jcs.org
mutt stable branch with some hacks
1$Id$
2
3 USING PGP FROM WITHIN MUTT
4
5
6WARNING: The configuration interface has completely changed as of
7 0.96.3!
8
9
10
11 USERS' GUIDE
12
13
14How do I use mutt with PGP, PGP5, or GnuPG?
15-------------------------------------------
16
17Go to the contrib subdirectory of the source tree. You'll find
18three files there, pgp2.rc, pgp5.rc, and gpg.rc. These files
19contain ready-to-use configurations for using mutt with pgp2, pgp5,
20and gpg.
21
22Include one of these files with your ~/.muttrc, and things should
23work out fine.
24
25You may wish to verify that all paths and the language parameters
26given to the PGP binaries match your needs.
27
28
29
30Frequently Asked Questions and Tips
31-----------------------------------
32
33Q: "People are sending PGP messages which mutt doesn't
34 recognize. What can I do?"
35
36The new way is to leave headers alone and use mutt's
37check-traditional-pgp function, which can detect PGP messages at
38run-time, and adjust content-types.
39
40The old way is to configure your mail filter so it fixes headers:
41
42Add the following lines to your ~/.procmailrc (you are
43using procmail, aren't you?):
44
45 ------------------------------
46
47##
48## PGP
49##
50
51:0
52* !^Content-Type: message/
53* !^Content-Type: multipart/
54* !^Content-Type: application/pgp
55{
56 :0 fBw
57 * ^-----BEGIN PGP MESSAGE-----
58 * ^-----END PGP MESSAGE-----
59 | formail \
60 -i "Content-Type: application/pgp; format=text; x-action=encrypt"
61
62 :0 fBw
63 * ^-----BEGIN PGP SIGNED MESSAGE-----
64 * ^-----BEGIN PGP SIGNATURE-----
65 * ^-----END PGP SIGNATURE-----
66 | formail \
67 -i "Content-Type: application/pgp; format=text; x-action=sign"
68}
69
70
71 ------------------------------
72
73For users of maildrop, "Mark Weinem"
74<mark.weinem@unidui.uni-duisburg.de> suggests the following recipe:
75
76 ------------------------------
77
78BPGPM="-----BEGIN PGP MESSAGE-----"
79EPGPM="-----END PGP MESSAGE-----"
80BPGPS="-----BEGIN PGP SIGNATURE-----"
81EPGPS="-----END PGP SIGNATURE-----"
82
83if (!/^Content-Type: message/ && !/^Content-Type: multipart/ \
84 && !/^Content-Type: application\/pgp/)
85{
86if (/^$BPGPM/:b && /^$EPGPM/:b)
87 xfilter "reformail -A 'Content-Type: application/pgp; format=text; \
88 x-action=encrypt'"
89
90if (/^$BPGPS/:b && /^$EPGPS/:b)
91 xfilter "reformail -A 'Content-Type: application/pgp; format=text; \
92 x-action=sign'"
93}
94
95 ------------------------------
96
97
98
99Q: "I don't like that PGP/MIME stuff, but want to use the
100 old way of PGP-signing my mails. Can't you include
101 that with mutt?"
102
103The old answer to this question used to be this:
104
105 No. Application/pgp is not really suited to a world with MIME,
106 non-textual body parts and similar things. Anyway, if you really
107 want to generate these old-style attachments, include the
108 following macro in your ~/.muttrc (line breaks for readability,
109 this is actually one line):
110
111 macro compose S "Fpgp +verbose=0 -fast
112 +clearsig=on\ny^T^Uapplication/pgp; format=text;
113 x-action=sign\n"
114
115
116There's a new answer, though: Set the $pgp_create_traditional
117configuration variable (it's a quad-option) to something different
118from "no" (that's the default). Mutt will then try to use
119application/pgp wherever it makes sense. In particular, it does
120not make any sense with multiparts, or non-ASCII or non-text bodies.
121In all other cases, PGP/MIME is used unconditionally.
122
123Note that application/pgp is still strongly deprecated.
124
125
126
127Q: "I don't like all the ^Gs and various other verbosity
128 PGP is presenting me with."
129
130Roland Rosenfeld <roland@spinnaker.rhein.de> has found a quite
131elegant solution to this problem: PGP has some pretty good foreign
132language support. So we just introduce a language called "mutt"
133which contains empty strings for the messages we don't want to see.
