Annotation of wikisrc/users/wiz/mutt-smime.mdwn, revision 1.1
1.1 ! wiz 1: # Setting up mutt with S/MIME support using gpgme
! 2:
! 3: When trying to set mutt up for use with S/MIME you will find guides
! 4: like [[this one|http://equiraptor.com/smime_mutt_how-to.html]] or
! 5: [[this other one|https://kb.wisc.edu/middleware/page.php?id=4091]]
! 6: which tell you how to enable the openssl support and how to configure
! 7: it.
! 8:
! 9: This is what I did at first, but when my key expired and I created a
! 10: new one, I found out that this setup only supports one secret key at a
! 11: time; i.e., when I switched to the new key, I could not read my old
! 12: emails any longer.
! 13:
! 14: By lucky accident, I found the second supported method using
! 15: [[gpgme|https://www.gnupg.org/related_software/swlist.html#gpgme]]
! 16: that is much easier to set up and use, and does support multiple
! 17: secret keys, but lacks documentation.
! 18:
! 19: So here's the documentation for this setup.
! 20:
! 21: # mutt
! 22:
! 23: ## mutt compilation
! 24:
! 25: When compiling mutt, you need to have gpgme installed and use mutt
! 26: configure's --enable-gpgme flag.
! 27: You also need gnupg version 2.x installed.
! 28:
! 29: In pkgsrc, set
! 30:
! 31: PKG_OPTIONS.mutt= gpgme
! 32:
! 33: in your /etc/mk.conf.
! 34:
! 35: ## mutt setup
! 36:
! 37: Add
! 38:
! 39: set crypt_use_gpgme=yes
! 40:
! 41: to your .muttrc. That's it.
! 42:
! 43: (If your .muttrc "source"s smime.rc or gpg.rc, you can comment out
! 44: these lines, you don't need them any longer.)
! 45:
! 46: # gpgme
! 47:
! 48: ## gpg-agent
! 49:
! 50: You can use generic setup instructions for gnupg 2.x instead of this
! 51: section; I include them for completeness. They also apply for PGP, so
! 52: if you have that set up for gnupg 2.x already, you can skip it.
! 53:
! 54: You need to have a gpg-agent running. The suggest setup (by gnugp) is
! 55: running it from your X startup file, or from your login shell startup
! 56: script.
! 57:
! 58: Short documentation for the latter and zsh:
! 59:
! 60: ### gnupg 2.0
! 61:
! 62: Add to .zlogin:
! 63:
! 64: gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gpg-agent-info"
! 65:
! 66: Add to .zshrc:
! 67:
! 68: export GPG_TTY=$(tty)
! 69: # only needed for 2.0, not for 2.1
! 70: if [ -f "${HOME}/.gpg-agent-info" ]; then
! 71: . "${HOME}/.gpg-agent-info"
! 72: export GPG_AGENT_INFO
! 73: export SSH_AUTH_SOCK
! 74: fi
! 75:
! 76: ### gnupg 2.1
! 77:
! 78: Much easier, just add to .zshrc:
! 79:
! 80: export GPG_TTY=$(tty)
! 81:
! 82: ### pinentry
! 83:
! 84: Choose a pinentry program in your .gnupg/gpg-agent.conf, for example:
! 85:
! 86: pinentry-program /usr/pkg/bin/pinentry-curses
! 87:
! 88: ## gpgsm
! 89:
! 90: Now for the actual S/MIME part of the setup.
! 91:
! 92: ### Own key
! 93:
! 94: Get a certificate, e.g. from CAcert or Thawte. Export the certificate
! 95: from your browser (or the OS X keychain) with a password, you'll get a
! 96: .p12 file.
! 97:
! 98: Then just import the file:
! 99:
! 100: gpgsm --import keyfile.p12
! 101:
! 102:
! 103: ### Other keys
! 104:
! 105: The same as your own key, but the keyfile doesn't need to be encrypted.
! 106:
! 107: gpgsm --import keyfile.p12
! 108:
! 109:
! 110: ### Intermediate Certificates
! 111:
! 112: You might be missing certificates. Then you will see errors like this:
! 113:
! 114: gpgsm: issuer certificate {ADBD987A34B426F7FAC42654EF03BDE024CB541A} not found using authorityKeyIdentifier
! 115:
! 116: Google the hash and you'll probably find the corresponding
! 117: certificate, at least that's what worked for me.
! 118:
! 119: ### Trust
! 120:
! 121: You'll have to tell gpgsm which certificates you trust.
! 122:
! 123: gpgsm -k --with-validation
! 124:
! 125: In case this doesn't happen, you'll see
! 126:
! 127: Problem signature
! 128:
! 129: in mutt, or it will hang decoding a message until you interrupt it.
! 130:
! 131: ### Multiple Secret Keys
! 132:
! 133: In case you have multiple secret keys (e.g. some expired ones and a
! 134: current one), you can choose the default one by adding
! 135:
! 136: local-user XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
! 137:
! 138: to your .gnupg/gpgsm.conf config file, where
! 139: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX is the
! 140: fingerprint of your key. If you don't know it, you can find it using
! 141:
! 142: gpg -K your@email.address
! 143:
! 144: or just
! 145:
! 146: gpg -K
! 147:
! 148: If you don't set this, gpgsm will use the first secret key in your
! 149: keychain.
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to mutt-smime.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / users / wiz