The operation to carry out in the outgoing messages (sign, encrypt or both) is chosen exactly before presing "y
" to send the message, inside the option menu that is visible with the "p
" option. Once you have choosen the operation to carry out, only the line PGP in the message header showed in the screen will change, but until you send the message with "y
" you won't be asked to insert the pass phrase to activate the sign of the message or the public keys to use to encrypt in the case that no receptors were found in our public keys ring.
NOTE: In the case that the pass phrase was mistyped when it was asked for, Mutt seems to be "hung", but that's not true, it is waiting for it to be retyped. To do this, push the <Enter>
key and delete the pass phrase from memory with <Ctrl>F
. Next we repeat the message sending with ("y
") and retype the pass phrase.
Through this procedure, Mutt will use PGP/MIME to send the message, and one more file will appear in the list of files to be sent with the sign (if we only select to sign) or it will encrypt the complete message (all its MIME parts) and it will only leave two MIME parts, the first with the PGP/MIME version and the second with the encrypted message (with all its MIME parts inside) and signed (if we selected to do it).
Note: By some reasons, if the receptor mail user agent can not use MIME, we may need that the sign will be included inside the message body. See section about application/pgp with PGP5 and with GnuPG.
Mutt will try to verify the sign or decrypt automatically the incoming messages that use PGP/MIME. See section Procmail notes and tips, in which it is commented how to change the MIME type automatically to the incoming messages that do not set its MIME type correctly.
In the next sections you can find modifications to the Mutt configuration file to use PGP2, PGP5, and GnuPG easily.
To do that, a new configuration file that we called .gnupgp.mutt
(that's our name, you can call it any other name setting the name of this file into the main configuration file ~/.muttrc
).
This can be done including the complete path (its location) of the configuration file .gnupgp.mutt
, in a line at the end of the ~/.muttrc
file. The directory in which we put this and other optional configuration files can be anywhere, if we have correct permissions (in a previous section we included it inside the ~/Mail/
) directory, or any other inside our home directory, with any name:
~$ mkdir mutt.varios
in which we copy (or create) the optional configuration file .gnupgp.mutt
, and next we set the origin of this file in the .muttrc
file with the source
command, like the following:
source ~/mutt.varios/.gnupgp.mutt
Now Mutt will accept configuration variables in .gnupgp.mutt
as if it were in .muttrc
directly.
This method is a good way to avoid having a very big, unsorted configuration file, and can be used to set any other group of configuration variables in other separate file. For example, as before, if we use vim as the default editor in Mutt, we can tell to .muttrc
to use a different configuration file .vimrc
that we use when using vim from the command line. First, copy ~/.vimrc
to our optional configuration files directory ~/mutt.varios/
and set it with other name (ex. vim.mutt
):
$ cd /home/user ~$ cp .vimrc mutt.varios/vim.mutt
next change the configuration variables that we want to be different in vim as the Mutt editor, and finally modify .muttrc
to reflect this change:
set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"
With this last line we are setting Mutt
to use an external editor, Vim, with the needed configuration options.
There are some variables that we will use globally with the three public key encrypt programs with Mutt. These variables are boolean, and can be set (activated) or unset (deactivated).
In the configuration file (~/.muttrc
, or ~/mutt.varios/.gnupgp.mutt
, or whatever you use), the sign (#) is a comment and will be ignored. So, we will use it from here in advance to comment each variable:
# if this variables is set, Mutt will ask to sign all the
# outbound messages. (1)
# if this variable is set, Mutt will ask to encrypt all the
# outbound messages. (1)
# save an encrypted copy of all sent messages that we want to encrypt
# (need the general configuration variable set copy=yes
).
# when you answer a signed message, the response message will be
# signed too.
# when you answer an encrypted message, the response message
# will be encrypted too.
# Do you want to automatically verify incoming signed messages?
# Of course!
# delete pass phrase from the memory cache <n> seconds
# after typing it. (2)
# what key do you want to use to sign outgoing messages?
# Note: it is posible to set it to the user id, but
# this can be confuse if you have the same user id with different keys.
# use "quoted-printable" when PGP requires it.
# Do not use 64 bits key ids, use 32 bits key ids.
# message integrity check algorithm, where
# <some> is something from the next: (3)
In the three next sections the configuration variables to each of the PGP versions will be explained. The fourth section will explain how to modify the variables if you use more than one PGP version.
(1) as Mutt requires to type the passphrase every time you want to sign or select the receipts if you want to encrypt, it may be unconvenient to set this variable. Possibly you may want to unset this variable. This is specially true encrypting messages, as you don't have all the public keys of the message receipts.
(2) depending on the number of messages that we sign or decrypt, we would like to maintain the pass phrase in cache memory more or less time. This option avoid you from type the pass phrase each time you sign a new message or decrypt an incoming message. Warning: maintaining the pass phrase in cache memory is not secure, specially in network connected systems.
(3) this is only necesary with the key that we use to sign. When the key is selected from the compose menu, Mutt will calculate the algoritm.
To use PGP2 with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt
file:
set pgp_default_version=pgp2 set pgp_key_version=default set pgp_receive_version=default set pgp_send_version=default set pgp_sign_micalg=pgp-md5 set pgp_v2=/usr/bin/pgp set pgp_v2_pubring=~/.pgp/pubring.pgp set pgp_v2_secring=~/.pgp/secring.pgp
As you know, the ~/.pgp/pubring.pgp
and secring.pgp
files must exist. More information on PGP2 with the man pgp
command.
To use PGP5 with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt
file:
set pgp_default_version=pgp5 set pgp_key_version=default set pgp_receive_version=default set pgp_send_version=default set pgp_sign_micalg=pgp-sha1 set pgp_v5=/usr/bin/pgp set pgp_v5_pubring=~/.pgp/pubring.pkr set pgp_v5_secring=~/.pgp/secring.skr
As you know, the ~/.pgp/pubring.pkr
and secring.pkr
files must exist. More information on PGP 5 with the man pgp5
command.
To use GnuPG with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt
file:
set pgp_default_version=gpg set pgp_key_version=default set pgp_receive_version=default set pgp_send_version=default set pgp_sign_micalg=pgp-sha1 set pgp_gpg=/usr/bin/gpg set pgp_gpg_pubring=~/.gnupg/pubring.gpg set pgp_gpg_secring=~/.gnupg/secring.gpg
As you know, the ~/.gnupg/pubring.gpg
and secring.gpg
files must exist. More information on GnuPG with the man gpg.gnupg
, man gpgm
, and man gpg
commands.
If you want to use more than one PGP software you need to modify some of the variables that we have commented previously. Really, it is only to remove the redundant version variables.
If, for example, you want to use GnuPG as the default signing tool, all menu commands in Mutt to use GnuPG/PGP would call to this program to the signing, decrypting, encrypting, verifying, etc... operations
To do that you must set the configuration variable $set_pgp_default
once, so:
set pgp_default_version=gpg
now, to use the all three programs, the ~/mutt.varios/.gnupgp.mutt
file could be like this:
set pgp_default_version=gpg # default version to use set pgp_key_version=default # default key to use # in this case, gnupg defines it set pgp_receive_version=default # default version to decrypt will be the default set pgp_send_version=default # version defined in the first line (gpg) set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2 set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2 set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5 set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5