Pick a Free OS

E-mail security using Mutt and GPG


Most of you would have heard of mutt. Mutt is an MUA, a Mail User Agent,

which is the program that you would use to send and receive mail. So, why

use mutt when there are so many other mail programs available? A bunch of

free and not so free mail readers exist, and each one has its pros and

cons. However, apart from pgp which has add-ons for pgp/gpg support, almost

no other client supports gpg natively. I could be wrong though.

So far, mutt is the best email client I've come across. I quote the Debian

package description for mutt here:

Mutt is a sophisticated text-based Mail User Agent. Some highlights:

o MIME support (including RFC1522 encoding/decoding of 8-bit message


o PGP/MIME support (RFC 2015).

o POP3 support.

o Mailbox threading (both strict and non-strict).

o Default keybindings are much like ELM.

o Keybindings are configurable; Mush and PINE-like ones are provided as


o Handles MMDF, MH and maildir in addition to regular mbox format.

o Messages may be (indefinitely) postponed.

o Color support.

o Highly configurable through easy but powerful rc file.

My favorite feature however, is the PGP support. Yes, mutt integrates

seamlessly with gnupg.

Again, a description of gnupg from the gnupg debian package description

GnuPG is GNU's tool for secure communication and data storage.

It can be used to encrypt data and to create digital signatures.

It includes an advanced key management facility and is compliant with the

proposed OpenPGP Internet standard as described in RFC2440.

Yes, pine also has pgp support with pgp4pine and other similar packages.

But it's an add-on, and there are licensing issues with pine.

Here, I'm simply going to give step-by-step instructions for getting onto

the crypto bandwagon:

1) If you use Debian, and don't have either mutt or gnupg, then you can of

course get them with:

# apt-get install mutt gnupg

You should get mutt from woody, as it has all hooks in place for gpg.

2) Now create your keys. This is as simple as doing:

$ gpg --gen-key

Follow the prompts and you'll soon have created your public and private

keys. The private key is kept secret, and the public key is what you

give other people.

The basic idea is that, to send an encrypted message to someone, you

encrypt it with their public key. Similarly, anyone sending an