#+TITLE: GPG
#+AUTHOR: Christopher James Hayward
#+EMAIL: chris@chrishayward.xyz

#+PROPERTY: header-args:emacs-lisp :tangle gpg.el :comments org
#+PROPERTY: header-args:shell      :tangle no
#+PROPERTY: header-args            :results silent :eval no-export :comments org

#+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil
#+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil

Handle GPG[fn:1] pinentry within Emacs.

* Setup
:PROPERTIES:
:header-args: :tangle ../config/gpg-agent.conf
:END:

When the ~gpg-agent~[fn:1] loads it will read the configuration at =~/.gnupg/gpg-agent.conf=. Override the default settings to allow Emacs to function as the Pinentry application.

#+begin_src conf
allow-emacs-pinentry
allow-loopback-pinentry
#+end_src

You may need to restart the ~gpg-agent~[fn:1] to load the configuration without rebooting.

#+begin_src shell :tangle nil
gpgconf --reload gpg-agent
#+end_src

* Config

Create the symbolic link to the configuration file.

#+begin_src emacs-lisp
(dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf"
                  "~/.gnupg/gpg-agent.conf")
#+end_src

With the ~pinentry~[fn:2] package for Emacs prompts will now appear in the minibuffer. Increase the minimum prime bit size to increase performance during symmetric encryption.

#+begin_src emacs-lisp
(use-package pinentry
  :custom (epa-file-select-keys 2)
          (gnutls-min-prime-bits 4096)
          (epa-pinentry-mode 'loopback)
          (epa-file-encrypt-to dotfiles/public-key)
          (epa-file-cache-passphrase-for-symmetric-encryption t)
  :config (pinentry-start))
#+end_src

** Including agenda files

Override ~org-agenda-file-regexp~ to include =.org.gpg= files.

#+begin_src emacs-lisp
(unless (string-match-p "\\.gpg" org-agenda-file-regexp)
  (setq org-agenda-file-regexp
    (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?"
      org-agenda-file-regexp)))
#+end_src

* Footnotes

[fn:1] https://gnupg.org

[fn:2] https://elpa.gnu.org/packages/pinentry.html