diff --git a/README.org b/README.org index 5c475ff..20abef1 100644 --- a/README.org +++ b/README.org @@ -33,7 +33,7 @@ All of the options available for configuration are defined here. They may be ove feeds media terminal - encryption + passwords pinentry desktop writing presentations diff --git a/docs/tasks.org.gpg b/docs/tasks.org.gpg index 84eef42..0131d75 100644 Binary files a/docs/tasks.org.gpg and b/docs/tasks.org.gpg differ diff --git a/init.el b/init.el index 2bf1a7d..6753bbf 100644 --- a/init.el +++ b/init.el @@ -11,7 +11,7 @@ feeds media terminal - encryption + passwords pinentry desktop writing presentations diff --git a/modules/encryption.org b/modules/encryption.org deleted file mode 100644 index 1669e0d..0000000 --- a/modules/encryption.org +++ /dev/null @@ -1,108 +0,0 @@ -#+TITLE: Encryption -#+AUTHOR: Christopher James Hayward -#+EMAIL: chris@chrishayward.xyz - -#+PROPERTY: header-args:emacs-lisp :tangle encryption.el :comments org -#+PROPERTY: header-args:shell :tangle no -#+PROPERTY: header-args :results silent :eval no-export :comments org - -#+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil -#+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil - -My source files encrypted with symmetric key encryption via *GPG*[fn:1]. This enables my workflow of storing my personal notes anywhere, including checked in to a public source repository. Emacs can cache the *GPG*[fn:1] password if you trust your session. *Pinentry*[fn:2] handled within Emacs to remain compatible without the [[file:desktop.org][Desktop]] module. - -* Configuring the gpg-agent -:PROPERTIES: -:header-args: :tangle ../config/gpg-agent.conf -:END: - -When the *gpg-agent*[fn:1] loads it will read the configuration at ~~/.gnupg/gpg-agent.conf~. Override the default settings to allow Emacs to function as the *Pinentry*[fn:2] application. - -#+begin_src conf -allow-emacs-pinentry -allow-loopback-pinentry -#+end_src - -** Restarting the gpg-agent - -You may need to restart the *gpg-agent*[fn:1] to load the configuration without rebooting. - -#+begin_src shell -gpgconf --reload gpg-agent -#+end_src - -** Creating a symbolic link - -Create the symbolic link to the configuration file - -#+begin_src emacs-lisp -(dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf" - "~/.gnupg/gpg-agent.conf") -#+end_src - -* Setting up pinentry in Emacs - -With the *Pinentry*[fn:2] package for Emacs prompts will now appear in the minibuffer. Increase the minimum prime bit size to increase performance during symmetric encryption. - -#+begin_src emacs-lisp -(use-package pinentry - :custom (epa-file-select-keys 2) - (gnutls-min-prime-bits 4096) - (epa-pinentry-mode 'loopback) - (epa-file-encrypt-to dotfiles/public-key) - (epa-file-cache-passphrase-for-symmetric-encryption t) - :config (pinentry-start)) -#+end_src - -** Including *.gpg files - -Override ~org-agenda-file-regexp~ to include =.org.gpg= files. - -#+begin_src emacs-lisp -(unless (string-match-p "\\.gpg" org-agenda-file-regexp) - (setq org-agenda-file-regexp - (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?" - org-agenda-file-regexp))) -#+end_src - -** Encrypting roam files - -Irrelevant without the [[file:writing.org][Writing]] module, encrypt new files from capture templates. - -#+begin_src emacs-lisp -(with-eval-after-load 'org-roam - (setq org-roam-encrypt-files t)) -#+end_src - -* Managing passwords - -*Pass*[fn:3] makes managing passwords easy, encrypring them in a file structure and providing easy commands for generating, modify, and copying passwords. *Password-store.el*[fn:4] provides a wrapper for the functionality within Emacs. - -#+begin_src emacs-lisp -(use-package password-store - :custom (password-store-dir dotfiles/passwords)) -#+end_src - -Configure keybindings behind =SPC p=. - -+ Copy with =p= -+ Rename with =r= -+ Generate with =g= - -#+begin_src emacs-lisp -(dotfiles/leader - "p" '(:ignore t :which-key "Passwords") - "pp" '(password-store-copy :which-key "Copy") - "pr" '(password-store-rename :which-key "Rename") - "pg" '(password-store-generate :which-key "Generate")) -#+end_src - -* Footnotes - -[fn:1] https://gnupg.org - -[fn:2] https://elpa.gnu.org/packages/pinentry.html - -[fn:3] https://passwordstore.org - -[fn:4] https://git.zx2c4.com/password-store/tree/contrib/emacs diff --git a/modules/passwords.org b/modules/passwords.org new file mode 100644 index 0000000..a5a4b80 --- /dev/null +++ b/modules/passwords.org @@ -0,0 +1,47 @@ +#+TITLE: Passwords +#+AUTHOR: Christopher James Hayward +#+EMAIL: chris@chrishayward.xyz + +#+PROPERTY: header-args:emacs-lisp :tangle passwords.el :comments org +#+PROPERTY: header-args:shell :tangle no +#+PROPERTY: header-args :results silent :eval no-export :comments org + +#+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil +#+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil + +Password management inside of Emacs. + +* Setup + +Install ~pass~ on the system. + +#+begin_src shell +RUN apt install pass +#+end_src + +* Config + +Encrypted passwords are stored inside files, in a file structure providing easy commands for generating, modifying, and copying passwords. ~password-store.el~ provides a wrapper for the functionality within Emacs. + +#+begin_src emacs-lisp +(use-package password-store + :custom (password-store-dir dotfiles/passwords)) +#+end_src + +* Shortcuts + +Configure keybindings behind =SPC p=: + ++ Copy with =p= ++ Rename with =r= ++ Generate with =g= + +#+begin_src emacs-lisp +(dotfiles/leader + "p" '(:ignore t :which-key "Passwords") + "pp" '(password-store-copy :which-key "Copy") + "pr" '(password-store-rename :which-key "Rename") + "pg" '(password-store-generate :which-key "Generate")) +#+end_src + +* Footnotes diff --git a/modules/pinentry.org b/modules/pinentry.org new file mode 100644 index 0000000..b3bd7dd --- /dev/null +++ b/modules/pinentry.org @@ -0,0 +1,69 @@ +#+TITLE: Pinentry +#+AUTHOR: Christopher James Hayward +#+EMAIL: chris@chrishayward.xyz + +#+PROPERTY: header-args:emacs-lisp :tangle pinentry.el :comments org +#+PROPERTY: header-args:shell :tangle no +#+PROPERTY: header-args :results silent :eval no-export :comments org + +#+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil +#+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil + +Handle GPG pinentry within Emacs. + +* Setup +:PROPERTIES: +:header-args: :tangle ../config/gpg-agent.conf +:END: + +When the ~gpg-agent~ loads it will read the configuration at =~/.gnupg/gpg-agent.conf=. Override the default settings to allow Emacs to function as the Pinentry application. + +#+begin_src conf +allow-emacs-pinentry +allow-loopback-pinentry +#+end_src + +You may need to restart the ~gpg-agent~ to load the configuration without rebooting. + +#+begin_src shell :tangle nil +gpgconf --reload gpg-agent +#+end_src + +* Config + +Create the symbolic link to the configuration file. + +#+begin_src emacs-lisp +(dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf" + "~/.gnupg/gpg-agent.conf") +#+end_src + +With the ~pinentry~ package for Emacs prompts will now appear in the minibuffer. Increase the minimum prime bit size to increase performance during symmetric encryption. + +#+begin_src emacs-lisp +(use-package pinentry + :custom (epa-file-select-keys 2) + (gnutls-min-prime-bits 4096) + (epa-pinentry-mode 'loopback) + (epa-file-encrypt-to dotfiles/public-key) + (epa-file-cache-passphrase-for-symmetric-encryption t) + :config (pinentry-start)) +#+end_src + +Override ~org-agenda-file-regexp~ to include =.org.gpg= files. + +#+begin_src emacs-lisp +(unless (string-match-p "\\.gpg" org-agenda-file-regexp) + (setq org-agenda-file-regexp + (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?" + org-agenda-file-regexp))) +#+end_src + +Encrypt new files from capture templates. + +#+begin_src emacs-lisp +(with-eval-after-load 'org-roam + (setq org-roam-encrypt-files t)) +#+end_src + +* Footnotes