#+TITLE: Encryption #+AUTHOR: Christopher James Hayward #+EMAIL: chris@chrishayward.xyz #+PROPERTY: header-args:emacs-lisp :tangle encryption.el :comments org #+PROPERTY: header-args:shell :tangle no #+PROPERTY: header-args :results silent :eval no-export :comments org #+OPTIONS: num:nil toc:nil todo:nil tasks:nil tags:nil #+OPTIONS: skip:nil author:nil email:nil creator:nil timestamp:nil My source files encrypted with symmetric key encryption via *GPG*[fn:1]. This enables my workflow of storing my personal notes anywhere, including checked in to a public source repository. Emacs can cache the *GPG*[fn:1] password if you trust your session. *Pinentry*[fn:2] handled within Emacs to remain compatible without the [[file:desktop.org][Desktop]] module. * Configuring the gpg-agent :PROPERTIES: :header-args: :tangle ../config/gpg-agent.conf :END: When the *gpg-agent*[fn:1] loads it will read the configuration at ~~/.gnupg/gpg-agent.conf~. Override the default settings to allow Emacs to function as the *Pinentry*[fn:2] application. #+begin_src conf allow-emacs-pinentry allow-loopback-pinentry #+end_src ** Restarting the gpg-agent You may need to restart the *gpg-agent*[fn:1] to load the configuration without rebooting. #+begin_src shell gpgconf --reload gpg-agent #+end_src ** Creating a symbolic link Create the symbolic link to the configuration file #+begin_src emacs-lisp (dotfiles/symlink "~/.emacs.d/config/gpg-agent.conf" "~/.gnupg/gpg-agent.conf") #+end_src * Setting up pinentry in Emacs With the *Pinentry*[fn:2] package for Emacs prompts will now appear in the minibuffer. #+begin_src emacs-lisp (use-package pinentry :custom (epa-file-select-keys 2) (epa-pinentry-mode 'loopback) (epa-file-encrypt-to dotfiles/public-key) (epa-file-cache-passphrase-for-symmetric-encryption t) :config (pinentry-start)) #+end_src ** Including *.gpg files Override ~org-agenda-file-regexp~ to include =.org.gpg= files. #+begin_src emacs-lisp (unless (string-match-p "\\.gpg" org-agenda-file-regexp) (setq org-agenda-file-regexp (replace-regexp-in-string "\\\\\\.org" "\\\\.org\\\\(\\\\.gpg\\\\)?" org-agenda-file-regexp))) #+end_src ** Encrypting roam files Irrelevant without the [[file:writing.org][Writing]] module, encrypt new files from capture templates. #+begin_src emacs-lisp (with-eval-after-load 'org-roam (setq org-roam-encrypt-files t)) #+end_src * Managing passwords *Pass*[fn:3] makes managing passwords easy, encrypring them in a file structure and providing easy commands for generating, modify, and copying passwords. *Password-store.el*[fn:4] provides a wrapper for the functionality within Emacs. #+begin_src emacs-lisp (use-package password-store :custom (password-store-dir dotfiles/passwords)) #+end_src Configure keybindings behind =SPC p=. + Copy with =p= + Rename with =r= + Generate with =g= #+begin_src emacs-lisp (dotfiles/leader "p" '(:ignore t :which-key "Passwords") "pp" '(password-store-copy :which-key "Copy") "pr" '(password-store-rename :which-key "Rename") "pg" '(password-store-generate :which-key "Generate")) #+end_src * Resources [fn:1] https://gnupg.org [fn:2] https://elpa.gnu.org/packages/pinentry.html [fn:3] https://passwordstore.org [fn:4] https://git.zx2c4.com/password-store/tree/contrib/emacs