Next: , Previous: Using S/MIME, Up: Security

2.7.3 Using PGP/MIME

PGP/MIME requires an external OpenPGP implementation, such as GNU Privacy Guard. Pre-OpenPGP implementations such as PGP 2.x and PGP 5.x are also supported. The default Emacs interface to the PGP implementation is EasyPG (see EasyPG Assistant User's Manual), but PGG (see PGG) and Mailcrypt are also supported. See PGP Compatibility.

Message internally calls GnuPG (the gpg command) to perform data encryption, and in certain cases (decrypting or signing for example), gpg requires user's passphrase. Currently the recommended way to supply your passphrase to gpg is to use the gpg-agent program.

To use gpg-agent in Emacs, you need to run the following command from the shell before starting Emacs.

     eval `gpg-agent --daemon`

This will invoke gpg-agent and set the environment variable GPG_AGENT_INFO to allow gpg to communicate with it. It might be good idea to put this command in your .xsession or .bash_profile. See Invoking GPG-AGENT.

Once your gpg-agent is set up, it will ask you for a passphrase as needed for gpg. Under the X Window System, you will see a new passphrase input dialog appear. The dialog is provided by PIN Entry (the pinentry command), and as of version 0.7.2, pinentry cannot cooperate with Emacs on a single tty. So, if you are using a text console, you may need to put a passphrase into gpg-agent's cache beforehand. The following command does the trick.

     gpg --use-agent --sign < /dev/null > /dev/null