One of the most common uses of OpenPGP applications like PGP and GnuPG is digitally signing and encrypting email. While this can be accomplished "manually" with Mutt every time you want to send an encrypted or digitally signed email, by first creating encrypted or digitally signed files then using them as the basis for an email, this article explains how to configure Mutt to automatically use the GnuPG tool to do that for you.
My mail user agent of choice is called Mutt. It's a text-console based application used to sort, view, read, compose, and send e-mail. It's very feature-rich, providing a great deal of flexibility and functionality to the e-mail "power user" like me. The one thing it doesn't do that a lot of common GUI mail clients do is provide automatic, in-client HTML e-mail rendering. Of course, I do not want a mail client rendering HTML for me anyway, for security reasons.
One of the most common uses of OpenPGP applications such as PGP and GnuPG is digitally signing and encrypting e-mail. While this can be accomplished "manually" with Mutt every time you want to send an encrypted or digitally signed e-mail, by first creating encrypted or digitally signed files then using them as the basis for an e-mail, Mutt provides functionality for automating much of the process of signing and encrypting e-mails with the GnuPG tool.
The first thing you need to do if you want to employ GnuPG from within Mutt is, of course, to set up your GnuPG tool and keys. Make sure you read my 10 tips for effective use of OpenPGP as well, if you are not already intimately familiar with the subject.
Integrating GnuPG with Mutt for daily use is extremely simple on most free/libre/open source operating systems. OSes such as FreeBSD and Debian GNU/Linux, in addition to providing a simple and easy mechanism for installing software such as GnuPG and Mutt (using the ports system tools or APT, respectively), also automatically provide an example configuration file that can be used to quickly set up Mutt/GnuPG integration.
On FreeBSD, the file is located at:
On Debian GNU/Linux, the file is located at:
On other open source UNIX-like OSes that are likely to include an example
gpg.rc file, you should be able to find it by entering the
locate gpg.rc command. You may need to rebuild your
locate database first. (See
man locate for details.)
In either case, if you wish to use the example file, just copy it to a convenient location in your user account's home directory and source it in your
.muttrc file. For instance, you might create a directory called
.mutt_files in your user directory — at
/home/username/.mutt_files, for instance — and place a copy of
gpg.rc inside that directory:
$ cp /usr/local/share/examples/mutt/gpg.rc ~/.mutt_files/
Once it is in place, you can source it from your
.muttrc file by adding this line to the end of that file:
gpg.rc file contains settings Mutt uses to access the capabilities of the GnuPG tool, so that it "knows" which commands to issue to the tool to get the needed functionality.
Other configuration settings (in either the
.muttrc file or the
gpg.rc file) may be desired, such as setting the ID of the OpenPGP key to be used by default. Such configuration options can be found in the muttrc manpage (with the
man muttrc command on most open source UNIX-like OSes). Common configuration options include:
Others are easily found in the manpage as well, as are explanations of the options in the
gpg.rc file and for each of the above listed options.
The most common OpenPGP functionality is accessed using the
p key from the compose view — the screen shown after you have finished editing a new e-mail, for instance (the appearance of yours may differ slightly from the screenshot, of course). After configuring Mutt for use of GnuPG to digitally sign and encrypt e-mail, you should be well on your way to more secure, private, and verifiable communications.