- Get an SSD cloud server in less than a minute!
- Protect your important files with HubiC. Get your free 35GB account TODAY!
- Get paid for reading email!
- Earn cash while shopping for everyday household items and groceries
With all the privacy issues these days, it is important to encrypt pretty much everything you can. This includes email. So, I went to set up Mutt with encryption. I’m one of those people who likes a “Do this, then do this, then” … etc style how-to. Most things have those readily available, but I haven’t yet been able to find one for mut with encryption. There are a lot of good tutorials out there, but they all seem to assume you have knowledge of what to put where. So, this is a “do this, then do that” … style tutorial.
If you’re interested in why you do the following steps, this is probably not for you.
First, install mut and gnupg. In Arch you do:
pacman -S --needed mutt gnupg
Next, set up your muttrc file with your email information. If you’re not sure how, there are a lot of good tutorials to help. Most of them recommend you put your muttrc in ~/.mutt/muttrc, and this is where I will assume yours is. Since w’re focusing on security, I will also include directions for encrypting your password so it’s not stored in plain text.
Add the following lines to your ~/.mutt/muttrc:
source "gpg -d ~/.mutt/passwd.gpg|"
Next, to get the gpg.rc file:
cp /usr/share/doc/mutt/samples/gpg.rc ~/.mutt/
Finally, add the following to the end of ~/.mutt/gpg.rc:
Later, after we have set up a gpg key, we’ll come back and change KEYNAME to its propper value.
Edit the file ~/.gnupg/gpg.conf and add the following:
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
Edit the file ~/.gnupg/gpg-agent.conf, create it if necessary, and add the following:
Create a key:
Press enter to select the first default. RSA keys may be between 1024 and 4096 bits long. You can select the default of 2048, but of course 4096 will be harder to break. Next, select how long the key is valid.
Enter your name, email, and a comment, e.g., email encryption key. You will be given the chance to change anything you think is wrong. If you are happy with everything the way it is, press o and enter. You will be asked for a password. You need to make a good, strong password. Make sure it has a mix of upper and lower case letters as well as numbers. Don’t lose the password, it will make all this work useless, and you won’t be able to view messages sent to you that are encrypted.
The key will be generated, it takes a while, and while it is being made, try to do some tasks that require you to use the keyboard, mouse, and the disk drives. I am writing this while generating a key, so I’m getting lots of keyboard usage.
When it is finished, you will get a line that reads something like:
gpg: key DFE7A865 marked as ultimately trusted
The name of the key is DFE7A865. Take this number, and edit ~/.mutt/gpg.rc. Change the word KEYNAME to the name of your key. In the case of our example:
If you want to publish your public key to a server:
gpg --send-key DFE7A865
To get the password info encrypted, create the file ~/.mutt/passwd with your favorite text editor. Add the following information:
Now, to encrypt it:
gpg -r EMAIL@DOMAIN.EXT -e ~/.mutt/passwd
replace EMAIL@DOMAIN.EXT with the email address you used to create your gpg key. this will create your encrypted password, and now we need to get rid of the unencrypted version. This is easily done with srm, which is part of the secure-delete package:
That should do it. You should be able to send mail that is automatically signed using your key. To bring up the gpg menu in mut, after composing a message, press p and you will get encryption options. I hope this has been useful, and that all your data remains safe.