Here is a sample configuration for mutt-1.0 assuming you want to use gpg with the compatibility modules loaded. The comments should explain what the meaning of the options are. More detailed information can be found in the variable reference of mutt, which is in chapter six of the online docu: /usr/share/doc/packages/mutt/manual-6.html
# Part of your ~/.muttrc # Note: Within mutt, you can set these options manually as well: # Just use : to type in the set command directly # # Use gpg command syntax set pgp_default_version=gpg # Call the gpg wrapper perl script with pgp2 compatibility set pgp_gpg=/usr/bin/gpg-2comp # Encrypted messages are encrypted with own key when stored set pgp_encryptself # Automatically encrypt/sign when replying to encr./signed messages set pgp_replysign set pgp_replyencrypt # Sign by default set pgp_autosign # How many seconds does mutt remember your pass phrase set pgp_timeout=600 # If you have more than one private key, specify which one you want set pgp_sign_as=0x1C98774E # pgp2 language: "mutt" is english with shorter messages set pgp2_language=mutt # You need this if you want to be able to encode 8bit messages set pgp_strict_enc
For mutt-1.2, the PGP support settings have changed slightly. I split most of them out of my ~/.muttrc by putting a source ~/.gpg.rc there. I left
set pgp_replysign set pgp_replyencrypt set pgp_autosign set pgp_timeout=1200 set pgp_strict_encin my ~/.muttrc. The ~/.gpg.rc is again suitable for old PGP2 support and looks like this:
# This version uses gpg-2comp from # http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz # %p The empty string when no passphrase is needed, # the string "PGPPASSFD=0" if one is needed. # This is mostly used in conditional % sequences. # %f Most PGP commands operate on a single file or a file # containing a message. %f expands to this file's name. # %s When verifying signatures, there is another temporary file # containing the detached signature. %s expands to this # file's name. # %a In "signing" contexts, this expands to the value of the # configuration variable $pgp_sign_as. You probably need to # use this within a conditional % sequence. # %r In many contexts, mutt passes key IDs to pgp. %r expands to # a list of key IDs. # decode application/pgp set pgp_decode_command="gpg-compat %?p?--passphrase-fd 0? \ --no-verbose --batch -o - %f" # verify a pgp/mime signature set pgp_verify_command="gpg-compat --no-verbose --batch -o - --verify %s %f" # decrypt a pgp/mime attachment set pgp_decrypt_command="gpg-compat --passphrase-fd 0 \ --no-verbose --batch -o - %f" # create a pgp/mime signed attachment set pgp_sign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 \ --textmode --armor --detach-sign %?a?-u %a? %f" # create a application/pgp signed (old-style) message set pgp_clearsign_command="gpg-2comp --no-verbose --batch -o - \ --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %?a?-u %a? %f" # create a pgp/mime encrypted attachment set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch -o - \ --encrypt --textmode --armor --always-trust -- -r %r -- %f" # create a pgp/mime encrypted and signed attachment set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v --batch \ -o - --encrypt --sign %?a?-u %a? --armor ---always-trust -- -r %r -- %f" # import a key into the public key ring set pgp_import_command="gpg-compat --no-verbose --import -v %f" # export a key from the public key ring set pgp_export_command="gpg-compat --no-verbose --export --armor %r" # verify a key set pgp_verify_key_command="gpg-compat --no-verbose --batch \ --fingerprint --check-sigs %r" # read in the public key ring set pgp_list_pubring_command="gpg-compat --no-verbose --batch \ --with-colons --list-keys %r" # export a key from the public key ring set pgp_export_command="gpg-compat --no-verbose --export --armor %r" # verify a key set pgp_verify_key_command="gpg-compat --no-verbose --batch \ --fingerprint --check-sigs %r" # read in the public key ring set pgp_list_pubring_command="gpg-compat --no-verbose --batch \ --with-colons --list-keys %r" # read in the secret key ring set pgp_list_secring_command="gpg-compat --no-verbose --batch \ --with-colons --list-secret-keys %r" # receive key from keyserver: #set pgp_getkeys_command="gpg-compat --keyserver wwwkeys.eu.pgp.net \ --recv-keys `%r'"
Another note: Many editors create backup copies. If those stay lying aroung in /tmp/, your privacy is not protected very well .... Use editors, where you can switch off backup copies or use the mutt option set delete_tilde, which will delete the file with a tilde appended after editing.5 You may instead set the dir for temporary files to one belonging to you in your ~/.muttrc: tmpdir=~/tmp. Needless to say that this directory should better exist ...
PGPpine, an old package to help pine (3.9x) to produce encrypted messages, produces PGP messages without the correct MIME type. Add the following to your ~/.procmailrc, if you want to have mutt recognize those as PGP messages.
# Part of your ~/.procmailrc
# This recognizes PGPpine PGP messages and places the correct MIME type
:0
* !^Content-Type: message/
* !^Content-Type: multipart/
* !^Content-Type: application/pgp
{
:0 fBw
* ^-----BEGIN PGP MESSAGE-----
* ^-----END PGP MESSAGE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=encrypt"
:0 fBw
* ^-----BEGIN PGP SIGNED MESSAGE-----
* ^-----BEGIN PGP SIGNATURE-----
* ^-----END PGP SIGNATURE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=sign"
}