The operation to carry out in the outgoing messages (sign, encrypt or
both) is chosen exactly before presing "y" to send the
message, inside the option menu that is visible with the
"p" option. Once you have choosen the operation to carry
out, only the line PGP in the message header showed in the screen
will change, but until you send the message with "y" you
won't be asked to insert the pass phrase to activate the sign of the
message or the public keys to use to encrypt in the case that no receptors
were found in our public keys ring.
NOTE: In the case that the pass phrase was mistyped when it was asked
for, Mutt seems to be "hung", but that's not true, it is
waiting for it to be retyped. To do this, push the <Enter> key
and delete the pass phrase from memory with <Ctrl>F. Next we
repeat the message sending with ("y") and retype the pass
phrase.
Through this procedure, Mutt will use PGP/MIME to send the message, and one more file will appear in the list of files to be sent with the sign (if we only select to sign) or it will encrypt the complete message (all its MIME parts) and it will only leave two MIME parts, the first with the PGP/MIME version and the second with the encrypted message (with all its MIME parts inside) and signed (if we selected to do it).
Note: By some reasons, if the receptor mail user agent can not use MIME, we may need that the sign will be included inside the message body. See section about application/pgp with PGP5 and with GnuPG.
Mutt will try to verify the sign or decrypt automatically the incoming messages that use PGP/MIME. See section Procmail notes and tips, in which it is commented how to change the MIME type automatically to the incoming messages that do not set its MIME type correctly.
In the next sections you can find modifications to the Mutt configuration file to use PGP2, PGP5, and GnuPG easily.
To do that, a new configuration file that we called .gnupgp.mutt
(that's our name, you can call it any other name setting the name of this
file into the main configuration file ~/.muttrc).
This can be done including the complete path (its location) of the
configuration file .gnupgp.mutt, in a line at the end of the
~/.muttrc file. The directory in which we put this and
other optional configuration files can be anywhere, if we have correct
permissions (in a previous section we included it inside the
~/Mail/) directory, or any other inside our home directory,
with any name:
~$ mkdir mutt.varios
in which we copy (or create) the optional configuration file
.gnupgp.mutt, and next we set the origin of this file in the
.muttrc file with the source command, like the following:
source ~/mutt.varios/.gnupgp.mutt
Now Mutt will accept configuration variables in .gnupgp.mutt as if it were in .muttrc directly.
This method is a good way to avoid having a very big, unsorted
configuration file, and can be used to set any other group of
configuration variables in other separate file. For example, as before, if
we use vim as the default editor in Mutt, we can tell to
.muttrc to use a different configuration file .vimrc that we use
when using vim from the command line. First, copy
~/.vimrc to our optional configuration files directory
~/mutt.varios/ and set it with other name (ex.
vim.mutt):
$ cd /home/user
~$ cp .vimrc mutt.varios/vim.mutt
next change the configuration variables that we want to be different in
vim as the Mutt editor, and finally modify .muttrc to
reflect this change:
set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"
With this last line we are setting Mutt to use an external editor,
Vim, with the needed configuration options.
There are some variables that we will use globally with the three public key encrypt programs with Mutt. These variables are boolean, and can be set (activated) or unset (deactivated).
In the configuration file (~/.muttrc, or
~/mutt.varios/.gnupgp.mutt, or whatever you use), the sign
(#) is a comment and will be ignored. So, we will use it from
here in advance to comment each variable:
# if this variables is set, Mutt will ask to sign all the
# outbound messages.
(1)
# if this variable is set, Mutt will ask to encrypt all the
# outbound messages.
(1)
# save an encrypted copy of all sent messages that we want to encrypt
# (need the general configuration variable set copy=yes).
# when you answer a signed message, the response message will be
# signed too.
# when you answer an encrypted message, the response message
# will be encrypted too.
# Do you want to automatically verify incoming signed messages?
# Of course!
# delete pass phrase from the memory cache <n> seconds
# after typing it.
(2)
# what key do you want to use to sign outgoing messages?
# Note: it is posible to set it to the user id, but
# this can be confuse if you have the same user id with different keys.
# use "quoted-printable" when PGP requires it.
# Do not use 64 bits key ids, use 32 bits key ids.
# message integrity check algorithm, where
# <some> is something from the next:
(3)
In the three next sections the configuration variables to each of the PGP versions will be explained. The fourth section will explain how to modify the variables if you use more than one PGP version.
(1) as Mutt requires to type the passphrase every time you want to sign or select the receipts if you want to encrypt, it may be unconvenient to set this variable. Possibly you may want to unset this variable. This is specially true encrypting messages, as you don't have all the public keys of the message receipts.
(2) depending on the number of messages that we sign or decrypt, we would like to maintain the pass phrase in cache memory more or less time. This option avoid you from type the pass phrase each time you sign a new message or decrypt an incoming message. Warning: maintaining the pass phrase in cache memory is not secure, specially in network connected systems.
(3) this is only necesary with the key that we use to sign. When the key is selected from the compose menu, Mutt will calculate the algoritm.
To use PGP2 with Mutt-i you need to add the following lines to the
~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=pgp2
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-md5
set pgp_v2=/usr/bin/pgp
set pgp_v2_pubring=~/.pgp/pubring.pgp
set pgp_v2_secring=~/.pgp/secring.pgp
As you know, the ~/.pgp/pubring.pgp and secring.pgp
files must exist. More information on PGP2 with the man pgp command.
To use PGP5 with Mutt-i you need to add the following lines to the
~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=pgp5
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_v5=/usr/bin/pgp
set pgp_v5_pubring=~/.pgp/pubring.pkr
set pgp_v5_secring=~/.pgp/secring.skr
As you know, the ~/.pgp/pubring.pkr and secring.pkr
files must exist. More information on PGP 5 with the man pgp5
command.
To use GnuPG with Mutt-i you need to add the following lines to
the ~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=gpg
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_gpg=/usr/bin/gpg
set pgp_gpg_pubring=~/.gnupg/pubring.gpg
set pgp_gpg_secring=~/.gnupg/secring.gpg
As you know, the ~/.gnupg/pubring.gpg and secring.gpg
files must exist. More information on GnuPG with the man gpg.gnupg,
man gpgm, and man gpg commands.
If you want to use more than one PGP software you need to modify some of the variables that we have commented previously. Really, it is only to remove the redundant version variables.
If, for example, you want to use GnuPG as the default signing tool, all
menu commands in Mutt to use GnuPG/PGP would call to this program to
the signing, decrypting, encrypting, verifying, etc... operations
To do that you must set the configuration variable $set_pgp_default once, so:
set pgp_default_version=gpg
now, to use the all three programs, the
~/mutt.varios/.gnupgp.mutt file could be like this:
set pgp_default_version=gpg # default version to use
set pgp_key_version=default # default key to use
# in this case, gnupg defines it
set pgp_receive_version=default # default version to decrypt will be the default
set pgp_send_version=default # version defined in the first line (gpg)
set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary
set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG
set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG
set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary
set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2
set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2
set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary
set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5
set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5