encryption -> (passwords, pinentry)

4 years ago · 1d5e96acf8
6 changed files with 118 additions and 110 deletions
--- a/README.org
+++ b/README.org
@ -33,7 +33,7 @@ All of the options available for configuration are defined here. They may be ove
    feeds
    media
    terminal
    encryption 
    passwords pinentry 
    desktop
    writing 
    presentations
--- a/docs/tasks.org.gpg
+++ b/docs/tasks.org.gpg
--- a/init.el
+++ b/init.el
@ -11,7 +11,7 @@
    feeds
    media
    terminal
    encryption 
    passwords pinentry 
    desktop
    writing 
    presentations
--- a/modules/encryption.org
+++ b/modules/encryption.org
@ -1,108 +0,0 @@
 #+TITLE: Encryption
 #+AUTHOR: Christopher James Hayward
 #+EMAIL: chris@chrishayward.xyz
 #+PROPERTY: header-args:emacs-lisp :tangle encryption.el :comments org
 #+PROPERTY: header-args:shell      :tangle no
 #+PROPERTY: header-args            :results silent :eval no-export :comments org
 #+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil
 #+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil
 My source files encrypted with symmetric key encryption via *GPG*[fn:1]. This enables my workflow of storing my personal notes anywhere, including checked in to a public source repository. Emacs can cache the *GPG*[fn:1] password if you trust your session. *Pinentry*[fn:2] handled within Emacs to remain compatible without the [[file:desktop.org][Desktop]] module.
 * Configuring the gpg-agent
 :PROPERTIES:
 :header-args: :tangle ../config/gpg-agent.conf
 :END:
 When the *gpg-agent*[fn:1] loads it will read the configuration at ~~/.gnupg/gpg-agent.conf~. Override the default settings to allow Emacs to function as the *Pinentry*[fn:2] application.
 #+begin_src conf
 allow-emacs-pinentry
 allow-loopback-pinentry
 #+end_src
 ** Restarting the gpg-agent
 You may need to restart the *gpg-agent*[fn:1] to load the configuration without rebooting.
 #+begin_src shell
 gpgconf --reload gpg-agent
 #+end_src
 ** Creating a symbolic link
 Create the symbolic link to the configuration file 
 #+begin_src emacs-lisp
 (dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf"
                  "~/.gnupg/gpg-agent.conf")
 #+end_src
 * Setting up pinentry in Emacs
 With the *Pinentry*[fn:2] package for Emacs prompts will now appear in the minibuffer. Increase the minimum prime bit size to increase performance during symmetric encryption.
 #+begin_src emacs-lisp
 (use-package pinentry
  :custom (epa-file-select-keys 2)
          (gnutls-min-prime-bits 4096)
          (epa-pinentry-mode 'loopback)
          (epa-file-encrypt-to dotfiles/public-key)
          (epa-file-cache-passphrase-for-symmetric-encryption t)
  :config (pinentry-start))
 #+end_src
 ** Including *.gpg files
 Override ~org-agenda-file-regexp~ to include =.org.gpg= files.
 #+begin_src emacs-lisp
 (unless (string-match-p "\\.gpg" org-agenda-file-regexp)
  (setq org-agenda-file-regexp
    (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?"
      org-agenda-file-regexp)))
 #+end_src
 ** Encrypting roam files
 Irrelevant without the [[file:writing.org][Writing]] module, encrypt new files from capture templates.
 #+begin_src emacs-lisp
 (with-eval-after-load 'org-roam
  (setq org-roam-encrypt-files t))
 #+end_src
 * Managing passwords
 *Pass*[fn:3] makes managing passwords easy, encrypring them in a file structure and providing easy commands for generating, modify, and copying passwords. *Password-store.el*[fn:4] provides a wrapper for the functionality within Emacs.
 #+begin_src emacs-lisp
 (use-package password-store
  :custom (password-store-dir dotfiles/passwords))
 #+end_src
 Configure keybindings behind =SPC p=.
