Configuring Your MUA For Use With PGP

Below I deal with how to set up most common MUAs for use with PGP. I give as much detail as I can, but I have not actually tried all of them. Here are the common settings you will need regardless of your MUA:

Keyserver: hkps://hkps.pool.sks-keyservers.net
Signing method: PGP/Mime

NOTE WELL: This page assumes you have GnuPG installed per the instructions on my installation page! You must complete that setup first.

Table of Contents

Thunderbird

Thunderbird is a stand alone graphical mail client based on the Mail and News component of Mozilla. It runs on linux, solaris, windows, MacOS, and probably others.

Install enigmail from here (you must already have GnuPG installed per the docs on this site).

There are two types of settings - the global Enigmail Preferences, and the per-account OpenPGP settings. For the global PGP settings, the defaults are generally good for most people.

Under Account Settings, choose "OpenPGP Security" settings for the account in question and then select:

From now on it should automatically tell you if a signature is verified, and should sign your email by default. You can dynamically disable/change signature/encryption settings in the Compose window with the "Enigmail" menu.

Outlook

Outlook's PGP support isn't stellar - largely because there's not a great set of APIs for people to develop against.

The best solution I know of is GpgOl which is part of Gpg4Win. I know it it supports at least Outlook 2003, but last I checked it didn't support newer versions, it may now.

Also note that it appears the plugin did not support PGP/Mime, last time I checked -- only traditional PGP. This is a large draw-back of using Outlook.

Thanks to Rob Parke, KC Braunschweig, and Michael Royer for helping with the windows side of things.

Apple Mail

If you haven't already, Install GPG Suite which includes GPGMail, a GnuPGP Plugin for Apple Mail. The install is a Mac installer, so it's very straight forward. There are also excellent docs on the site.

In addition to the regular GPG setup mentioned on my main page, you will also need to uncomment the line:


keyserver-options auto-key-retrieve

in your gpg.conf. This is done by default in other distributions of gpg, but not in Mac GnuPG.

The defaults for GPGMail are excellent, I don't recommend any changes.

Outlook Express

By default OE has a broken Mime implementation. If an OE user gets a signed email, it will show both the email and the signature as attachments instead of displaying the message. Most other clients without help will at least show the message in-line. There was an experimental plugin at one point, but it has since disappeared.

Mutt

Mutt is a very modern text-based MUA that runs on a variety of platforms. However, it's designed for unix/linux like OS's, so if you want to use it in Windows, you'll need cygwin. Its supports imap, pop, ssl, pgp, custom keys, and much, much more.

Because it's unix-based, tweaking config files is necessary, and basic unix knowledge is assumed here.

To pgp enable mutt, simply add the following lines to your config your ~/.muttrc or ~/.mutt/muttrc file:


set pgp_verify_sig
set pgp_autosign
set pgp_timeout=32000

At this point, you should be able to fire up mutt and have it automatically verify signatures as well as sign your email. After you are done composing an email, you can use "p" to change the PGP options (sign, encrypt, forget, etc.).

Pine

Pine doesn't really support Mime, or have an API for plugins, and as such, writing a good PGP implementation for pine is not a trivial task. There are a few options for pine, but none of them support PGP/Mime.

Pine Privacy Guard appears to be the best of them, but there's also PGP4Pine (now defunct), PGPEnvelope, PinePGP (defunct?), and Pine-PGP-Filters.

I don't use pine, but I'm happy to hear about any experiences with any of the above.

Denny White wrote in to say he got pinepg working fine with Pine and GnuPG, but in order to have his sent-mail copy encrypted to himself (so he could decrypt it), he had to change:


$command = "$gpg --encrypt ".($comment?"--comment \"$comment\" ":'').

to


$command = "$gpg --encrypt --encrypt-to keyid".($comment?"--comment \"$comment\" ":'').

With keyid replaced with his keyid. Thanks Danny!

Eudora

Eudora, despite it's mind-boglingly still-existent following, is a pretty horrible email client. Nonetheless, if you use it here are some PGP references for you PGPEudora (windows only?), Peics (windows only?), and Mullusc. Additionally, this page talks about using the commercial PGP product with Eudora on a mac.

I don't use Eudora, but I'm happy to hear about any experiences with any of the above.

Evolution

Evolution natively supports GPG signing, verifying, encrypting and decrypting in both traditional and PGP/Mime.