Hi everybody, especially folks at blinkenshell.
I want to explain how to set up blinkenshell mutt to use gpg encryption for sending and receiving encrypted mails. Here are steps necessary for encrypted messaging.
Having a gpg key secret
First, you need to generate your gpg key for use with blinkenshell mail. You may skip this step if you already have a gpg key.
Issue this command on your desktop computer to generate your key.
Follow the instruction. I suggest you to use your blinkenshell mail address.
Make a note on your gpg passphrase. Never forget the passphrase or your key will be unusable.
You may generate your gpg key on the blinkenshell, but I don't recommend it as blinkenshell doesn't have enough entropy. Use your desktop to generate gpg keys.
Congratulations. Your first gpg key is generated.
Publishing gpg public key to keyserver
Let's move to the next step to export this key to your blinkenshell. On your desktop, issue the following command.
Make a note on your key id associated with your blinkenshell mail address. As a real example, my key id is D21D8761.
pub 4096R/D21D8761 2014-06-27 [expires: 2019-06-26] uid The Fuzzy Whirlpool Thunderstorm (My new 4096bit RSA key)
Your key id is always different from mine.
Export your public key to a keyserver for easier access. Replace D21D8761 with your key id.
# Here you'll export the public key to keys.gnupg.net # There are a lot of keyservers available, # for example pgp.mit.edu and keyserver.ubuntu.com gpg --keyserver keys.gnupg.net --send-keys D21D8761
Importing secret key to Blinkenshell
Export the secret key to file. Replace the key id with yours
gpg --output ~/mysecretkey.gpg --export-secret-keys D21D8761
Your secret key is now exported to file mysecretkey.gpg on your home directory. Now, transfer the secret key to blinkenshell via scp.
scp -P443 ~/mysecretkey.gpg email@example.com:~/
Your secret key is now available on your home directory on blinkenshell.
Now, connect via ssh to blinkenshell and import the secret key for use with blinkenshell mail.
ssh -p 443 firstname.lastname@example.org
Issue the command to import the secret key
gpg --import ~/mysecretkey.gpg
Make sure the key is imported correctly.
Congratulations, you have successfully imported your secret key for use with blinkenshell mail address.
Compiling mutt with support for tls, sasl, imap, and gpgme
Now let's move to mutt configuration. Issue all these commands on your blinkenshell via ssh.
Download mutt source code and signature from bitbucket.
wget -O mutt-1.5.23.tar.gz "https://bitbucket.org/mutt/mutt/downloads/mutt-1.5.23.tar.gz" wget -O mutt-1.5.23.tar.gz.asc "https://bitbucket.org/mutt/mutt/downloads/mutt-1.5.23.tar.gz.asc"
Make gpg to automatically retrieve keys when needed.
echo 'keyserver-options auto-key-retrieve' | tee -a ~/.gnupg/gpg.conf
Verify the integrity of the downloaded mutt source code.
gpg --verify mutt-1.5.23.tar.gz.asc mutt-1.5.23.tar.gz
Make sure the output says "Good signature from...". If it says "Bad signature...", repeat the download process.
Congratulations. You have verified the downloaded source code.
Now is time for mutt compilation and installation. Get yourself an access to buildserver.
Note: buildserver is not available anymore. You can use the installed version instead of compiling your own program.
Type your shell password when asked.
Launch tmux to prevent build interuption
Extract the downloaded mutt source code
tar zxf mutt-1.5.23.tar.gz
Now, let's begin the compilation process.
Change working directory into mutt directory
Define compilation options.
./configure --prefix=$HOME '--with-mailpath=~/Maildir' \ '--with-domain=blinkenshell.org' '--with-gnutls' '--with-sasl' \ '--with-included-gettext' '--with-regex' \ '--enable-pop' '--enable-imap' '--enable-smtp' \ '--enable-gpgme' '--enable-hcache'
Begin compilation process.
time make V=s
When compilation process is finished, install the compiled binary to your home directory.
Exit tmux and close connection to buildserver.
exit [exited] exit Connection to buildserver closed
Now, add $HOME/bin to your environment path
You can make this environment variable persistent by adding the command to your .bashrc or .zshrc
If you are using bash as login shell
echo "export PATH='\$HOME/bin:\$PATH'" | tee -a ~/.bashrc
If you are using zsh as login shell
echo "export PATH='\$HOME/bin:\$PATH'" | tee -a ~/.zshrc
Congratulations, you have a working mutt installed on your home directory.
Let's configure mutt for sending and receiving encrypted mails. Create .muttrc file in your home directory.
Create .muttrc/tmp directory for use with mutt.
mkdir -p .muttrc/tmp
Edit the content of .muttrc as follows.
# replace vim with your favorite text editor, for example nano or ed set editor=vim set hostname="blinkenshell.org" # replace with your realname as you used on your gpg key set realname="The Fuzzy Whirlpool Thunderstorm" set folder=imap://despina:143/ # replace with your blinkenshell username set imap_user=whirlpool set spoolfile=+INBOX mailboxes =INBOX =family set header_cache=~/.cache/mutt set imap_keepalive=300 set mail_check=60 set record=+Sent set smtp_url=smtp://$imap_user@despina/ set ssl_force_tls=yes set ssl_starttls=yes set crypt_autosign=yes set crypt_replysign=yes set crypt_replysignencrypted=yes set crypt_replyencrypt=yes set pgp_use_gpg_agent=yes set crypt_use_gpgme=yes # replace D21D8761 with your gpg key id set pgp_sign_as=D21D8761 set pgp_timeout=300 set tmpdir=~/.mutt/tmp
Accessing mailserver with mutt
Log in to your blinkenshell account. In the ssh shell, launch mutt by typing:
You'll be asked for certificate verification twice. Accept all ssl certificate verification by pressing 'a' button.
Mutt will ask a password to login with mailserver. Just type your shell password to access mailserver.
Password for whirlpool@despina:
Congratulations. You've successfully set up mutt on your blinkenshell. Exit mutt by pressing 'q' button.
Verifying mutt configuration for encrypted messaging
Here you will send me an encrypted mail to verify mutt configuration. Get my public key by issuing the following command.
gpg --keyserver keys.gnupg.net --recv-keys D21D8761
Now, time to test the power of mutt. Launch mutt and compose a mail to me, by pressing 'm' button. Specify recipient by typing my email address.
whirlpool [at] blinkenshell [dot] org
When you're done typing, exit the text editor. Press 'p' for encryption options, choose both signing and encrypting by pressing 'b'. Finally, send your mail by pressing 'y'. Type your gpg passphrase when asked to encrypt and sign the message. If mutt asks for your password again, type your shell password. If mail is successfully sent, mutt will say 'Mail sent'.