134To use this, copy either language.txt or language50.txt (depending
135on what PGP version you are using) to your $PGPPATH. Make sure the
136PGP command formats pass "+language=pgp" to all the PGP binaries
137(but not to pgpring!).
138
139For PGP 2.6, a German version called "muttde" is available
140as well.
141
142
143Q: "My PGP signatures are being invalidated. BTW, I'm using Courier
144 MTA."
145
146The author of the Courier MTA believes that the standard specifying
147multipart/signed is broken. For that reason, he has chosen to
148implement his MTA in a way which does not assure that
149multipart/signed body parts are left untouched.
150
151We suggest that you abandon courier and change to sendmail, postfix,
152or exim.
153
154
155
156 BACKGROUND
157
158
159Auxiliary Programs
160------------------
161
162Mutt needs two auxiliary programs for its PGP support: pgpewrap and
163pgpring.
164
165
1661. pgpring
167
168pgpring is a key ring dumper. It extracts information from PGP's
169binary key ring and emits it in an (almost) readable output format
170understood by mutt's key selection routines. This output format
171mimics the one used by the GNU Privacy Guard (GPG).
172
173You'll need this program with PGP 2 and PGP 5.
174
175Command line options:
176
177 -k <key ring> Dump the contents of the key ring specified
178 as an argument to -k.
179
180 -2, -5 Use the default key ring for PGP 2 or 5,
181 respectively.
182
183 -s Dump the secret key ring.
184
185 -S Dump signatures.
186
187 -f Dump fingerprints.
188
189
190
1912. pgpewrap
192
193This is a little C program which does some command line munging: The
194first argument is a command to be executed. When pgpewrap
195encounters a "--" (dash-dash) argument, it will interpret the next
196argument as a prefix which is put in front of all following
197arguments.
198
199Example:
200
201 pgpewrap pgpe file -- -r a b c
202
203will execute:
204
205 pgpe file -r a -r b -r c
206
207This script is needed with PGP 5 and with GPG, since their command
208line interfaces can't be properly served by mutt's format mechanism.
209
210
211
212The Configuration Interface
213---------------------------
214
215As usual within mutt, the configuration interface for the PGP
216commands relies on printf-like formats. For all PGP commands, the
217following %-sequences are defined.
218
219 %p The empty string when no passphrase is needed,
220 the string "PGPPASSFD=0" if one is needed.
221
222 This is mostly used in conditional % sequences.
223
224 %f Most PGP commands operate on a single file or a file
225 containing a message. %f expands to this file's name.
226
227 %s When verifying signatures, there is another temporary file
228 containing the detached signature. %s expands to this
229 file's name.
230
231 %a In "signing" contexts, this expands to the value of the
232 configuration variable $pgp_sign_as. You probably need to
233 use this within a conditional % sequence.
234
235 %r In many contexts, mutt passes key IDs to pgp. %r expands to
236 a list of key IDs.
237
238The following command formats are defined:
239
240 $pgp_decode_command Decode application/pgp messages. This
241 command operates with and without pass phrases.
242
243 $pgp_verify_command Verify a PGP/MIME signature.
244
245 $pgp_decrypt_command Decrypt a PGP/MIME encrypted MIME body.
246 This command always gets a pass phrase.
247
248 $pgp_sign_command Sign a PGP/MIME body. This command always
249 gets a pass phrase.
250
251
252 $pgp_encrypt_sign_command Encrypt and sign a MIME body. This
253 command always gets a pass phrase.
254
255 $pgp_encrypt_only_command Encrypt a MIME body, but don't sign it.
256
257 $pgp_import_command Import PGP keys from a file.
258
259 $pgp_export_command Export PGP keys to a file. The output must
260 be ASCII armored.
261
262 $pgp_verify_key_command Check a public key. This is used from the
263 key selection menu.
264
265 $pgp_list_secring_command List the secret keys matching some hints
266 given in %r.
267
268 $pgp_list_pubring_command List the public keys matching some hints
269 given in %r.
270
271The passphrase is always passed on stdin; all commands must send
272their output to stdout and stderr.
273
274
275