296 lines
13 KiB
HTML
296 lines
13 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Mutt-i, GnuPG and PGP Howto: PGP and Mutt integration</TITLE>
|
|
<LINK HREF="Mutt-GnuPG-PGP-HOWTO-7.html" REL=next>
|
|
<LINK HREF="Mutt-GnuPG-PGP-HOWTO-5.html" REL=previous>
|
|
<LINK HREF="Mutt-GnuPG-PGP-HOWTO.html#toc6" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-7.html">Next</A>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-5.html">Previous</A>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO.html#toc6">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s6">6. PGP and Mutt integration</A></H2>
|
|
|
|
<P>The operation to carry out in the outgoing messages (sign, encrypt or
|
|
both) is chosen exactly before presing "<CODE>y</CODE>" to send the
|
|
message, inside the option menu that is visible with the
|
|
"<CODE>p</CODE>" option. Once you have choosen the operation to carry
|
|
out, only the line <EM>PGP</EM> in the message header showed in the screen
|
|
will change, but until you send the message with "<CODE>y</CODE>" you
|
|
won't be asked to insert the pass phrase to activate the sign of the
|
|
message or the public keys to use to encrypt in the case that no receptors
|
|
were found in our public keys ring.
|
|
<P><B>NOTE:</B> In the case that the pass phrase was mistyped when it was asked
|
|
for, <EM>Mutt</EM> seems to be "hung", but that's not true, it is
|
|
waiting for it to be retyped. To do this, push the <CODE><Enter></CODE> key
|
|
and delete the pass phrase from memory with <CODE><Ctrl>F</CODE>. Next we
|
|
repeat the message sending with ("<CODE>y</CODE>") and retype the pass
|
|
phrase.
|
|
<P>Through this procedure, <EM>Mutt</EM> will use <EM>PGP/MIME</EM> to send the
|
|
message, and one more file will appear in the list of files to be sent
|
|
with the sign (if we only select to sign) or it will encrypt the complete
|
|
message (all its <EM>MIME</EM> parts) and it will only leave two MIME parts,
|
|
the first with the PGP/MIME version and the second with the encrypted
|
|
message (with all its MIME parts inside) and signed (if we selected to do
|
|
it).
|
|
<P><B>Note:</B> By some reasons, if the receptor mail user agent can not use
|
|
<EM>MIME</EM>, we may need that the sign will be included inside the message
|
|
body. See section about <EM>application/pgp</EM> with
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-7.html#sec-app-pgp">PGP5</A> and with
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-7.html#sec-app-gpg">GnuPG</A>.
|
|
<P><EM>Mutt</EM> will try to verify the sign or decrypt automatically the
|
|
incoming messages that use <EM>PGP/MIME</EM>. See section
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-8.html#sec-procmail.2">Procmail notes and tips</A>, in which it is
|
|
commented how to change the <EM>MIME</EM> type automatically to the incoming
|
|
messages that do not set its <EM>MIME</EM> type correctly.
|
|
<P>
|
|
<H2><A NAME="sec-opcion"></A> <A NAME="ss6.1">6.1 Optional configuration files</A>
|
|
</H2>
|
|
|
|
<P>In the next sections you can find modifications to the <EM>Mutt</EM>
|
|
configuration file to use
|
|
<A HREF="#sec-conf-pgp2">PGP2</A>,
|
|
<A HREF="#sec-conf-pgp5">PGP5</A>, and
|
|
<A HREF="#sec-conf-gpg">GnuPG</A>
|
|
easily.
|
|
<P>To do that, a new configuration file that we called <CODE>.gnupgp.mutt</CODE>
|
|
(that's our name, you can call it any other name setting the name of this
|
|
file into the main configuration file <CODE>~/.muttrc</CODE>).
