SDF Neomutt and GPG - checklist =============================== To set up signing and encryption of e-mails in Neomutt using GPG2: 1. Generate or import your public and private key. Check the output of commands: $ gpg2 --list-secret-keys @sdf.org $ gpg2 --list-keys @sdf.org I had imported keys via gpg instead of gpg2, and my private key wasn't accesible for gpg2. 2. Default settings for: ~/.gnupg/gpg.conf 3. Change settings for: ~/.gnupg/gpg-agent.conf ``` allow-emacs-pinentry allow-loopback-pinentry pinentry-program /usr/pkg/bin/pinentry-curses ``` Path to pinentry-program should be the same as output of: whereis pinentry Only gpg2 is using gpg-agent. 4. Restart gpg-agent: $ gpg-connect-agent reloadagent /bye 5. If you are using Bash change settings for: ~/.bashrc ``` export GPG_TTY="$( tty )" ``` 6. If you are using Bash check settings for: ~/.bash_profile ``` if [ -f ~/.bashrc ]; then . ~/.bashrc fi ``` It must execute .bashrc. 7. Logout and login and check environment variable: $ echo $GPG_TTY It mustn't be empty for gpg-agent to work. 8. Change settings for: ~/.neomuttrc ``` set crypt_use_gpgme = yes set pgp_use_gpg_agent = yes set pgp_self_encrypt = yes set pgp_default_key=0x12341234 set crypt_autosign = yes ``` You must put your key ID in the place of 0x12341234. It's last 8 digits from first step. Set GPGME, because you will be using gpg2. Set gpg-agent, because you will be using gpg2. You could set autosign of all outgoing e-mails. You could set self encrypt of all e-mails to be able to read sent encrypted messages. You shouldn't put set pgp_decrypt_comman and so on, because you are using GPGME. Behavior in Neomutt =================== * Neomutt will mark "good" and "bad" signatures * Neomutt will allow to set P on sending e-mail screen and choose: sign, encrypt and both. * Neomutt before sending signed or encrypted e-maill will open a new screen with gpg-agent to put in a passpharse. -- szczezuja.space CC BY-SA @ Fri 24 Feb 2023 07:53:12 PM CET