The problem
Because gpg 2.4.1 borked Emacs's EasyPG. It just hangs on saving.
Why not just use gpg?
There are some ways around it, and I was using the fset hack until I read this post about the person who corrupted their encrypted files. I also had to run the elisp on every new Emacs instance.
And then lib-gcrypt is marked as broken in NixOS if you use the gnupg22 package(Version: 2.2.41), and a blowing past that stop sign sounded like a bad idea.
So I started thinking outside the box.
Why age?
I started using it with agenix, just because Henrik started using it in his dotfiles. The k8s@home template also eventually switched from gpg to age so I was already pretty comfortable with using age.
TL;DR Age: the modern alternative to GPG — nixFAQ:
- Age is presented as a modern alternative to GPG that solves many of its limitations while maintaining security.
- Age stands for "Actually Good Encryption" and has implementations in Go and Rust for improved security compared to GPG's C implementation.
- Age uses smaller keys that are easier to store physically and has a simpler interface with no configuration options.
- Files can be encrypted for multiple recipients simultaneously using Age.
- Age supports encrypting for SSH public keys in addition to its own keys.
- Age allows encrypting files for GitHub users by using their SSH keys from their profile.
- Age offers a better user experience than GPG while maintaining an equally high level of security.
Why still org-journal?
I've considered using org-roam-dailies instead of org-journal. However, after some reflection, I'm not entirely sure why. Org Roam supports Age encryption, and org-journal has several PR fixes for various issues that have been neglected (this is not a judgment of the maintainer, but problems like journal files being decrypted whenever the calendar is invoked are troublesome). I think I was just seeking a quick solution to resume journaling.
Setup
Now that you've listened to me ramble on for a bit, here's the actual setup. This is using Doom Emacs.
packages.el
(package! age)
config.el
(use-package! age
:init
(setq! age-program "rage")
:config
(setq! age-default-identity "~/.ssh/id_ed25519"
age-default-recipient "~/.ssh/id_ed25519.pub")
(age-file-enable))
Went with rage, because Rust. Also there's pinentry support through rage.
config.el
(after! org
(setq org-journal-encrypt-journal nil
org-journal-file-format "%Y%m%d.org.age")
Only thing I had to do then was turn off the built-in gpg support on
org-journal, and update the naming scheme to have age as the suffix and it just
worked.™
Top comments (0)