LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] [justin@solidlinux.com: Mutt/GnuPG guide that I have written]

[ILUG] [justin@solidlinux.com: Mutt/GnuPG guide that I have written]

Rick Moen rick at linuxmafia.com
Wed Sep 5 02:16:19 IST 2001 

begin  kevin lyda quotation:
> check it out!  a quick document on how to use gpg with a real mail client.
> help him out with making it better.

Quite nice.  In case it'll help him, here's some stuff I wrote on the 
subject at $FIRM:




MUTT INTEGRATION:

There are two ways to send gpg-encoded content:  MIME and non-MIME.
Some people, like me, don't like MIME e-mail and decline to send it,
even to do GnuPG signing.  (Non-MIME is called "clearsigning".)

Note the two "macro" lines, below, which make Ctrl-P and Ctrl-S do 
signing inside the body of the message, with or without an
"application/pgp"
header.





The necessary, confusing GnuPG plumbing is in my .muttrc as follows
(to do the clearsigning method):


source /usr/share/doc/mutt/examples/gpg.rc
# The contents of gpg.rc are given later in this document.

    color  body  brightblack   cyan    "^gpg: Signature made.*"
    color  body  brightblack   green   "^gpg: Good signature from.*"
    color  body  brightblack   yellow  "^gpg: Can't check signature.*"
    color  body  brightblack   yellow  "^gpg: WARNING: .*"
    color  body  brightwhite   red     "^gpg: BAD signature from.*"

macro   compose \CP     "Fgpg --clearsign\ny"
macro   compose \CS     "Fgpg --clearsign\ny^T^Uapplication/pgp; \
                        format=text; x-action=sign\n"





The more-conventional approach would be to auto-sign all outbound mail, 
and do so using MIME.  To do that, you would substitute the following 
for the preceding two macros (to do MIME instead of clearsigning):

set pgp_default_version=gpg
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_gpg=/usr/bin/gpg
set pgp_gpg_pubring=~/.gnupg/pubring.gpg
set pgp_gpg_secring=~/.gnupg/secring.gpg



Note that pubring.gpg and secring.gpg must exist (i.e., you must have 
a keypair), or you'll get errors.






The aforementioned gpg.rc plumbing (mostly to auto-process incoming 
GnuPG and pgp-signed mail) is as follows:


# -*-muttrc-*-
#
# Command formats for gpg.
# 
# This version uses gpg-2comp from 
#   http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz
#
# $Id: gpg.rc,v 1.7 2000/11/20 13:20:28 roessler Exp $
#
# %p    The empty string when no passphrase is needed,
#       the string "PGPPASSFD=0" if one is needed.
#
#       This is mostly used in conditional % sequences.
#
# %f    Most PGP commands operate on a single file or a file
#       containing a message.  %f expands to this file's name.
#
# %s    When verifying signatures, there is another temporary file
#       containing the detached signature.  %s expands to this
#       file's name.
#
# %a    In "signing" contexts, this expands to the value of the
#       configuration variable $pgp_sign_as.  You probably need to
#       use this within a conditional % sequence.
#
# %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
#       a list of key IDs.

# decode application/pgp
set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch
\
       --output - %f"

# verify a pgp/mime signature
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s
%f"

# decrypt a pgp/mime attachment
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch \
       --output - %f"

# create a pgp/mime signed attachment
# set pgp_sign_command="gpg-2comp --no-verbose --batch --output - \
      --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_sign_command="gpg --no-verbose --batch --output - \
     --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"

# create a application/pgp signed (old-style) message
# set pgp_clearsign_command="gpg-2comp --no-verbose --batch --output - \ 
     --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - \
     --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"

# create a pgp/mime encrypted attachment
# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output -
# \
     --encrypt --textmode --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_only_command="pgpewrap gpg -v --batch --output -
--encrypt \
     --textmode --armor --always-trust -- -r %r -- %f"

# create a pgp/mime encrypted and signed attachment
# set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v
# \
  --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust
\
  -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 -v --batch
\
  --textmode --output - --encrypt --sign %?a?-u %a? --armor
--always-trust \
  -- -r %r -- %f"

# import a key into the public key ring
set pgp_import_command="gpg --no-verbose --import -v %f"

# export a key from the public key ring
set pgp_export_command="gpg --no-verbose --export --armor %r"

# verify a key
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint \
   --check-sigs %r"

# read in the public key ring
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons \
  --list-keys %r" 

# read in the secret key ring
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons \
  --list-secret-keys %r" 

# receive key from keyserver:
#set pgp_getkeys_command="wrap.sh -g %r"
set pgp_getkeys_command=""






The above plumbing, included by reference in ~/.muttrc, isn't able to 
auto-process non-MIME-encoded mail (such as the type I send), so the 
following procmail recipe in ~/.procmailrc re-writes such arriving mail
to be MIME-type, as it arrives.  Make sure you put this recipe before 
others in your .procmailrc file.


:0
*!^Content-Type: (message/|multipart/|application/pgp)
{
        :0 fBwD
        *^-----BEGIN PGP MESSAGE-----
        *^-----END PGP MESSAGE-----
        | formail \
          -i "Content-Type: application/pgp; format=text;
x-action=encrypt"

        :0 fBwD
        *^-----BEGIN PGP SIGNED MESSAGE-----
        *^-----BEGIN PGP SIGNATURE-----
        *^-----END PGP SIGNATURE-----
        | formail \
          -i "Content-Type: application/pgp; format=text; x-action=sign"
}



-- 
Cheers,               Everything is gone;
Rick Moen             Your life's work has been destroyed.
rick at linuxmafia.com   Squeeze trigger (yes/no)?
                       -- David Carlson (winner, haiku error message contest)

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell