Org Crypt

about | blog | config | notes | github

Org Crypt is a package that lets us encrypt blocks of text in an Org-mode file using GnuPG without having the full file encrypted like usual.

1. Configuration

Org-mode needs to be loaded as org-crypt is bundled along with the package but isn't loaded by default.

(require 'init-org)

Once that's done, we can now laod up org-crypt!

(require 'org-crypt)

We have to deal with autosaving as we don't want unencrypted data to get to the disk. We'll keep it disabled in buffers that make use of the module. We will set the org-crypt-disable-auto-save to 'encrypt which re-encrypts on ever autosave so unencrypted data doesn't get on disk which is good, but it also reverts the buffer back to the encrypted version which can be annoying. This is price to pay for good security I suppose.

(org-crypt-use-before-save-magic)
(setq org-crypt-disable-auto-save 'encrypt)

We must either specify a Key ID from GnuPG or keep the value nil to use symmetric encryption.

(setq org-crypt-key user-mail-address)

We need to specify which tag to use for encrypting org headings. We will make use of #ENCRYPTED.

(setq org-crypt-tag-matcher "ENCRYPTED")

DO NOT let this tag be inherited. It will cause org-encrypt having encrypted text inside of encrypted text.

(add-to-list 'org-tags-exclude-from-inheritance org-crypt-tag-matcher)

Finally we need to provide this module.

(provide 'init-org-crypt)

Created: 2021-11-13

Emacs 26.1 (Org mode 9.5)