption but I'll see if there is a way to do it for a symmetric key. Thanks – mcheema Oct 25 '16 at 11:06