1 Cheat sheet for email crypto with Emacs

This works with my mu4e setup, but it should work for any other Emacs mail setup. You'll need to install and configure GPG, the GNU privacy handbook gives a usable intro to that.

Next, you'll need EasyPG installed, that comes with Emacs these days. EasyPG is a beast of its own, but it does come with quite a few handy mail functions.

1.1 Sign an email

While composing an email, enter M-x epa-mail-sign to sign the message with your PGP key. epa-mail-sign parses your mail buffer, so you don't need to select parts of the text, etc.

Call with a prefix argument to select which key to use for signing.

1.2 Encrypt an email

Just like with signing, simply run the command in a mail message buffer, this time M-x epa-mail-encrypt. This time, it will use the recipient list to perform the encryption, which is really handy.

Again, use a prefix argument to select another key to use for encrypting the message. I'm not sure how useful this is in a real-world scenario, as epa-mail-encrypt reads the sender identity from the mail message.

1.3 Verify a signed email

When you receive a signed email, use M-x epa-mail-verify to verify the signature.

1.4 Decrypt an encrypted email

When receiving an encrypted email, use M-x epa-mail-decrypt to decrypt it.

1.5 Add keys in a message to your keyring

To import any PGP armor keys in the current message buffer, enter M-x epa-mail-import-keys to add them to your keychain.

1.6 Bonus point: automaticall load epa-mail-mode in mu

EasyPG ships with a minor mode for use in mail programs, which is really useful. Enable epa-mail-mode when composing messages:

(add-hook 'mu4e-compose-mode-hook
   (defun my-setup-epa-hook ()

Now, when composing a message, use:

  • C-c C-e s to sign a message.
  • C-c C-e e to encrypt a message

Let's enable it in mu4e-view-mode as well:

(add-hook 'mu4e-view-mode-hook
  (defun my-view-mode-hook ()

Now, when viewing a message, enter:

  • C-c C-e v to verify a signature
  • C-c C-e d to decrypt a message