emacs EasyPG asks what key to use although epa-file-encrypt-to already specified

Scenario: I use emacs with EasyPG to automate encryption and decryption of files. I open an empty file called test.gpg. I then paste the following text into the file

;; -*- epa-file-encrypt-to: ("itsme@mydomain.org") -*-
this-is-a-test, any text will do for this test

I then proceed to save the file. Emacs will respond by opening a buffer called *Keys* where I am supposed to select what key to use for the encryption. But as you see above, I already inserted the key spec ("itsme@mydomain.org") into the buffer using the syntax prescribed in the manual. And manually having to search in the other buffer to find and select the intended key is a chore.

Why does not EasyPG check for the key specification upon save? Is there a simple workaround?

reikred

Posted 2017-04-30T20:25:56.697

Reputation: 253

Answers

Run M-x normal-mode which will parse and set the local variables in the file-local-variable-prop-line immediately before attempting to save the file. It is equivalent but less convenient to run (setq-local epa-file-encrypt-to '("itsme@mydomain.org"))

Once that is done, you should be able to save without being prompted to select a key.

cwillsdev

Posted 2017-04-30T20:25:56.697

Reputation: 36

That works, thanks much! – reikred – 2019-06-16T19:00:02.070

Workaround as follows:

Save the file with a non-gpg extension (or no filename extension at all).
Do a "gpg -e filename" in a console window. You have to enter the the key spec (email address) once. This should create "filename.gpg". Don't forget to remove the unencrypted file.

After that, you can open the encrypted file in Emacs. It will prompt for the passphrase. And when saving changes, "epa-file-encrypt-to" will be considered.

jvb

Posted 2017-04-30T20:25:56.697

Reputation: 1 697

Sure that works, but the intent of the ;; -- epa-file-encrypt-to: ("itsme@mydomain.org") -- construct is that one should not have to encryot the file manually and externally. – reikred – 2017-05-01T22:38:20.413

Yes and no ;) Apparently, the epa-file-encrypt-to is not for enforcing encryption at saving files (the .gpg extension and the associated mode does that), but for selecting the appropriate encryption key.When you are working with an encrypted file and the line is missing, you will be prompted for a key to encrypt with (if you didn't customize the variable epa-file-encrypt-to, that's an alternative to the comment line). – jvb – 2017-05-02T12:43:08.100

I'd call it a bug. What in earth would be the point of specifying the key name in the file if EasyPG is not going to use the value? It make no sense. – reikred – 2017-05-05T03:34:22.800

I'm not claiming the variable is for "enforcing" encryption. Notice my test case file is called test.gpg. I'm claiming the variable is for automating the selection of what key to use. Right now I will call the current behavior a bug. What on earth would be the point of specifying the key name in the file if EasyPG is not going to use the value? It makes no sense. BTW, I have tried to hack and recompile epa-file.el.gz with some code that will call (hack-local-variables) to re-read local variables from the buffer upon save if epa-file-encrypt-to is not set, but could not quite get it right. – reikred – 2017-05-05T03:42:32.483