Next: , Previous: Using OpenPGP, Up: Security

2.7.4 Passphrase caching

Message with EasyPG internally calls GnuPG (the gpg or gpgsm command) to perform data encryption, and in certain cases (decrypting or signing for example), gpg/gpgsm requires user's passphrase. Currently the recommended way to supply your passphrase is to use the gpg-agent program.

In particular, the gpg-agent program supports passphrase caching so that you do not need to enter your passphrase for every decryption/sign operation. See Agent Options.

How to use gpg-agent in Emacs depends on your version of GnuPG. With GnuPG version 2.1, gpg-agent is started automatically if necessary. With older versions you may need to run the following command from the shell before starting Emacs.

     eval `gpg-agent --daemon`

This will invoke gpg-agent and set the environment variable GPG_AGENT_INFO to allow gpg to communicate with it. It might be good idea to put this command in your .xsession or .bash_profile. See Invoking GPG-AGENT.

Once your gpg-agent is set up, it will ask you for a passphrase as needed for gpg. Under the X Window System, you will see a new passphrase input dialog appear. The dialog is provided by PIN Entry (the pinentry command), reasonably recent versions of which can also cooperate with Emacs on a text console. If that does not work, you may need to put a passphrase into gpg-agent's cache beforehand. The following command does the trick.

     gpg --use-agent --sign < /dev/null > /dev/null