Next
Previous
Contents
The operation to carry out in the outgoing messages (sign, encrypt or
both) is chosen exactly before presing "y " to send the
message, inside the option menu that is visible with the
"p " option. Once you have choosen the operation to carry
out, only the line PGP in the message header showed in the screen
will change, but until you send the message with "y " you
won't be asked to insert the pass phrase to activate the sign of the
message or the public keys to use to encrypt in the case that no receptors
were found in our public keys ring.
NOTE: In the case that the pass phrase was mistyped when it was asked
for, Mutt seems to be "hung", but that's not true, it is
waiting for it to be retyped. To do this, push the <Enter> key
and delete the pass phrase from memory with <Ctrl>F . Next we
repeat the message sending with ("y ") and retype the pass
phrase.
Through this procedure, Mutt will use PGP/MIME to send the
message, and one more file will appear in the list of files to be sent
with the sign (if we only select to sign) or it will encrypt the complete
message (all its MIME parts) and it will only leave two MIME parts,
the first with the PGP/MIME version and the second with the encrypted
message (with all its MIME parts inside) and signed (if we selected to do
it).
Note: By some reasons, if the receptor mail user agent can not use
MIME, we may need that the sign will be included inside the message
body. See section about application/pgp with
PGP5 and with
GnuPG.
Mutt will try to verify the sign or decrypt automatically the
incoming messages that use PGP/MIME. See section
Procmail notes and tips, in which it is
commented how to change the MIME type automatically to the incoming
messages that do not set its MIME type correctly.
In the next sections you can find modifications to the Mutt
configuration file to use
PGP2,
PGP5, and
GnuPG
easily.
To do that, a new configuration file that we called .gnupgp.mutt
(that's our name, you can call it any other name setting the name of this
file into the main configuration file ~/.muttrc ).
This can be done including the complete path (its location) of the
configuration file .gnupgp.mutt , in a line at the end of the
~/.muttrc file. The directory in which we put this and
other optional configuration files can be anywhere, if we have correct
permissions (in a previous section we included it inside the
~/Mail/ ) directory, or any other inside our home directory,
with any name:
~$ mkdir mutt.varios
in which we copy (or create) the optional configuration file
.gnupgp.mutt , and next we set the origin of this file in the
.muttrc file with the source command, like the following:
source ~/mutt.varios/.gnupgp.mutt
Now Mutt will accept configuration variables in .gnupgp.mutt as if it were in .muttrc directly.
This method is a good way to avoid having a very big, unsorted
configuration file, and can be used to set any other group of
configuration variables in other separate file. For example, as before, if
we use vim as the default editor in Mutt, we can tell to
.muttrc to use a different configuration file .vimrc that we use
when using vim from the command line. First, copy
~/.vimrc to our optional configuration files directory
~/mutt.varios/ and set it with other name (ex.
vim.mutt ):
$ cd /home/user
~$ cp .vimrc mutt.varios/vim.mutt
next change the configuration variables that we want to be different in
vim as the Mutt editor, and finally modify .muttrc to
reflect this change:
set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"
With this last line we are setting Mutt to use an external editor,
Vim, with the needed configuration options.
There are some variables that we will use globally with the three public
key encrypt programs with Mutt. These variables are boolean, and can
be set (activated) or unset (deactivated).
In the configuration file (~/.muttrc , or
~/mutt.varios/.gnupgp.mutt , or whatever you use), the sign
(#) is a comment and will be ignored. So, we will use it from
here in advance to comment each variable:
- unset pgp_autosign
# if this variables is set, Mutt will ask to sign all the
# outbound messages.
(1)
- unset pgp_autoencrypt
# if this variable is set, Mutt will ask to encrypt all the
# outbound messages.
(1)
