Emacs: manage email passwords in Gnus

Question

My main problem right now is that in gnus.el i got several mail sources set in a manner like:

(setq mail-sources
  '((pop :server "server.org"
     :port 995
     :user "user@server.org"
     :password "pAssWorD")

I don't want to store passwords in a plain text file like that. What i want is:

Store passwords for Gnus mail sources in a separate file with strict permissions and encrypted using gpg.
When using Emacs enter passphrase once and have these passwords automatically used when fetching mail.

What is the most idiomatic/efficient way to do that?

I'm also interested in any general ideas about password management in Emacs, be it just storing them somewhere in an encrypted files or having them managed for particular Emacs packages.

Emacs version: 24.0.97

you can put them `~/.authinfo` file and encrypt it. gnus only asks first time your password to decrypt it. — kindahero, Mar 26 '12 at 16:00
@kindahero: To encrypt/decrypt it automatically you can just rename it to `.authinfo.gpg`. — Daimrod, Mar 26 '12 at 16:14

score 1 · Accepted Answer · edited May 23 '17 at 12:04

I couldn't make .authinfo file work with POP3, so i followed the Keeping your secrets secret blogpost (thanks to phils for the link). I created three files in my load-path. secrets.el:

(load-library "secrets.el.gpg")
(provide 'secrets)

secrets.el.gpg:

(setq password-alist
      '((:mbox1 . "pAsSwOrD")
        (:mbox2 . "correct horse battery staple")
        (:mbox3 . "qwfpgj")))

mail.el:

(defun load-mail-passwords ()
  "Load passwords for mail sources from secrets.el.gpg"
  (require 'secrets)
  (setq mail-sources
    `((pop :server "pop.server.org"
           :port 995
           :user "user@server.org"
           :password ,(rest (assoc :mbox1 password-alist)))
      ))
  (setq smtpmail-auth-credentials `(("smtp.server.org" "465" "user@server.org"
                                     ,(rest (assoc :mbox1 password-alist))))))
(add-hook 'gnus-load-hook 'load-mail-passwords)

And i also put (load "~/.emacs.d/mail.el") to my init file, because for some reason my ~/.emacs.d/ folder in load-path wasn't being loaded automatically.

The backtick is like apostrophe (quote), but it allows some expressions to be unquoted using comma. The (rest (assoc :keyword alist)) combination is to get the second part of the dotted pair in association list.

Just a question about this. After having run `load-mail-passwords` if you eval `C-h v password-alist` does it return the passwords? The issue I see with this approach would be that the passwords end stored in the variable. — Jonathan Leech-Pepin, Sep 12 '12 at 16:11
True, they end up in a variable. I only think of 2 remedies. 1: `(setq password-alist nil)` after password no longer needed. 2: create a special form like `(with-password ...)`, which temporarily uses passwords. What do you think? — Mirzhan Irkegulov, Sep 13 '12 at 05:12

Emacs: manage email passwords in Gnus

1 Answers1