 + Copy with =p=
 + Rename with =r=
 + Generate with =g=
 #+begin_src emacs-lisp
 (dotfiles/leader
  "p" '(:ignore t :which-key "Passwords")
  "pp" '(password-store-copy :which-key "Copy")
  "pr" '(password-store-rename :which-key "Rename")
  "pg" '(password-store-generate :which-key "Generate"))
 #+end_src
 * Footnotes
 [fn:1] https://gnupg.org
 [fn:2] https://elpa.gnu.org/packages/pinentry.html
 [fn:3] https://passwordstore.org
 [fn:4] https://git.zx2c4.com/password-store/tree/contrib/emacs
--- a/modules/passwords.org
+++ b/modules/passwords.org
@ -0,0 +1,47 @@
 #+TITLE: Passwords
 #+AUTHOR: Christopher James Hayward
 #+EMAIL: chris@chrishayward.xyz
 #+PROPERTY: header-args:emacs-lisp :tangle passwords.el :comments org
 #+PROPERTY: header-args:shell      :tangle no
 #+PROPERTY: header-args            :results silent :eval no-export :comments org
 #+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil
 #+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil
 Password management inside of Emacs.
 * Setup
 Install ~pass~ on the system.
 #+begin_src shell
 RUN apt install pass
 #+end_src
 * Config
 Encrypted passwords are stored inside files, in a file structure providing easy commands for generating, modifying, and copying passwords. ~password-store.el~ provides a wrapper for the functionality within Emacs.
 #+begin_src emacs-lisp
 (use-package password-store
  :custom (password-store-dir dotfiles/passwords))
 #+end_src
 * Shortcuts
 Configure keybindings behind =SPC p=:
 + Copy with =p=
 + Rename with =r=
 + Generate with =g=
 #+begin_src emacs-lisp
 (dotfiles/leader
  "p" '(:ignore t :which-key "Passwords")
  "pp" '(password-store-copy :which-key "Copy")
  "pr" '(password-store-rename :which-key "Rename")
  "pg" '(password-store-generate :which-key "Generate"))
 #+end_src
 * Footnotes
--- a/modules/pinentry.org
+++ b/modules/pinentry.org
@ -0,0 +1,69 @@
 #+TITLE: Pinentry
 #+AUTHOR: Christopher James Hayward
 #+EMAIL: chris@chrishayward.xyz
 #+PROPERTY: header-args:emacs-lisp :tangle pinentry.el :comments org
 #+PROPERTY: header-args:shell      :tangle no
 #+PROPERTY: header-args            :results silent :eval no-export :comments org
 #+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil
 #+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil
 Handle GPG pinentry within Emacs.
 * Setup
 :PROPERTIES:
 :header-args: :tangle ../config/gpg-agent.conf
 :END:
 When the ~gpg-agent~ loads it will read the configuration at =~/.gnupg/gpg-agent.conf=. Override the default settings to allow Emacs to function as the Pinentry application.
 #+begin_src conf
 allow-emacs-pinentry
 allow-loopback-pinentry
 #+end_src
 You may need to restart the ~gpg-agent~ to load the configuration without rebooting.
 #+begin_src shell :tangle nil
 gpgconf --reload gpg-agent
 #+end_src
 * Config
 Create the symbolic link to the configuration file.
 #+begin_src emacs-lisp
 (dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf"
                  "~/.gnupg/gpg-agent.conf")
 #+end_src
 With the ~pinentry~ package for Emacs prompts will now appear in the minibuffer. Increase the minimum prime bit size to increase performance during symmetric encryption.
 #+begin_src emacs-lisp
 (use-package pinentry
  :custom (epa-file-select-keys 2)
          (gnutls-min-prime-bits 4096)
          (epa-pinentry-mode 'loopback)
          (epa-file-encrypt-to dotfiles/public-key)
          (epa-file-cache-passphrase-for-symmetric-encryption t)
  :config (pinentry-start))
 #+end_src
 Override ~org-agenda-file-regexp~ to include =.org.gpg= files.
 #+begin_src emacs-lisp
 (unless (string-match-p "\\.gpg" org-agenda-file-regexp)
  (setq org-agenda-file-regexp
    (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?"
      org-agenda-file-regexp)))
 #+end_src
 Encrypt new files from capture templates.
 #+begin_src emacs-lisp
 (with-eval-after-load 'org-roam
  (setq org-roam-encrypt-files t))
 #+end_src
 * Footnotes