0

I'm trying to use EasyPG to store secrets that I need to set in my init file. To set up, I did the following:

  1. Created a secrets.el file that has a couple of declaration like:
(setq SOME_SECRET "<the secret>")
  1. I then used epa-encrypt-file to create an encrypted file secrets.el.gpg.
  2. Then I load this file in my init.el
(load-library "~/secrets.el.gpg")

This works after one load, but then later when I restart Emacs, I get an error message on load that it can't find the key:

File error: Opening input file, Decryption failed, No secret key: ***********

The key definitely exists, though, as I can verify that with GPG at the commandline, and the whole flow works once.

Does anyone know what be wrong here?

UPDATE

I realized that if I use gpg at the console to decrypt the file once, at which point I am prompted for the passphrase, that then emacs is able to decrypt the file. So I'm wondering if EasyPG is just not prompting for the passphrase.

Is there more setup I need to do to get it to promote for the passphrase?

fraxture
  • 338
  • 1
  • 13
  • 1
    I've been using [this setup](https://emacs.stackexchange.com/a/68304/28451) for quite some time successfully. – Y. E. Apr 15 '23 at 07:36
  • 1
    Does this answer your question? [Enabling minibuffer pinentry with Emacs 25 and GnuPG 2.1 on Ubuntu Xenial](https://emacs.stackexchange.com/questions/32881/enabling-minibuffer-pinentry-with-emacs-25-and-gnupg-2-1-on-ubuntu-xenial) – Y. E. Apr 15 '23 at 07:37

1 Answers1

0

The comments from @Y.E. provided the answer. I will repeat it here just in case someone comes across this page.

What I did, following the guides in both link that @Y.E. provided was:

  1. I instructed emacs to use epg-pinentry-mode. So here's my full set of commands:
(setq epg-pinentry-mode 'loopback) ;; this is the new line!
(require 'epa-file)
(epa-file-enable)
(custom-set-variables '(epg-gpg-program "/usr/local/bin/gpg"))
(setq auth-source-debug t)
(load-library "~/secrets.el.gpg")
  1. I created a file ~/.gnupg/gpg-agent.conf and added the following:
allow-emacs-pinentry
allow-loopback-pinentry

# on Mac OS
pinentry-program /usr/local/bin/pinentry-mac
  1. Then I did gpgconf --reload gpg-agent

After taking those steps, when I reloaded emacs my problem went away. You'll see that in the excerpt from my init file in #1, I load a file called secrets.el.gpg, an encrypted file.

What happened before is that I would get an error, now I get a prompt to provide the passphrase for my key.

fraxture
  • 338
  • 1
  • 13