\input texinfo @c -*-texinfo-*-@setfilename ../info/pgg@set VERSION 0.1@copyingThis file describes the PGG.Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.Copyright (C) 2001 Daiki Ueno.@quotationPermission is granted to copy, distribute and/or modify this documentunder the terms of the GNU Free Documentation License, Version 1.2 orany later version published by the Free Software Foundation; with noInvariant Sections, with no Front-Cover Texts, and with no Back-CoverTexts. A copy of the license is included in the section entitled ``GNUFree Documentation License''.@end quotation@end copying@dircategory Emacs@direntry* PGG: (pgg). Emacs interface to various PGP implementations.@end direntry@settitle PGG @value{VERSION}@titlepage@title PGG@author by Daiki Ueno@page@vskip 0pt plus 1filll@insertcopying@end titlepage@page@node Top@top PGGThis manual describes PGG. PGG is an interface library between Emacsand various tools for secure communication. PGG also provides a simpleuser interface to encrypt, decrypt, sign, and verify MIME messages.@menu* Overview:: What PGG is.* Prerequisites:: Complicated stuff you may have to do.* How to use:: Getting started quickly.* Architecture:: * Parsing OpenPGP packets:: * Function Index:: * Variable Index:: @end menu@node Overview@chapter OverviewPGG is an interface library between Emacs and various tools for securecommunication. Even though Mailcrypt has similar feature, it does notdeal with detached PGP messages, normally used in PGP/MIMEinfrastructure. This was the main reason why I wrote the new library.PGP/MIME is an application of MIME Object Security Services (RFC1848).The standard is documented in RFC2015.@node Prerequisites@chapter PrerequisitesPGG requires at least one implementation of privacy guard system.This document assumes that you have already obtained and installed themand that you are familiar with its basic functions.By default, PGG uses GnuPG, but Pretty Good Privacy version 2 or version5 are also supported. If you are new to such a system, I recommend thatyou should look over the GNU Privacy Handbook (GPH) which is availableat @uref{http://www.gnupg.org/gph/}.@node How to use@chapter How to useThe toplevel interface of this library is quite simple, and onlyintended to use with public-key cryptographic operation.To use PGG, evaluate following expression at the beginning of yourapplication program.@lisp(require 'pgg)@end lispIf you want to check existence of pgg.el at runtime, instead you canlist autoload setting for desired functions as follows.@lisp(autoload 'pgg-encrypt-region "pgg" "Encrypt the current region." t)(autoload 'pgg-decrypt-region "pgg" "Decrypt the current region." t)(autoload 'pgg-sign-region "pgg" "Sign the current region." t)(autoload 'pgg-verify-region "pgg" "Verify the current region." t)(autoload 'pgg-insert-key "pgg" "Insert the ASCII armored public key." t)(autoload 'pgg-snarf-keys-region "pgg" "Import public keys in the current region." t)@end lisp@menu* User Commands:: * Selecting an implementation:: * Caching passphrase:: * Default user identity:: @end menu@node User Commands@section User CommandsAt this time you can use some cryptographic commands. The behavior ofthese commands relies on a fashion of invocation because they are alsointended to be used as library functions. In case you don't have thesigner's public key, for example, the function @code{pgg-verify-region}fails immediately, but if the function had been called interactively, itwould ask you to retrieve the signer's public key from the server.@deffn Command pgg-encrypt-region start end recipients &optional signEncrypt the current region between @var{start} and @var{end} for@var{recipients}. When the function were called interactively, youwould be asked about the recipients.If encryption is successful, it replaces the current region contents (inthe accessible portion) with the resulting data.If optional argument @var{sign} is non-@code{nil}, the function isrequest to do a combined sign and encrypt. This currently only workwith GnuPG.@end deffn@deffn Command pgg-decrypt-region start endDecrypt the current region between @var{start} and @var{end}. Ifdecryption is successful, it replaces the current region contents (inthe accessible portion) with the resulting data.@end deffn@deffn Command pgg-sign-region start end &optional cleartextMake the signature from text between @var{start} and @var{end}. If theoptional third argument @var{cleartext} is non-@code{nil}, or thefunction is called interactively, it does not create a detachedsignature. In such a case, it replaces the current region contents (inthe accessible portion) with the resulting data.@end deffn@deffn Command pgg-verify-region start end &optional signature fetchVerify the current region between @var{start} and @var{end}. If theoptional third argument @var{signature} is non-@code{nil}, or the functionis called interactively, it is treated as the detached signature of thecurrent region.If the optional 4th argument @var{fetch} is non-@code{nil}, or thefunction is called interactively, we attempt to fetch the signer'spublic key from the key server.@end deffn@deffn Command pgg-insert-keyRetrieve the user's public key and insert it as ASCII-armored format.@end deffn@deffn Command pgg-snarf-keys-region start endCollect public keys in the current region between @var{start} and@var{end}, and add them into the user's keyring.@end deffn@node Selecting an implementation@section Selecting an implementationSince PGP has a long history and there are a number of PGPimplementations available today, the function which each one has differsconsiderably. For example, if you are using GnuPG, you know you canselect cipher algorithm from 3DES, CAST5, BLOWFISH, and so on, but onthe other hand the version 2 of PGP only supports IDEA.By default, if the variable @code{pgg-scheme} is not set, PGG searches theregistered scheme for an implementation of the requested serviceassociated with the named algorithm. If there are no match, PGG uses@code{pgg-default-scheme}. In other words, there are two options tocontrol which command is used to process the incoming PGP armors. Oneis for encrypting and signing, the other is for decrypting andverifying.@defvar pgg-schemeForce specify the scheme of PGP implementation for decrypting and verifying.The value can be @code{gpg}, @code{pgp}, and @code{pgp5}.@end defvar@defvar pgg-default-schemeForce specify the scheme of PGP implementation for encrypting and signing.The value can be @code{gpg}, @code{pgp}, and @code{pgp5}.@end defvar@node Caching passphrase@section Caching passphrasePGG provides a simple passphrase caching mechanism. If you want toarrange the interaction, set the variable @code{pgg-read-passphrase}.@defvar pgg-cache-passphraseIf non-@code{nil}, store passphrases. The default value of thisvariable is @code{t}. If you were worry about security issue, however,you could stop caching with setting it @code{nil}.@end defvar@defvar pgg-passphrase-cache-expiryElapsed time for expiration in seconds.@end defvar@node Default user identity@section Default user identityThe PGP implementation is usually able to select the proper key to usefor signing and decryption, but if you have more than one key, you mayneed to specify the key id to use.@defvar pgg-default-user-idUser ID of your default identity. It defaults to the value returnedby @samp{(user-login-name)}. You can customize this variable.@end defvar@defvar pgg-gpg-user-idUser ID of the GnuPG default identity. It defaults to @samp{nil}.This overrides @samp{pgg-default-user-id}. You can customize thisvariable.@end defvar@defvar pgg-pgp-user-idUser ID of the PGP 2.x/6.x default identity. It defaults to@samp{nil}. This overrides @samp{pgg-default-user-id}. You cancustomize this variable.@end defvar@defvar pgg-pgp5-user-idUser ID of the PGP 5.x default identity. It defaults to @samp{nil}.This overrides @samp{pgg-default-user-id}. You can customize thisvariable.@end defvar@node Architecture@chapter ArchitecturePGG introduces the notion of a "scheme of PGP implementation" (usedinterchangeably with "scheme" in this document). This term refers to asingleton object wrapped with the luna object system.Since PGG was designed for accessing and developing PGP functionality,the architecture had to be designed not just for interoperability butalso for extensiblity. In this chapter we explore the architecturewhile finding out how to write the PGG backend.