|
|
<P>This can be done including the complete path (its location) of the
|
|
configuration file <CODE>.gnupgp.mutt</CODE>, in a line at the end of the
|
|
<CODE>~/.muttrc</CODE> file. The directory in which we put this and
|
|
other optional configuration files can be anywhere, if we have correct
|
|
permissions (in a previous section we included it inside the
|
|
<CODE>~/Mail/</CODE>) directory, or any other inside our home directory,
|
|
with any name:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
~$ mkdir mutt.varios
|
|
</CODE></BLOCKQUOTE>
|
|
<P>in which we copy (or create) the optional configuration file
|
|
<CODE>.gnupgp.mutt</CODE>, and next we set the origin of this file in the
|
|
<CODE>.muttrc</CODE> file with the <CODE>source</CODE> command, like the following:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
source ~/mutt.varios/.gnupgp.mutt
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>Now <EM>Mutt</EM> will accept configuration variables in <CODE>.gnupgp.mutt</CODE> as if it were in <CODE>.muttrc</CODE> directly.
|
|
<P>This method is a good way to avoid having a very big, unsorted
|
|
configuration file, and can be used to set any other group of
|
|
configuration variables in other separate file. For example, as before, if
|
|
we use <EM>vim</EM> as the default editor in <EM>Mutt</EM>, we can tell to
|
|
<CODE>.muttrc</CODE> to use a different configuration file <CODE>.vimrc</CODE> that we use
|
|
when using <EM>vim</EM> from the command line. First, copy
|
|
<CODE>~/.vimrc</CODE> to our optional configuration files directory
|
|
<CODE>~/mutt.varios/</CODE> and set it with other name (ex.
|
|
<CODE>vim.mutt</CODE>):
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
$ cd /home/user
|
|
~$ cp .vimrc mutt.varios/vim.mutt
|
|
</CODE></BLOCKQUOTE>
|
|
<P>next change the configuration variables that we want to be different in
|
|
<EM>vim</EM> as the <EM>Mutt</EM> editor, and finally modify <CODE>.muttrc</CODE> to
|
|
reflect this change:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>With this last line we are setting <CODE>Mutt</CODE> to use an external editor,
|
|
<EM>Vim</EM>, with the needed configuration options.
|
|
<P>
|
|
<H2><A NAME="sec-conf-gen"></A> <A NAME="ss6.2">6.2 General Configuration Variables</A>
|
|
</H2>
|
|
|
|
<P>There are some variables that we will use globally with the three public
|
|
key encrypt programs with <EM>Mutt</EM>. These variables are boolean, and can
|
|
be <B>set</B> (activated) or <B>unset</B> (deactivated).
|
|
<P>In the configuration file (<CODE>~/.muttrc</CODE>, or
|
|
<CODE>~/mutt.varios/.gnupgp.mutt</CODE>, or whatever you use), the sign
|
|
(<B>#</B>) is a comment and will be ignored. So, we will use it from
|
|
here in advance to comment each variable:
|
|
<P>
|
|
<DL>
|
|
<DT><B>unset pgp_autosign</B><DD><P># if this variables is set, <EM>Mutt</EM> will ask to sign all the<BR>
|
|
# outbound messages.
|
|
<A HREF="#uno">(1)</A><P>
|
|
<DT><B>unset pgp_autoencrypt</B><DD><P># if this variable is set, <EM>Mutt</EM> will ask to encrypt all the<BR>
|
|
# outbound messages.
|
|
<A HREF="#uno">(1)</A><P>
|
|
<DT><B>set pgp_encryptself</B><DD><P># save an encrypted copy of all sent messages that we want to encrypt<BR>
|
|
# (need the general configuration variable <CODE>set copy=yes</CODE>).
|
|
<P>
|
|
<DT><B>set pgp_replysign</B><DD><P># when you answer a signed message, the response message will be<BR>
|
|
# signed too.
|
|
<P>
|
|
<DT><B>set pgp_replyencrypt</B><DD><P># when you answer an encrypted message, the response message<BR>
