NixOS 23.11, GnuPG, and Emacs

NixOS 23.11 includes GnuPG 2.4.1 which contains a small change that prevents Emacs from being able to write to encrypted files. Attempting to save an encrypted file results in a hang. The easiest solution is to revert to GnuPG 2.4.0 (for now).

If you are using Home Manager this is really easy to do:

  programs.gpg.package = pkgs.gnupg.overrideAttrs (orig: {
    version = "2.4.0";
    src = pkgs.fetchurl {
      url = "mirror://gnupg/gnupg/gnupg-2.4.0.tar.bz2";
      hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";

This change will also update the version of GnuPG used in Home Manager’s gpg-agent configuration.

If you are not using Home Manager you can achieve a similar result using the NixOS option programs.gnupg.package.

Note that this “bug” exists in GnuPG 2.4.2 and 2.4.3. It looks like it will be resolved in 2.4.4.