@menu* Initializing:: * Backend methods:: * Getting output:: @end menu@node Initializing@section InitializingA scheme must be initialized before it is used.It had better guarantee to keep only one instance of a scheme.The following code is snipped out of @file{pgg-gpg.el}. Once aninstance of @code{pgg-gpg} scheme is initialized, it's stored to thevariable @code{pgg-scheme-gpg-instance} and will be reused from now on.@lisp(defvar pgg-scheme-gpg-instance nil)(defun pgg-make-scheme-gpg () (or pgg-scheme-gpg-instance (setq pgg-scheme-gpg-instance (luna-make-entity 'pgg-scheme-gpg))))@end lispThe name of the function must follow theregulation---@code{pgg-make-scheme-} follows the backend name.@node Backend methods@section Backend methodsIn each backend, these methods must be present. The output of thesemethods is stored in special buffers (@ref{Getting output}), so thatthese methods must tell the status of the execution.@deffn Method pgg-scheme-lookup-key scheme string &optional typeReturn keys associated with @var{string}. If the optional thirdargument @var{type} is non-@code{nil}, it searches from the secretkeyrings.@end deffn@deffn Method pgg-scheme-encrypt-region scheme start end recipients &optional signEncrypt the current region between @var{start} and @var{end} for@var{recipients}. If @var{sign} is non-@code{nil}, do a combined signand encrypt. If encryption is successful, it returns @code{t},otherwise @code{nil}.@end deffn@deffn Method pgg-scheme-decrypt-region scheme start endDecrypt the current region between @var{start} and @var{end}. Ifdecryption is successful, it returns @code{t}, otherwise @code{nil}.@end deffn@deffn Method pgg-scheme-sign-region scheme start end &optional cleartextMake the signature from text between @var{start} and @var{end}. If theoptional third argument @var{cleartext} is non-@code{nil}, it does notcreate a detached signature. If signing is successful, it returns@code{t}, otherwise @code{nil}.@end deffn@deffn Method pgg-scheme-verify-region scheme start end &optional signatureVerify the current region between @var{start} and @var{end}. If theoptional third argument @var{signature} is non-@code{nil}, it is treatedas the detached signature of the current region. If the signature issuccessfully verified, it returns @code{t}, otherwise @code{nil}.@end deffn@deffn Method pgg-scheme-insert-key schemeRetrieve the user's public key and insert it as ASCII-armored format.On success, it returns @code{t}, otherwise @code{nil}.@end deffn@deffn Method pgg-scheme-snarf-keys-region scheme start endCollect public keys in the current region between @var{start} and@var{end}, and add them into the user's keyring.On success, it returns @code{t}, otherwise @code{nil}.@end deffn@node Getting output@section Getting outputThe output of the backend methods (@ref{Backend methods}) is stored inspecial buffers, so that these methods must tell the status of theexecution.@defvar pgg-errors-bufferThe standard error output of the execution of the PGP command is storedhere.@end defvar@defvar pgg-output-bufferThe standard output of the execution of the PGP command is stored here.@end defvar@defvar pgg-status-bufferThe rest of status information of the execution of the PGP command isstored here.@end defvar@node Parsing OpenPGP packets@chapter Parsing OpenPGP packetsThe format of OpenPGP messages is maintained in order to publish allnecessary information needed to develop interoperable applications.The standard is documented in RFC 2440.PGG has its own parser for the OpenPGP packets.@defun pgg-parse-armor stringList the sequence of packets in @var{string}.@end defun@defun pgg-parse-armor-region start endList the sequence of packets in the current region between @var{start}and @var{end}.@end defun@defvar pgg-ignore-packet-checksumIf non-@code{nil}, don't check the checksum of the packets.@end defvar@node Function Index@chapter Function Index@printindex fn@node Variable Index@chapter Variable Index@printindex vr@summarycontents@contents@bye@c End:@ignore arch-tag: 0c205838-34b9-41a5-b9d7-49ae57ccac85@end ignore