[Emacs] Make GPG in Emacs more secure

GPG buffers will now be closed after a minute of idling
2020-08-30 18:45:43 +02:00 · 2020-08-30 18:45:43 +02:00 · 7388fccc27
commit 7388fccc27
parent 1eb3833ad9
1 changed files with 45 additions and 0 deletions
--- a/org/config/spacemacs.org
+++ b/org/config/spacemacs.org
@ -3617,6 +3617,51 @@
                               "~/.cache/yay/*" "node_modules" "~/.config/emacs")
   #+END_SRC
 ** Security
   :PROPERTIES:
   :CUSTOM_ID: User_Configuration-Security-21d88555
   :END:
   This paragraph  is about  making Emacs  and GPG  as a  whole (since  Emacs is
 /always/ open on my computer) more secure.  The first thing I want to make is
   a function that  will close any buffer  that contains an open ~.gpg~ file –I
   certainly do not want anyone to be able  to read such files on my computer if
   I leave it even for a couple of minutes.
   #+BEGIN_SRC emacs-lisp
     (defun phundrak/kill-gpg-buffers ()
       "Kill GPG buffers."
       (interactive)
       (let ((buffers-killed 0))
         (dolist (buffer (buffer-list))
           (with-current-buffer buffer
             (when (string-match ".*\.gpg$" (buffer-name buffer))
               (message "Auto killing .gpg buffer '%s'" (buffer-name buffer))
               (when (buffer-modified-p buffer)
                 (save-buffer))
               (kill-buffer buffer)
               (setq buffers-killed (+ buffers-killed 1)))))
         (unless (zerop buffers-killed)
           ;; Kill gpg-agent.
           (shell-command "gpgconf --kill gpg-agent")
           (message "%s .gpg buffers have been autosaved and killed" buffers-killed))))
   #+END_SRC
   Notice  the ~(shell-command  "gpgconf --kill  gpg-agent")~ command  there: it
   kills ~gpg-agent~ which  will always respawn each time GPG2  is invoked. That
   way, I know anyone trying to open a  GPG file will have to insert my password
   when trying  to do so instead  of just hoping I  entered it not long  ago and
   they won’t have to.
   But surely, if  I only define this function  and hope to call it  each time I
   leav my  computer, surely  at one point  I will forget  to execute  it before
   leaving. I can’t trust  myself to always call it manually.  Which is why I’ll
   ask Emacs  itself to  call it  after it detects  a minute  of idling.  It may
   become from times to times a bit of a pain, but at least I’m now sure I won’t
   ever have to worry about someone reading my GPG files open in Emacs while I’m
   out for a quick break.
   #+BEGIN_SRC emacs-lisp
     (run-with-idle-timer 60 t 'phundrak/kill-gpg-buffers)
   #+END_SRC
 ** Snippets
   :PROPERTIES:
   :CUSTOM_ID: User_Configuration-Snippets-67a32065