Smime made easy: using mutt with support for gpgsm

Written on: Tue, 15 Feb 2022 17:02:10 +0000

Background

mutt is tiny but powerful email client. It can be configured for PGP or SMIME. If support for gpgsm is enabled during build, it will be easy to set up s/mime.

First step

Check your mutt build configuration. On Ubuntu 20.04, mutt is configured as follows:

Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  +USE_FCNTL  -USE_FLOCK
+USE_POP  +USE_IMAP  +USE_SMTP
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO
+HAVE_REGCOMP  -USE_GNU_REGEX
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  +HAVE_FUTIMENS
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  +CRYPT_BACKEND_GPGME
-EXACT_ADDRESS  -SUN_ATTACHMENT
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  -HAVE_LIBIDN2  +HAVE_GETSID  +USE_HCACHE
+USE_SIDEBAR  +USE_COMPRESSED  +USE_INOTIFY
-ISPELL

My S/MIME key doesn't show up

I've reviewed my previous guide to set up mutt with S/MIME and got hit by the fact that my imported pkcs12 key doesn't show up when I hit S before sending mail to show S/MIME options.

I've imported my shiny new pkcs12 via smime_keys add_p12 PKCS12_Credential_whirlpool.pfx but the key doesn't show up inside mutt. I even confirmed that the key is listed inside smime_keys list, so what's wrong with my setup?

The solution

It turns out that on Ubuntu 20.04, mutt doesn't use smime_keys database. Instead, it uses gpgsm keyring. So what's the solution?

The solution is rather simple. I need to import pkcs12 key into gpgsm keyring. It took me a while to figure this out.

gpgsm --import PKCS12_Credential_whirlpool.pfx

Finally, mutt is showing my new credential and I can sign my outgoing messages with S/MIME. Neat.