Previous: Mail-mode integration, Up: Commands

3.6 Encrypting/decrypting gpg files

By default, every file whose name ends with .gpg will be treated as encrypted. That is, when you open such a file, the decrypted text is inserted in the buffer rather than encrypted one. Similarly, when you save the buffer to a foo.gpg file, encrypted data is written.

The file name pattern for encrypted files can be controlled by epa-file-name-regexp.

— Variable: epa-file-name-regexp

Regexp which matches filenames treated as encrypted.

You can disable this behavior with M-x epa-file-disable, and then get it back with M-x epa-file-enable.

— Command: epa-file-disable

Disable automatic encryption/decryption of *.gpg files.

— Command: epa-file-enable

Enable automatic encryption/decryption of *.gpg files.

By default, epa-file will try to use symmetric encryption, aka password-based encryption. If you want to use public key encryption instead, do M-x epa-file-select-keys, which pops up the key selection dialog.

— Command: epa-file-select-keys

Select recipient keys to encrypt the currently visiting file with public key encryption.

You can also change the default behavior with the variable epa-file-select-keys.

— Variable: epa-file-select-keys

Control whether or not to pop up the key selection dialog.

For frequently visited files, it might be a good idea to tell Emacs which encryption method should be used through See File Variables. Use the epa-file-encrypt-to local variable for this. For example, if you want an Elisp file to be encrypted with a public key associated with an email address ‘’, add the following line to the beginning of the file.

     ;; -*- epa-file-encrypt-to: ("") -*-

Instead, if you want the file always (regardless of the value of the epa-file-select-keys variable) encrypted with symmetric encryption, change the line as follows.

     ;; -*- epa-file-encrypt-to: nil -*-

Other variables which control the automatic encryption/decryption behavior are below.

— Variable: epa-file-cache-passphrase-for-symmetric-encryption

If non-nil, cache passphrase for symmetric encryption. The default value is nil.

— Variable: epa-file-inhibit-auto-save

If non-nil, disable auto-saving when opening an encrypted file. The default value is t.