Hedgehog
[ English | Japanese ]

Notice

Hedgehog 0.99 is still in beta stage. Don't edit encrypted files which contain significant data without backing them up!

FOR THOSE WHO USE HEDGEHOG 0.99.5 OR OLDER: upgrade Hedgehog to 0.99.6 or later immediately since 0.99.5 or older has potentially serious risk to destroy your encrypted file!

News

January 30, 2007

  • Hedgehog 0.99.6 released.
    • Fix the potentially serious bug that hedgehog sometimes destroy your encrypted files.

September 17, 2006

  • Hedgehog 0.99.5 released.
    • Fix bug that some garbage data is mixed-in when encrypting and decrypting on Emacs 21.

March 27, 2006

  • Hedgehog 0.99.4 released.
    • GnuPG from cygwin on Meadow may be supported (but not tested well).

March 25, 2006

  • Hedgehog 0.99.3 released.
    • Call clear-string when Hedgehog expires cached passphrase, in order to make sure it is completely removed from memory.

March 17, 2006

  • Hedgehog 0.99.2 released.
    • Eliminated call-process-region which writes contents of buffer to provisional file.
    • Better support for Meadow and GnuPG for Windows.

March 16, 2006

  • Hedgehog 0.99.1 released.
    • Handling various warning from GnuPG.
    • Emacs 21 supported (XEmacs is still not supported).

March 14, 2006

  • Hedgehog 0.99.0 released.

Introduction

The improvements of the Internet and micro device technologies have changed our style of using computer. We can carry laptop computers and use them everywhere, even on a train. While it's quite convenient to carry laptop computer with us, it has a high risk of theft. Therefore, we should make significant data on laptops encrypted to protect them against theft.

Hedgehog, which is written in Emacs Lisp and runs on Emacs, provides an easy way to edit files encrypted with GnuPG. The encryption and decryption of files should be performed transparently to the user. You just operate your Emacs as usually, except inputting passphrase when Hedgehog prompts you for it.

Features

Key features of Hedgehog are:

  • Files are encrypted and decrypted automatically according to its filename (typically ".gpg" suffix).
  • Provisional plain-text files are completely eliminated and not used, even on the way of encryption and decryption.
  • Passphrases given by user are cached on memory with the timer to expire them.
  • Editing encrypted files on remote hosts are also supported in conjunction with tramp.
  • Easy to use; just load single .el (or .elc) file.

Environment

Hedgehog supports following emacs variants and GnuPG:

Emacsen

  • GNU Emacs 22.0.50 (on UNIX variants)
  • GNU Emacs 21.3.1 (on UNIX variants)
  • Meadow 3.00-dev (base on GNU Emacs 22.0.50, for windows)

XEmacs is not supported.

GnuPG

  • GnuPG 1.4.6
  • GnuPG 1.4.2.2 for Windows (distributed from gnupg.org)
  • GnuPG 1.4.2.2 for Windows (compiled for cygwin)

GnuPG 2 series is not tested, but GnuPG 2 with libgcrypt 1.2.3 or older does not work with hedgehog due to the bug of libgcrypt.

For users of GnuPG for Windows from gnupg.org: Make sure your environment meets either of followings, or Hedgehog will not work correctly:

  • Using Meadow 3.00-dev (Meadow 2 series may work, but not tested)
  • Language for GnuPG which you can select at installation is English. You may change it later by edting registry.

Instructions

Installation

Just put "hedgehog.el" to a directory included in the load-path of your Emacs, and following line to your .emacs or something: 

(load "hedgehog" nil t)

If you prefer to load byte-compiled .elc file rather than source .el file, byte-compile hedgehog.el as following: 

emacs -q -batch -f batch-byte-compile hedgehog.el

Encryption/Decryption

Files are encrypted and decrypted automatically according to its filename, typically ".gpg" suffix. This operation should be completely transparent to the user, except displaying prompt to ask you passphrase to encrypt/decrypt files.

Passphrases are cached if possible (that is, when you "visit" encrypted files). This cache will expire after specified time period to minimize the risk of leaking passphrases.

Hedgehog neither generate nor use provisional plain-text file, even in the process encryption or decryption. The idea of using plain-text files are awful thing and should be considered harmful, even if it is to be deleted immediately. It's vulnerable especially on an insecure file system such as NFS.

Configuration

You may want to set following variables to configure Hedgehog by editing Emacs configuration file, typically .emacs or .emacs.d/init.el on your home directory. You can also set these variables with "Options" in your menu bar, or typing M-x customize-group RET hedgehog RET.

hedgehog-gnupg-program-name
Name of GnuPG executable. The default value is "gpg".
hedgehog-cipher-algo
Name of cipher algorithm used to encrypt files. Possible values can be obtained by invoking GnuPG with "--version" option. The default value is "AES".
hedgehog-gnupg-file-name-regexp
Regexp that matches filenames that are encrypted or decrypted automatically. The default value is "\\.gpg\\'"; files with ".gpg" suffix.
hedgehog-passphrase-cache-hold-time
Time period (in seconds) after which a passphrase cache should expire. This variable also can be boolean, t means that a passphrase cache never expire, and nil means that hedgehog does not perform any passphrase cache. The default value is 300, which is 5 minutes.

Download

You may find Hedgehog tarball here. The latest version is 0.99.6.