By default, every file whose name ends with .gpg will be treated as encrypted. That is, when you open such a file, the decrypted text is inserted in the buffer rather than encrypted one. Similarly, when you save the buffer to a foo.gpg file, encrypted data is written.
The file name pattern for encrypted files can be controlled by
You can disable this behavior with M-x epa-file-disable, and then get it back with M-x epa-file-enable.
epa-file will try to use symmetric encryption, aka
password-based encryption. If you want to use public key encryption
instead, do M-x epa-file-select-keys, which pops up the key
Select recipient keys to encrypt the currently visiting file with public key encryption.
You can also change the default behavior with the variable
For frequently visited files, it might be a good idea to tell Emacs
which encryption method should be used through See File Variables. Use the
variable for this.
For example, if you want an Elisp file to be encrypted with a
public key associated with an email address ‘email@example.com’,
add the following line to the beginning of the file.
;; -*- epa-file-encrypt-to: ("firstname.lastname@example.org") -*-
Instead, if you want the file always (regardless of the value of the
epa-file-select-keys variable) encrypted with symmetric
encryption, change the line as follows.
;; -*- epa-file-encrypt-to: nil -*-
Other variables which control the automatic encryption/decryption behavior are below.
nil, cache passphrase for symmetric encryption. The default value is