|
Project: Linux  Howtos
E-mail security using Mutt and GPG
By Viral <viral@seul.org>
Posted: ( 2000-12-15 08:57:24 EST by )
E-mail is the most widely used means of communication on the net.
Convenient? Yes!Safe? No! Encryption is what you need to keep your
communications private. This article shows you how you can use the mail
client Mutt and the open source replacement of PGP--GnuPG, to secure
your e-mail.
Most of you would have heard of mutt. Mutt is an MUA, a Mail User Agent,
which is the program that you would use to send and receive mail. So, why
use mutt when there are so many other mail programs available? A bunch of
free and not so free mail readers exist, and each one has its pros and
cons. However, apart from pgp which has add-ons for pgp/gpg support, almost
no other client supports gpg natively. I could be wrong though. So far, mutt is the best email client I've come across. I quote the Debian
package description for mutt here: Mutt is a sophisticated text-based Mail User Agent. Some highlights: o MIME support (including RFC1522 encoding/decoding of 8-bit message
headers).
o PGP/MIME support (RFC 2015).
o POP3 support.
o Mailbox threading (both strict and non-strict).
o Default keybindings are much like ELM.
o Keybindings are configurable; Mush and PINE-like ones are provided as
examples.
o Handles MMDF, MH and maildir in addition to regular mbox format.
o Messages may be (indefinitely) postponed.
o Color support.
o Highly configurable through easy but powerful rc file. My favorite feature however, is the PGP support. Yes, mutt integrates
seamlessly with gnupg. Again, a description of gnupg from the gnupg debian package description GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440. Yes, pine also has pgp support with pgp4pine and other similar packages.
But it's an add-on, and there are licensing issues with pine. Here, I'm simply going to give step-by-step instructions for getting onto
the crypto bandwagon: 1) If you use Debian, and don't have either mutt or gnupg, then you can of
course get them with: # apt-get install mutt gnupg You should get mutt from woody, as it has all hooks in place for gpg. 2) Now create your keys. This is as simple as doing: $ gpg --gen-key Follow the prompts and you'll soon have created your public and private
keys. The private key is kept secret, and the public key is what you
give other people. The basic idea is that, to send an encrypted message to someone, you
encrypt it with their public key. Similarly, anyone sending an
encrypted message to you, encrypts it with your public key. You can also
sign your message so that others can verify your identity as the
creator of that message using your public key. It's very important that you select a strong passphrase that is
difficult to guess. You should never store it anywhere apart from
your memory. 3) You should now make a copy of your public key, which is 'ascii-armoured'
so that you can distribute it to everyone: $ gpg --export --armor your_user_id A better way to do this is to create a fingerprint with $ gpg --finger your_user_id You should also register your key with a PKI (Public Key Infrastructure)
server, such as:
http://pki.surfnet.nl/ 4) After creating the keys, get public keys of all people you know, and
add them to your keyring with: $ gpg --import Its very important to set the trust level of keys that you import, for
setting up your 'Web of Trust'. This is easily done with: $ gpg --edit-key This will give you a prompt as given below. Command> Here, you should type trust, and follow the on-screen prompts to set
the trust value for that key. 5) At this point, your basic gpg setup is complete, and you can use mutt
to send signed or encrypted email. Once you've composed your message,
you can select whether to encrypt or sign the message by pressing
'p'. This gives you various options. * encrypt
* sign
* both
* sign as Select sign to sign your message, or encrypt to send an encrypted
message, or any other option as per your liking. If the recipient exists in your keyring, mutt will use the correct key
automatically. You will need to enter your passphrase before signing your message
though. 6) If you want to sign all your outgoing mail, you can add the following
line to your .muttrc set pgp_autosign=yes mutt remembers your passphrase for a default time of 5 minutes. You can
change this with set pgp_timeout=600 After the timeout, you have to enter your passphrase again to sign
outgoing mail. If you want mutt to forget the passphrase for the
current session, you can do so by pressing 'Ctrl-F'. Now, that's really all you have to do to get Mutt and GPG to work together.
I found it to be the quickest way to get encryption support for mail.
Almost no configuration required apart from setting up your keys etc. For details about how to use GPG, please refer to the README that comes
with GPG as that is excellent. The man page, of course, explains all the
command line options. The PGP documentation explains the basic concepts
behind cryptography and the Public Key Infrastructure quite well. Mutt also comes with an excellent manual, which explains all the various
ways in which you can tweak mutt. It works just fine out of the box
though. I really like Phil Zimmerman's argument about letters and envelopes. You
should use encryption to communicate with others for the same reason that
you'd put a letter in an envelope. There's usually nothing to hide--usually!
GnuPG home
Mutt
Phil Zimmermann
Other articles by Viral
Current Rating: [ 8.66 / 10 ]
Number of Times Rated: [ 32 ]
|