|
|
# will be encrypted too.
|
|
<P>
|
|
<DT><B>set pgp_verify_sig=yes</B><DD><P># Do you want to automatically verify incoming signed messages?<BR>
|
|
# Of course!
|
|
<P>
|
|
<DT><B>set pgp_timeout=<n></B><DD><P># delete pass phrase from the memory cache <n> seconds<BR>
|
|
# after typing it.
|
|
<A HREF="#dos">(2)</A><P>
|
|
<DT><B>set pgp_sign_as="0xABC123D4"</B><DD><P># what key do you want to use to sign outgoing messages?<BR>
|
|
# <B>Note:</B> it is posible to set it to the user id, but<BR>
|
|
# this can be confuse if you have the same user id with different keys.<BR>
|
|
<P>
|
|
<DT><B>set pgp_strict_enc</B><DD><P># use "quoted-printable" when PGP requires it.<BR>
|
|
<P>
|
|
<DT><B>unset pgp_long_ids</B><DD><P># Do not use 64 bits key ids, use 32 bits key ids.<BR>
|
|
<P>
|
|
<DT><B>set pgp_sign_micalg=<some></B><DD><P># message integrity check algorithm, where<BR>
|
|
# <some> is something from the next:
|
|
<A HREF="#tres">(3)</A><P>
|
|
<UL>
|
|
<LI><B>pgp-mda5</B><BR>
|
|
to RSA keys</LI>
|
|
<LI><B>pgp-sha1</B><BR>
|
|
to DSS (DSA) keys</LI>
|
|
<LI><B>pgp-rmd160</B><BR></LI>
|
|
</UL>
|
|
</DL>
|
|
<P>In the three next sections the configuration variables to each of the PGP
|
|
versions will be explained. The fourth section will explain how to modify
|
|
the variables if you use more than one PGP version.
|
|
<P>(1)
|
|
<A NAME="uno"></A> as <EM>Mutt</EM> requires to type the passphrase every
|
|
time you want to sign or select the receipts if you want to encrypt, it
|
|
may be unconvenient to set this variable. Possibly you may want to unset
|
|
this variable. This is specially true encrypting messages, as you don't
|
|
have all the public keys of the message receipts.
|
|
<P>(2)
|
|
<A NAME="dos"></A> depending on the number of messages that we sign or
|
|
decrypt, we would like to maintain the pass phrase in cache memory more or
|
|
less time. This option avoid you from type the pass phrase each time you
|
|
sign a new message or decrypt an incoming message. <B>Warning:</B>
|
|
maintaining the pass phrase in cache memory is not secure, specially in
|
|
network connected systems.
|
|
<P>(3)
|
|
<A NAME="tres"></A> this is only necesary with the key that we use to
|
|
sign. When the key is selected from the compose menu, <EM>Mutt</EM> will
|
|
calculate the algoritm.
|
|
<P>
|
|
<H2><A NAME="sec-conf-pgp2"></A> <A NAME="ss6.3">6.3 PGP2 configuration variables</A>
|
|
</H2>
|
|
|
|
<P>To use PGP2 with <EM>Mutt-i</EM> you need to add the following lines to the
|
|
<CODE>~/mutt.varios/.gnupgp.mutt</CODE> file:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set pgp_default_version=pgp2
|
|
set pgp_key_version=default
|
|
set pgp_receive_version=default
|
|
set pgp_send_version=default
|
|
set pgp_sign_micalg=pgp-md5
|
|
set pgp_v2=/usr/bin/pgp
|
|
set pgp_v2_pubring=~/.pgp/pubring.pgp
|
|
set pgp_v2_secring=~/.pgp/secring.pgp
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>As you know, the <CODE>~/.pgp/pubring.pgp</CODE> and <CODE>secring.pgp</CODE>
|
|
files must exist. More information on PGP2 with the <CODE>man pgp</CODE> command.
