Software

Use GnuPG with Mutt to sign or encrypt e-mail

One of the most common uses of OpenPGP applications like PGP and GnuPG is digitally signing and encrypting email. While this can be accomplished "manually" with Mutt every time you want to send an encrypted or digitally signed email, by first creating encrypted or digitally signed files then using them as the basis for an email, this article explains how to configure Mutt to automatically use the GnuPG tool to do that for you.

My mail user agent of choice is called Mutt. It's a text-console based application used to sort, view, read, compose, and send e-mail. It's very feature-rich, providing a great deal of flexibility and functionality to the e-mail "power user" like me. The one thing it doesn't do that a lot of common GUI mail clients do is provide automatic, in-client HTML e-mail rendering. Of course, I do not want a mail client rendering HTML for me anyway, for security reasons.

One of the most common uses of OpenPGP applications such as PGP and GnuPG is digitally signing and encrypting e-mail. While this can be accomplished "manually" with Mutt every time you want to send an encrypted or digitally signed e-mail, by first creating encrypted or digitally signed files then using them as the basis for an e-mail, Mutt provides functionality for automating much of the process of signing and encrypting e-mails with the GnuPG tool.

The first thing you need to do if you want to employ GnuPG from within Mutt is, of course, to set up your GnuPG tool and keys. Make sure you read my 10 tips for effective use of OpenPGP as well, if you are not already intimately familiar with the subject.

Integrating GnuPG with Mutt for daily use is extremely simple on most free/libre/open source operating systems. OSes such as FreeBSD and Debian GNU/Linux, in addition to providing a simple and easy mechanism for installing software such as GnuPG and Mutt (using the ports system tools or APT, respectively), also automatically provide an example configuration file that can be used to quickly set up Mutt/GnuPG integration.

On FreeBSD, the file is located at:

  /usr/local/share/examples/mutt/gpg.rc

On Debian GNU/Linux, the file is located at:

  /usr/share/doc/mutt/examples/gpg.rc

On other open source UNIX-like OSes that are likely to include an example gpg.rc file, you should be able to find it by entering the locate gpg.rc command. You may need to rebuild your locate database first. (See man locate for details.)

In either case, if you wish to use the example file, just copy it to a convenient location in your user account's home directory and source it in your .muttrc file. For instance, you might create a directory called .mutt_files in your user directory -- at /home/username/.mutt_files, for instance -- and place a copy of gpg.rc inside that directory:

  $ cp /usr/local/share/examples/mutt/gpg.rc ~/.mutt_files/

Once it is in place, you can source it from your .muttrc file by adding this line to the end of that file:

  source ~/.mutt_files/gpg.rc

The gpg.rc file contains settings Mutt uses to access the capabilities of the GnuPG tool, so that it "knows" which commands to issue to the tool to get the needed functionality.

Other configuration settings (in either the .muttrc file or the gpg.rc file) may be desired, such as setting the ID of the OpenPGP key to be used by default. Such configuration options can be found in the muttrc manpage (with the man muttrc command on most open source UNIX-like OSes). Common configuration options include:

  • pgp_autosign
  • pgp_replyencrypt
  • pgp_replysign
  • pgp_replysignencrypt
  • pgp_veryfiy_sig
  • pgp_sign_as

Others are easily found in the manpage as well, as are explanations of the options in the gpg.rc file and for each of the above listed options.

The most common OpenPGP functionality is accessed using the p key from the compose view -- the screen shown after you have finished editing a new e-mail, for instance (the appearance of yours may differ slightly from the screenshot, of course). After configuring Mutt for use of GnuPG to digitally sign and encrypt e-mail, you should be well on your way to more secure, private, and verifiable communications.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

1 comments
dawgit
dawgit

It's good to see that there's people using it. I need the HTML capability for my uses however. oh-well. Thanks for the info though, I can see now how that could (the GNU-PGP part) on other e-mail clients on any Debian or BSD System now. That's always good to know. I just don't use Debian much anymore, but still need to keep up with it because it's becomming the fastest growth OS around. (ever since Novel Stole our SuSE) Keep 'em comming. -d

Editor's Picks