Subject: Using PGP from within mutt
From: Thomas Roessler <roessler@guug.de>
Date: Wed, 28 Jul 1999 21:18:58 +0200

While encryption, verification and signing of messages are
done by an externally invoked PGP binary, the key
selection process is handled by mutt itself.  The public
key ring (2.6 or 5.0 format) is parsed; PGP's cached trust
parameters are evaluated and used to select the proper
numerical key IDs for a message's recipients. These key
IDs are then passed to the external PGP binary on the
command line.

The current document contains a short description of the
PGP related configuration options mutt permits you to set,
and some frequently asked questions and tips with respect
to using Mutt with PGP.

PGP settings
------------

There are quite a few aspects of mutt's PGP usage you may
want to customize.  First, you can use different versions
of PGP for composing and decrypting/verifying messages,
and for handling key ring stuff.  These versions are
controlled by the following set of variables:

  	pgp_default_version
	pgp_send_version
	pgp_receive_version
	pgp_key_version

Valid values for all of these variables include "pgp5", "pgp6", and
"pgp2".

The last three variables may be set to "default" (which is
the default); in this case, the value of
$pgp_default_version will be used.


$pgp_send_version controls the version of pgp used for
composing new messages.  $pgp_receive_version is used for
decrypting messages and verifying signatures.
$pgp_key_version is the one which is used for key ring
operations (importing keys from messages, exporting keys
from your public key ring).

Since the different PGP versions may use different key
rings and need different language settings, the following
variables can be used to configure these aspects:

  - Language settings:
	$pgp_v2_language, $pgp_v5_language, $pgp_v6_language

  - Public key ring:
  	$pgp_v2_pubring, $pgp_v5_pubring, $pgp_v6_pubring

  - Secret key ring:
        $pgp_v2_secring, $pgp_v5_secring, $pgp_v6_secring

  - PGP itself:
  	$pgp_v2, $pgp_v5, $pgp_v6
	
    Note that PGP 5 comes in several binaries (pgps, pgpk,
    pgpv, pgp).  Mutt assumes that these binaries reside
    in the same directory; $pgp_v5 should point to the
    "pgp" binary from PGP 5.

For all of these variables, we use "reasonable" defaults
which should work for most users.

Support for the GNU Privacy Guard (GPG) is currently
worked on.


The value of the variable $pgp_sign_micalg will show up in
the "micalg" parameter of MIME headers when creating RFC
2015 signatures.

Valid values are "pgp-md5", "pgp-sha1", and "pgp-rmd160".

If you select a signing key using the "sign as" option on
the compose menu, mutt will automagically figure out the
correct value to put into this variable, but it does not
know about the user's default key.

So if you are (by default) using an RSA key for signing,
set this variable to "pgp-md5", if you use a PGP 5 DSS key
for signing, say "pgp-sha1".



Frequently Asked Questions and Tips
-----------------------------------

Q: "How do it get PGP 5 support working?"

It should work out of the box - just put the following
into your ~/.muttrc:

	set pgp_default_version=pgp5


Q: "People are sending PGP messages which mutt doesn't
    recognize.  What can I do?"

Add the following lines to your ~/.procmailrc (you are
using procmail, aren't you?):

------------------------------

##
## PGP
##
  
:0
* !^Content-Type: message/
* !^Content-Type: multipart/
* !^Content-Type: application/pgp
{
        :0 fBw
        * ^-----BEGIN PGP MESSAGE-----
        * ^-----END PGP MESSAGE-----
        | formail \
            -i "Content-Type: application/pgp; format=text; x-action=encrypt"

        :0 fBw
        * ^-----BEGIN PGP SIGNED MESSAGE-----
        * ^-----BEGIN PGP SIGNATURE-----
        * ^-----END PGP SIGNATURE-----
        | formail \
            -i "Content-Type: application/pgp; format=text; x-action=sign"
}


------------------------------


Q: "I don't like that PGP/MIME stuff, but want to use the
    old way of PGP-signing my mails.  Can't you include
    that with mutt?"

No.  Application/pgp is not really suited to a world with
MIME, non-textual body parts and similar things.  Anyway,
if you really want to generate these old-style
attachments, include the following macro in your ~/.muttrc
(line breaks for readability, this is actually one line):

  macro compose S "Fpgp +verbose=0 -fast
  	+clearsig=on\ny^T^Uapplication/pgp; format=text;
	x-action=sign\n"



Q: "I don't like all the ^Gs and various other verbosity
    PGP is presenting me with."

Roland Rosenfeld <roland@spinnaker.rhein.de> has found a
quite elegant solution to this problem: PGP has some
pretty good foreign language support.  So we just
introduce a language called "mutt" which contains empty
strings for the messages we don't want to see.  To use
this, copy either language.txt or language50.txt
(depending on what PGP version you are using) to your
$PGPPATH and add the following line to your muttrc:

	set pgp_v2_language="mutt"

or
	
	set pgp_v5_language="mutt"

respectively.

For PGP 2.6, a German version called "muttde" is available
as well.



Q: "Isn't there a security problem that mutt leaves the
    passphrase in memory which will be dumped into core
    files upon errors?"

Yes, you may consider this a security problem.  To work
around this, disable core dumps using resource limits.  On
most systems, this will be the following instruction in
your shell:

	ulimit -c 0
$Id: PGP-Notes.txt,v 1.6.4.1 1999/07/28 19:27:12 roessler Exp $