EasyPG 0.0.2 review
DownloadEasyPG is yet another GnuPG interface for Emacs
|
|
EasyPG is yet another GnuPG interface for Emacs. EasyPG package consists of two parts:
The EasyPG Assistant - A GUI frontend of GnuPG
The EasyPG Library - A library to interact with GnuPG
Here are some key features of "EasyPG":
The EasyPG Assistant provides the following features:
Cryptographic operations are usable from dired mode.
Keyring management interface.
Transparent encryption/decryption of *.gpg files.
The EasyPG Library provides the following features:
The API covers most functions of GnuPG.
Designed to avoid potential security pitfalls around Emacs.
Passphrase may leak to a temporary file
The function call-process-region writes data in region to a temporary file. If your PGP library used this function, your passphrases would leak to the filesystem.
The EasyPG Library does not use call-process-region to communicate with a gpg subprocess.
Passphrase may be stolen from a core file
If Emacs crashes and dumps core, Lisp strings in memory are also dumped within the core file. read-passwd function clears passphrase strings by (fillarray string 0) to avoid this risk. However, Emacs performs compaction in gc_sweep phase. If GC happens before fillarray, passphrase strings may be moved elsewhere in memory. Therefore, passphrase caching in elisp is generally a bad idea.
The EasyPG Library dares to disable passphrase caching. Fortunately, there is more secure way to cache passphrases - use gpg-agent.
Requirements:
GNU Emacs 21.4 or XEmacs 21.4
GnuPG 1.4.3
EasyPG 0.0.2 search tags