|
|
<P>
|
|
<H2><A NAME="sec-conf-pgp5"></A> <A NAME="ss6.4">6.4 PGP5 configuration variables</A>
|
|
</H2>
|
|
|
|
<P>To use PGP5 with <EM>Mutt-i</EM> you need to add the following lines to the
|
|
<CODE>~/mutt.varios/.gnupgp.mutt</CODE> file:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set pgp_default_version=pgp5
|
|
set pgp_key_version=default
|
|
set pgp_receive_version=default
|
|
set pgp_send_version=default
|
|
set pgp_sign_micalg=pgp-sha1
|
|
set pgp_v5=/usr/bin/pgp
|
|
set pgp_v5_pubring=~/.pgp/pubring.pkr
|
|
set pgp_v5_secring=~/.pgp/secring.skr
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>As you know, the <CODE>~/.pgp/pubring.pkr</CODE> and <CODE>secring.pkr</CODE>
|
|
files must exist. More information on PGP 5 with the <CODE>man pgp5</CODE>
|
|
command.
|
|
<P>
|
|
<H2><A NAME="sec-conf-gpg"></A> <A NAME="ss6.5">6.5 GnuPG configuration variables</A>
|
|
</H2>
|
|
|
|
<P>To use <EM>GnuPG</EM> with <EM>Mutt-i</EM> you need to add the following lines to
|
|
the <CODE>~/mutt.varios/.gnupgp.mutt</CODE> file:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set pgp_default_version=gpg
|
|
set pgp_key_version=default
|
|
set pgp_receive_version=default
|
|
set pgp_send_version=default
|
|
set pgp_sign_micalg=pgp-sha1
|
|
set pgp_gpg=/usr/bin/gpg
|
|
set pgp_gpg_pubring=~/.gnupg/pubring.gpg
|
|
set pgp_gpg_secring=~/.gnupg/secring.gpg
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>As you know, the <CODE>~/.gnupg/pubring.gpg</CODE> and <CODE>secring.gpg</CODE>
|
|
files must exist. More information on GnuPG with the <CODE>man gpg.gnupg</CODE>,
|
|
<CODE>man gpgm</CODE>, and <CODE>man gpg</CODE> commands.
|
|
<P>
|
|
<H2><A NAME="sec-conf-mix"></A> <A NAME="ss6.6">6.6 Mixed configuration variables</A>
|
|
</H2>
|
|
|
|
<P>If you want to use more than one PGP software you need to modify some of
|
|
the variables that we have commented previously. Really, it is only to
|
|
remove the redundant version variables.
|
|
<P>If, for example, you want to use GnuPG as the default signing tool, all
|
|
menu commands in <EM>Mutt</EM> to use GnuPG/PGP would call to this program to
|
|
the signing, decrypting, encrypting, verifying, etc... operations<BR>
|
|
To do that you must set the configuration variable <CODE>$set_pgp_default</CODE> <B>once</B>, so:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set pgp_default_version=gpg
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>now, to use the all three programs, the
|
|
<CODE>~/mutt.varios/.gnupgp.mutt</CODE> file could be like this:
|
|
<P>
|
|
<BLOCKQUOTE><CODE>
|
|
<PRE>
|
|
set pgp_default_version=gpg # default version to use
|
|
|
|
set pgp_key_version=default # default key to use
|
|
# in this case, gnupg defines it
|
|
|
|
set pgp_receive_version=default # default version to decrypt will be the default
|
|
set pgp_send_version=default # version defined in the first line (gpg)
|
|
|
|
set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary
|
|
set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG
|
|
set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG
|
|
|
|
set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary
|
|
set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2
|
|
set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2
|
|
|
|
set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary
|
|
set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5
|
|
set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5
|
|
</PRE>
|
|
</CODE></BLOCKQUOTE>
|
|
<P>
|
|
<HR>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-7.html">Next</A>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO-5.html">Previous</A>
|
|
<A HREF="Mutt-GnuPG-PGP-HOWTO.html#toc6">Contents</A>
|
|
</BODY>
|
|
</HTML>
|