planetILUG

Join the
ILUG
on FaceBook

Join the
ILUG
on LinkedIn

Join the
ILUG SETI
Group

OK, well, we'll start simple and have you send me your key. Mutt makes that very easy: reply to this and then exit the editor. On the compose screen (that's the one with the to, cc, subject, attachments and other things screen, right?) just press esc-k. It will then ask you what key you want to attach. Just type in your email address: user@some.host.foo.

Actually, there are two other things to do first: Add those addresses to your key, and send it to a keyserver (that way you won't have to send people keys, but send yours to me anyway so you see how to do it).

Add email addresses:

    % gpg --edit-key user@some.host.tld

	Note: You actually can type just part of that email address.
	      to exit the edit-key function without changing the key,
	      just type "quit".  Typing "save" will save changes.
    Command> adduid
    Real name: jane user
    Email address: user@another.host.tld
    Comment: home key
    You selected this USER-ID:
	"jane user (home key) <user@some.host.tld>"

    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

    You need a passphrase to unlock the secret key for
    user: "jane user (home key) <user@some.host.tld>"
    ...stuff about your key...
    Passphrase: blah-blah-blah
    Command> save

Now repeat all that for this address: user@some-other.host.tld. Now your key corresponds to those two addresses.

Sending your key to a keyserver. First make sure you have a keyserver line in ~/.gnupg/options. Mine looks like:

    keyserver wwwkeys.eu.pgp.net
    #keyserver wwwkeys.ch.pgp.net
    #keyserver wwwkeys.nl.pgp.net

You can uncomment any one of those three. Then tell gpg to send your key (= I'm assuming you have a direct net connection):

    gpg --send-key user@some.host.tld

And your key should now propogate among the keyservers. Note it will only send your public key.

I think I can manage to send the things, and to receive them signed and encrypted, but when I try to hit 'r' to reply to an encrypted email, I get...

OK, that implies that it's not successfully decrypting the message. all my gpg settings live in a seperate file that I just source from my .muttrc. The file is attached.

decrypt-copy make decrypted copy
decrypt-save make decrypted copy and delete
Presumably I need those if I want to reply to things. I can't figure out how to do those without binding them, so I'm trying to think of sensible combinations to bind them to, where I can find the keys on US, UK and laptop keyboards. This is more of a pain than it sounds!

No, those are unbound on mine as well and reply works fine for me.

So anyway, I can read stuff encrypted to me, and I have discovered the 'p' key on the mutt send-menu and can send and send/encrypt to people.

Right. You can also use send hooks to set those types of things.

What I need is to be able to save a copy of the thing encrypted to me as well as the recpient, so to speak. I keep saved-mail for a long time, and discovering I have no way to read what I wrote is a pest :)

Yes, but it should do that by default. Again, mine does that. I'm using gpg 1.0.4 (bad kevin, bad). You used to have to set that, now you don't.

See, the problem is, I'm always convinced I am sending the wrong halves of these things. Same with ssh and access keys or whatever they're called.

Anyway, note that gpg commands relating to your secret key have the word secret in them. Don't type secret and you'll be sending the right bits! :)

I need to know which keys to press in mutt and how to import/sign/upload to keyserver/tidy up my keyring and

    import: gpg --import file.with.key
	note that mutt will automagically try to snarf keys if you don't have
	that key.  Also if someone sends you a key via email - don't save it.
	just hilite it, and press c-k.
    sign someone else's key: gpg --sign-key email@address
    upload: gpg --send-keys email@address

One quick way to refresh your memory on commands is:

    gpg --help | grep thing

Where thing is a word related to what you're doing: key, sign, encrypt, etc. You can also pipe it through less. Finally someone prints a multipage usage info to stdout instead of stderr.

This is the ~/.mutt.gpg I use. I include it from my mail ~/.muttrc file like

    source ~/.muttrc.gpg

    # -*-muttrc-*-
    #
    # .muttrc.gpg: Command formats for gpg.
    #
    # This version uses gpg-2comp from
    #   http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz
    #
    # $Id: gpg.rc,v 1.5.2.1 2000/05/23 08:15:02 roessler Exp $
    #
    # %p    The empty string when no passphrase is needed,
    #       the string "PGPPASSFD=0" if one is needed.
    #
    #       This is mostly used in conditional % sequences.
    #
    # %f    Most PGP commands operate on a single file or a file
    #       containing a message.  %f expands to this file's name.
    #
    # %s    When verifying signatures, there is another temporary file
    #       containing the detached signature.  %s expands to this
    #       file's name.
    #
    # %a    In "signing" contexts, this expands to the value of the
    #       configuration variable $pgp_sign_as.  You probably need to
    #       use this within a conditional % sequence.
    #
    # %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
    #       a list of key IDs.

    # decode application/pgp
    set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch -=
    -output - %f"

    # verify a pgp/mime signature
    set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %=
    f"

    # decrypt a pgp/mime attachment
    set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --out=
    put - %f"

    # create a pgp/mime signed attachment
    # set pgp_sign_command="gpg-2comp --no-verbose --batch --output - --passp=
    hrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
    set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd=
     0 --armor --detach-sign --textmode %?a?-u %a? %f"

    # create a application/pgp signed (old-style) message
    # set pgp_clearsign_command="gpg-2comp --no-verbose --batch --output - --=
    passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
    set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphra=
    se-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"

    # create a pgp/mime encrypted attachment
    # set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output - =
    --encrypt --textmode --armor --always-trust -- -r %r -- %f"
    set pgp_encrypt_only_command="pgpewrap gpg -v --batch --output - --encryp=
    t --textmode --armor --always-trust -- -r %r -- %f"

    # create a pgp/mime encrypted and signed attachment
    # set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v -=
    -batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r =
    %r -- %f"
    set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 -v --batch -=
    -output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"

    # import a key into the public key ring
    set pgp_import_command="gpg --no-verbose --import -v %f"

    # export a key from the public key ring
    set pgp_export_command="gpg --no-verbose --export --armor %r"

    # verify a key
    set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --chec=
    k-sigs %r"

    # read in the public key ring
    set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --li=
    st-keys %r"

    # read in the secret key ring
    set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --li=
    st-secret-keys %r"

    # receive key from keyserver:
    #set pgp_getkeys_command="wrap.sh -g %r"
    set pgp_getkeys_command="gpg --recv-keys %r > /dev/null 2>&1"

USERS COMMENTS