Encrypt Your Dog (Mutt and GPG)

I have been focusing a lot on security and privacy issues in this year's columns so far, but I realize some of you may expect a different kind of topic from me (or maybe are just tired of all this security talk). Well, you are in luck. I'm going to kill two birds with one stone and describe security as applied to a piece of software that has gotten a lot of play in my column through the years: Mutt. Those of you who are familiar with my column know about my long history as a Mutt user. For those of you who aren't acquainted with it, Mutt is a command-line mail client (some would say Mail User Agent or MUA) that is highly configurable and uses vi key bindings that so many of us know and love. If you want an initial primer on Mutt, check out my article "Take Mutt for a Walk" from the October 2010 issue. I've written a lot about Mutt in the past, but I realized recently that I never really discussed Mutt's PGP/GPG integration before now.

Mutt PGP/GPG Settings

The first step in the process is to configure Mutt's PGP/GPG settings. Actually, the first step probably should be for you to create a GPG keypair if you haven't already, but that is a topic for another article and one that's already been covered in Linux Journal. Mutt has quite a few settings for PGP, but in my experience, you need to be concerned about only a few. So, add the following lines to your ~/.muttrc file, and I will discuss each of the options in detail:

set pgp_replyencrypt       # now crypt_replyencrypt
set pgp_replysign          # now crypt_replysign
set pgp_replysignencrypted # now crypt_replysignencrypted
set pgp_show_unusable=no

The first thing to notice (and something I didn't realize until I was writing this article) is that Mutt's development release has changed the name of some of these settings. All of the encryption settings used to be prefaced by pgp_, but now some of the settings have been abstracted out presumably to work with things other than PGP and begin with crypt_ instead. In my experience, the old setting names still work, and as that has the widest compatibility, I refer to the settings by those names.

The first three settings enable what I consider to be sane defaults for encrypted e-mail. Although Mutt has a series of settings that let you automatically sign and encrypt every message you send (they all start with pgp_auto or crypt_auto if you are curious), that probably isn't practical for most people. Instead, these pgp_reply settings configure how to behave when you reply to a message that has been signed or encrypted.

The pgp_replyencrypt setting automatically will encrypt replies to encrypted messages, and pgp_replysign automatically will sign messages that have been signed. If a message has been signed and encrypted, the setting pgp_replysignencrypted takes care of automatically encrypting and signing replies. The final setting, pgp_show_unusable=no, will hide any PGP keys in your keychain that have expired, have been revoked or are otherwise unusable.

Use PGP/GPG inside Mutt

Once your PGP settings are in place, Mutt automatically should sign or encrypt replies to encrypted or signed messages in a common-sense way. Of course, that doesn't help with conversations you want to start, or if you want to encrypt or sign a reply to a message that isn't encrypted.

Mutt makes it easy to change the security status of any message before you send it. After you compose and save a message, you will be on a screen that shows you the To, CC, From and Subject for the message. This is the same screen where you would add any attachments and where you press the y key to send the message. The Security field on this screen shows your current PGP settings for the message. If you haven't enabled signing or encryption for the message, this field will be set to None. Otherwise, it might be set to Sign or Encrypt or Sign, Encrypt. To change your security settings, press p and then select from encrypt (e key), sign (s key), sign as (a key), both sign and encrypt (b key) or clear (c key), which disables any security settings. If you choose to encrypt the message, when you send it, Mutt will present you with recipient encryption keys from which to choose.

Mutt PGP/GPG Hooks

Of course, you could enable PGP signing or encryption manually on a per-message basis, but you might have a friend or colleague that you know uses e-mail encryption and to whom you always want to sign or encrypt your messages. In that case, Mutt provides hooks to allow you to configure when to enable security settings automatically.

Let's assume I wanted to sign all messages I send to linuxjournal.com, but I specifically wanted to sign and encrypt messages sent to editor@linuxjournal.com. I would add the following settings to my ~/.muttrc:

send-hook . 'unset pgp_autosign; unset pgp_autoencrypt'
send-hook '~t @linuxjournal.com' 'set pgp_autosign'
send-hook '~t editor@linuxjournal.com' 'set pgp_autosign; 
 ↪set pgp_autoencrypt'

The send-hook setting allows you to configure Mutt settings that apply right before you send a message. The syntax with Mutt hooks is send-hook followed by a pattern, then followed by one or more settings. The initial line:

send-hook . 'unset pgp_autosign; unset pgp_autoencrypt'

is set to match all messages (the . matches anything). It then unsets any automatic signing or encryption. This acts as your default setting, and it's important that it appears before any other PGP-related send-hook lines. This default exists so that if you trigger any other send-hooks and enable automatic signing or encryption when sending to a specific address, this hook will unset it before you send a message to someone else.

The next line will sign any messages sent to linuxjournal.com automatically:

send-hook '~t @linuxjournal.com' 'set pgp_autosign'

The ~t in a hook pattern matches the To header, but the Mutt documentation details a number of other flags you can use to match From, BCC, the e-mail body or other parts of the message. The final line automatically will enable signing and encryption to messages sent to editor@linuxjournal.com:

send-hook '~t editor@linuxjournal.com' 'set pgp_autosign; 
 ↪set pgp_autoencrypt'

With these settings in place, you should be able to feel safe knowing that you won't slip up and accidentally reply to someone's encrypted message in plain text. Plus, you can make sure you always sign messages to your PGP-using friends.

Kyle Rankin is a Tech Editor and columnist at Linux Journal and the Chief Security Officer at Purism. He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O'Reilly books. Rankin speaks frequently on security and open-source software including at BsidesLV, O'Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

Load Disqus comments