[svlug] help w/ mutt and pgp...

Rick Moen rick at linuxmafia.com
Wed Jun 27 21:18:02 PDT 2001

begin  Drew Bertola quotation:
> For the life of me, I can't seem to decrypt gpg encrypted messages
> with mutt.  Can anyone tell me if there is a configuration and key to
> do this.  Also, how are "unbound commands" (such as decrypt-copy)
> invoked.

Hmm, I have a bunch of stuff in ~/.muttrc , some of it thrown together,
hardly thought-out at all, and redundant, but I'll offer it for whatever
it's worth:

source /usr/share/doc/mutt/examples/gpg.rc

    color  body  brightblack   cyan    "^gpg: Signature made.*"
    color  body  brightblack   green   "^gpg: Good signature from.*"
    color  body  brightblack   yellow  "^gpg: Can't check signature.*"
    color  body  brightblack   yellow  "^gpg: WARNING: .*"
    color  body  brightwhite   red     "^gpg: BAD signature from.*"

macro   compose \CP     "Fgpg --clearsign\ny"
macro   compose \CS     "Fgpg --clearsign\ny^T^Uapplication/pgp; format=text; x-action=sign\n"

The aforementioned gpg.rc is:

# -*-muttrc-*-
# Command formats for gpg.
# This version uses gpg-2comp from 
#   http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz
# $Id: gpg.rc,v 1.7 2000/11/20 13:20:28 roessler Exp $
# %p    The empty string when no passphrase is needed,
#       the string "PGPPASSFD=0" if one is needed.
#       This is mostly used in conditional % sequences.
# %f    Most PGP commands operate on a single file or a file
#       containing a message.  %f expands to this file's name.
# %s    When verifying signatures, there is another temporary file
#       containing the detached signature.  %s expands to this
#       file's name.
# %a    In "signing" contexts, this expands to the value of the
#       configuration variable $pgp_sign_as.  You probably need to
#       use this within a conditional % sequence.
# %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
#       a list of key IDs.

# decode application/pgp
set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"

# verify a pgp/mime signature
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"

# decrypt a pgp/mime attachment
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"

# create a pgp/mime signed attachment
# set pgp_sign_command="gpg-2comp --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"

# create a application/pgp signed (old-style) message
# set pgp_clearsign_command="gpg-2comp --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"

# create a pgp/mime encrypted attachment
# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_only_command="pgpewrap gpg -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"

# create a pgp/mime encrypted and signed attachment
# set pgp_encrypt_sign_command="pgpewrap gpg-2comp --passphrase-fd 0 -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 -v --batch --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"

# import a key into the public key ring
set pgp_import_command="gpg --no-verbose --import -v %f"

# export a key from the public key ring
set pgp_export_command="gpg --no-verbose --export --armor %r"

# verify a key
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"

# read in the public key ring
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r" 

# read in the secret key ring
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r" 

# receive key from keyserver:
#set pgp_getkeys_command="wrap.sh -g %r"
set pgp_getkeys_command=""

You'll find more and better stuff at

Rick Moen                                     Age, baro, fac ut gaudeam.
rick at linuxmafia.com

More information about the svlug mailing list