If you want to keep your secrets secret, it is a good idea to encrypt your
data; I usually do that for files with passwords for various services, banking
data, and so on. Since version 23, Emacs includes a package called EasyPG (an
interface to GnuPG) which makes this seamless – just make sure that you have
GnuPG installed.
It's easy to use EasyPG – the only thing you need to do is adding the .gpg
-extension to your files, and EasyPG will automatically encrypt/decrypt them
when writing/reading. So, for example, to create an encrypted org-mode
-file,
simply visit (C-x C-f
) a file with a name like myfile.org.gpg
; emacs opens
this in Org-Mode (just like any .org
-file). When you want to save the file,
emacs will ask you for a password, and with this same password, you can open
it again. Don't forget that password!
account data
You can store any kind of secret data in your encrypted files. One type I
find particularly useful is to store account data (user names, passwords)
for various services there. For example, I use the emacs identi.ca-mode client, which gets its account data through variables identica-username
andidentica-password
.
I do not want to put this information in my main .emacs
file for safety
reasons, but instead, put it an encrypted file, together with the account data
for other services (mail, twitter etc.). Emacs' require
does not understand
encrypted files, but load-library
does. To deal with that, I have two files,secrets.el
and secrets.el.gpg
(in my load-path
):
;; secrets.el
(load-library "secrets.el.gpg")
(provide 'secrets)
and
;; secrets.el.gpg
(setq identica-username "djcb"
identica-password "$ekr3t")
;; ... other passwords ...
Now, in my .emacs
I have a function for various services, like:
(defun start-identica ()
(interactive)
(require 'secrets)
(identica-friends-timeline))
This will prompt me for the password, but only if I use anything that requires
the secret data, and only once per session.
Update: as Richard notes in the comments, you can also use require by
explicitly specifying the filename (parameter two). That might actually be easier --
thanks Richard!
using public keys
By default, EasyPG performs symmetric encryption; if you want to use public key encryption instead (useful when you want to share the encrypted files with
others), you can use:
;; 'silent to use symmetric encryption
;; nil to ask for users unless specified
;; t to always ask for a user
(setq epa-file-select-keys t)
The 'users' in this snippet are the people in your GnuPG-keyring – EasyPG
lists your keyring inhabitants, allowing for easy selection. You can also
specify the people who can decrypt your file by putting something like the
following at the beginning of the file you want to encrypt.
# -*- epa-file-encrypt-to: ("foo@bar.org") -*-
so
EasyPG brings more functionality for encryption, decryption, signing, managing
your keyring and so on, but I haven't used that much yet. Anyhow, the
automatic support for reading/writing file is really nice.
No comments:
Post a Comment