How to use Emacs to recognize and automatically open GPG encrypted file in ASCII armored format?

gpg -ca passwords.txt create encrypted ASCII file passwords.txt.asc. Emacs open the file as a normal text file:

Version: GnuPG v2.0.19 (GNU/Linux)


How do I make Emacs auto-decrypt and encrypt the file when I open and save it?

Asked By: RNA


Everything should work fine with the default configuration, but you
can check your configuration.

First, you need to be sure that EasyPG Assistant is installed.

M-xlocate-libraryRETepaRET should return something like:

Library is file /usr/local/share/emacs/24.2.50/lisp/epa.elc

If not, then you’ve to install it. (or upgrade to Emacs23 or Emacs24)


Then, check the value of the variable auto-mode-alist with
C-hvauto-mode-alistRET and search
for epa.

If you cannot find it, add this snippet to your .emacs.

(add-to-list 'auto-mode-alist '("\.gpg\(~\|\.~[0-9]+~\)?\'" nil epa-file))
Answered By: Daimrod

I did following to let Emacs open .asc files in the same way of .gpg files

(require 'epa-file)
(setq epa-file-name-regexp "\.\(gpg\|asc\)$")
Answered By: RNA

Daimrod’s answer (currently top ranked) doesn’t work for me, because EasyPG (epa) isn’t an auto-mode, so modifying auto-mode-alist is wrong, at least as of emacs 24.3.1.

Instead, you have to modify the epa-file-name-regexp value to add a pattern to match *.asc files.

(setq epa-file-name-regexp "\.gpg\(~\|\.~[0-9]+~\)?\'\|\.asc")

Personally I think all the extra syntax required to match emacs backup files is both unnecessary for almost all purposes as well as unconducive to easy understanding and maintenance, so I left that out of the “.asc” pattern. Add it if you prefer it verbatim as it appears after the “.gpg” pattern.

Note if you do this after emacs has started up and enabled epa, you have to run the epa-file-name-regexp-update function to pick up a changed value. That’s unnecessary if you add this code to your .emacs startup file (nor do you need to explicitly enable epa).

Answered By: BobDoolittle

Thu Sep 3 01:31:53 BST 2015

In addition to the above (to automatically encrypt .asc files with ascii armor), epa-armor should be non-nil:

Add to init.el:

(setq epa-armor t)

epa-armor is a variable defined in `epa.el’
Its value is t
If non-nil, epa commands create ASCII armored output.

You should bind this variable with `let’, but do not set it globally.

Answered By: rprimus

I had the same issue as the original poster. I want EasyPG to save files with a .asc extension in ASCII-armored ciphertext, not binary. There’s some good info in the responses, but none was complete enough to solve the OP’s issue. I think I solved it with the following configuration.


(setq epa-file-name-regexp "\.\(gpg\|\asc\)\(~\|\.~[0-9]+~\)?\'")

;; Minor mode for ASCII-armored gpg-encrypted files
(define-minor-mode auto-encryption-armored-mode
  "Save files in encrypted, ASCII-armored format"
  ;; The initial value.
  ;; The indicator for the mode line.
  " Encrypted,Armored"
  ;; The minor mode bindings.
  (if (symbol-value auto-encryption-armored-mode)
      (set (make-local-variable 'epa-armor) t)
    (kill-local-variable 'epa-armor))

(add-to-list 'auto-mode-alist '("\.asc$" . auto-encryption-armored-mode))

First, this adds .asc and Emacs backup names to the file name extensions that EasyPG will save as encrypted data, by default binary.

Then it defines a minor mode that sets epa-armor as a buffer local variable. Inspired by sensitive-mode:

Finally, it sets that minor mode to automatically activate when opening .asc files. TODO: Also activate when opening Emacs backup files.

Note that the “extra” epa-file-name-regexp regexp syntax is critical if you don’t want cleartext copies of your .gpg and .asc files floating around as Emacs backups.

Seems to work OK so far.

This question is pretty stale, but there’s also not an easy solution shipped with EasyPG and Emacs 24 on Debian 8.3. Hope that helps.

Answered By: bcduggan
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.