E-mail security using Mutt and GPG
Most of you would have heard of mutt. Mutt is an MUA, a Mail User Agent,
which is the program that you would use to send and receive mail. So, why
use mutt when there are so many other mail programs available? A bunch of
free and not so free mail readers exist, and each one has its pros and
cons. However, apart from pgp which has add-ons for pgp/gpg support, almost
no other client supports gpg natively. I could be wrong though.
So far, mutt is the best email client I've come across. I quote the Debian
package description for mutt here:
Mutt is a sophisticated text-based Mail User Agent. Some highlights:
o MIME support (including RFC1522 encoding/decoding of 8-bit message
o PGP/MIME support (RFC 2015).
o POP3 support.
o Mailbox threading (both strict and non-strict).
o Default keybindings are much like ELM.
o Keybindings are configurable; Mush and PINE-like ones are provided as
o Handles MMDF, MH and maildir in addition to regular mbox format.
o Messages may be (indefinitely) postponed.
o Color support.
o Highly configurable through easy but powerful rc file.
My favorite feature however, is the PGP support. Yes, mutt integrates
seamlessly with gnupg.
Again, a description of gnupg from the gnupg debian package description
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440.
Yes, pine also has pgp support with pgp4pine and other similar packages.
But it's an add-on, and there are licensing issues with pine.
Here, I'm simply going to give step-by-step instructions for getting onto
the crypto bandwagon:
1) If you use Debian, and don't have either mutt or gnupg, then you can of
course get them with:
# apt-get install mutt gnupg
You should get mutt from woody, as it has all hooks in place for gpg.
2) Now create your keys. This is as simple as doing:
$ gpg --gen-key
Follow the prompts and you'll soon have created your public and private
keys. The private key is kept secret, and the public key is what you
give other people.
The basic idea is that, to send an encrypted message to someone, you
encrypt it with their public key. Similarly, anyone sending an