- set pgp_encryptself
# save an encrypted copy of all sent messages that we want to encrypt
# (need the general configuration variable set copy=yes ).
- set pgp_replysign
# when you answer a signed message, the response message will be
# signed too.
- set pgp_replyencrypt
# when you answer an encrypted message, the response message
# will be encrypted too.
- set pgp_verify_sig=yes
# Do you want to automatically verify incoming signed messages?
# Of course!
- set pgp_timeout=<n>
# delete pass phrase from the memory cache <n> seconds
# after typing it.
(2)
- set pgp_sign_as="0xABC123D4"
# what key do you want to use to sign outgoing messages?
# Note: it is posible to set it to the user id, but
# this can be confuse if you have the same user id with different keys.
- set pgp_strict_enc
# use "quoted-printable" when PGP requires it.
- unset pgp_long_ids
# Do not use 64 bits key ids, use 32 bits key ids.
- set pgp_sign_micalg=<some>
# message integrity check algorithm, where
# <some> is something from the next:
(3)
- pgp-mda5
to RSA keys
- pgp-sha1
to DSS (DSA) keys
- pgp-rmd160
In the three next sections the configuration variables to each of the PGP
versions will be explained. The fourth section will explain how to modify
the variables if you use more than one PGP version.
(1)
as Mutt requires to type the passphrase every
time you want to sign or select the receipts if you want to encrypt, it
may be unconvenient to set this variable. Possibly you may want to unset
this variable. This is specially true encrypting messages, as you don't
have all the public keys of the message receipts.
(2)
depending on the number of messages that we sign or
decrypt, we would like to maintain the pass phrase in cache memory more or
less time. This option avoid you from type the pass phrase each time you
sign a new message or decrypt an incoming message. Warning:
maintaining the pass phrase in cache memory is not secure, specially in
network connected systems.
(3)
this is only necesary with the key that we use to
sign. When the key is selected from the compose menu, Mutt will
calculate the algoritm.
To use PGP2 with Mutt-i you need to add the following lines to the
~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=pgp2
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-md5
set pgp_v2=/usr/bin/pgp
set pgp_v2_pubring=~/.pgp/pubring.pgp
set pgp_v2_secring=~/.pgp/secring.pgp
As you know, the ~/.pgp/pubring.pgp and secring.pgp
files must exist. More information on PGP2 with the man pgp command.
To use PGP5 with Mutt-i you need to add the following lines to the
~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=pgp5
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_v5=/usr/bin/pgp
set pgp_v5_pubring=~/.pgp/pubring.pkr
set pgp_v5_secring=~/.pgp/secring.skr
As you know, the ~/.pgp/pubring.pkr and secring.pkr
files must exist. More information on PGP 5 with the man pgp5
command.
To use GnuPG with Mutt-i you need to add the following lines to
the ~/mutt.varios/.gnupgp.mutt file:
set pgp_default_version=gpg
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_gpg=/usr/bin/gpg
set pgp_gpg_pubring=~/.gnupg/pubring.gpg
set pgp_gpg_secring=~/.gnupg/secring.gpg
As you know, the ~/.gnupg/pubring.gpg and secring.gpg
files must exist. More information on GnuPG with the man gpg.gnupg ,
man gpgm , and man gpg commands.
If you want to use more than one PGP software you need to modify some of
the variables that we have commented previously. Really, it is only to
remove the redundant version variables.
If, for example, you want to use GnuPG as the default signing tool, all
menu commands in Mutt to use GnuPG/PGP would call to this program to
the signing, decrypting, encrypting, verifying, etc... operations
To do that you must set the configuration variable $set_pgp_default once, so:
set pgp_default_version=gpg
now, to use the all three programs, the
~/mutt.varios/.gnupgp.mutt file could be like this:
set pgp_default_version=gpg # default version to use
set pgp_key_version=default # default key to use
# in this case, gnupg defines it
set pgp_receive_version=default # default version to decrypt will be the default
set pgp_send_version=default # version defined in the first line (gpg)
set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary
set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG
set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG
set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary
set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2
set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2
set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary
set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5
set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5
Next
Previous
Contents
|