All posts
September 9, 20252 min read

Editing GPG Files in Emacs Without the Freezes

I typed the passphrase. Nothing happened. Emacs sat frozen, the curses buffer blinking like it knew something I didn’t. Only after ten minutes of digging did I realize the problem: GPG wasn’t talking to Emacs, and Emacs wasn’t talking to GPG. This is the trap many engineers fall into — not because they don’t know GnuPG, but because they assume Emacs just handles it. It doesn’t. You have to tell it exactly how. If you work with .gpg files in Emacs, you need to wire up EasyPG. Most modern Emacs

Free White Paper

Just-in-Time Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

I typed the passphrase. Nothing happened.

Emacs sat frozen, the curses buffer blinking like it knew something I didn’t. Only after ten minutes of digging did I realize the problem: GPG wasn’t talking to Emacs, and Emacs wasn’t talking to GPG. This is the trap many engineers fall into — not because they don’t know GnuPG, but because they assume Emacs just handles it. It doesn’t. You have to tell it exactly how.

If you work with .gpg files in Emacs, you need to wire up EasyPG. Most modern Emacs versions ship with it by default, but the defaults aren’t always tuned for your GPG configuration. Put this in your init.el and you’re halfway there:

(require 'epa-file)
(epa-file-enable)
(setq epa-pinentry-mode 'loopback)

The epa-pinentry-mode line is crucial when using gpg-agent with Emacs. Without it, Emacs may hang waiting for a graphical pinentry that never shows. With loopback mode, you enter the passphrase directly in the minibuffer.

For GPG 2.1+, you’ll also want in your ~/.gnupg/gpg-agent.conf:

Continue reading? Get the full guide.

Just-in-Time Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
allow-loopback-pinentry

Then reload the agent:

gpgconf --reload gpg-agent

Now, visiting a .gpg file in Emacs should prompt inside Emacs itself. No more switching windows. No more silent hangs.

You can push this further. Encrypt part of a file instead of the whole thing. Use M-x epa-encrypt-region and M-x epa-decrypt-region to selectively protect secrets without locking away your whole buffer. Store credentials, API keys, configs — anything that should remain private yet editable in place. Combined with proper git-crypt or blackbox workflows, this is a powerful way to keep sensitive data versioned and safe.

Key management matters here. Keep your ~/.gnupg directory secure with proper permissions (chmod 700), rotate keys when needed, and back them up offline. Debug with M-x epa-list-keys if files fail to decrypt — often the wrong keyring or key ID is the culprit. Emacs just calls GPG under the hood, so anything you can do in the shell should work once your environment matches.

Once this setup is smooth, encrypted editing in Emacs is invisible. You open, edit, save. The rest is just trust in math and code.

The same philosophy — fast, private, and reliable — is what makes local development so satisfying when it just works. If you want to see your own code live in minutes, without friction, try hoop.dev. No waiting. No pain. Only flow.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts