Configuring Your MUA For Use With PGP

Below I deal with how to set up most common MUAs for use with PGP. I give as much detail as I can, but I have not actually tried all of them. Here are the common settings you will need regardless of your MUA:

keyserver: x-hkp://pgp.mit.edu
Signing method: PGP/Mime

NOTE WELL: This page assumes you have GnuPG installed per the instructions on my main PGP page! You must complete that setup first.

Table of Contents

Thunderbird

Thunderbird is a stand alone graphical mail client based on the Mail and News component of Mozilla. It runs on linux, solaris, windows, MacOS, and probably others.

Install enigmail from here (you must already have GnuPG installed per the docs on this site).

Then, inside Thunderbird, go to the Enigmail menu and then Preferences.

Then go to the Tools menu and then "Account Settings". For each account under "OpenPGP Security" section, check:

From now on it should automatically tell you if a signature is verified, and should sign your email by default. You can dynamically disable/change signature/encryption settings in the Compose window with the "OpenPGP" menu.

Another good resource for enigmail is the official installation docs at the Enigmail website.

Outlook

Adding PGP support to Outlook used to be really only possible using the commercial PGP.com software. There was an open source solution called GData, but it was unmaintained, plagued with problem and didn't support anything after Outlook 2000.

GData was recently picked up by someone new and renamed GPGol. This software is significant improvement and works with Outlook XP and 2003.

It appears it is necessary to disable the option to use MS Word as your outlook editor to make the plugin work correctly. Go to the "Tools" menu -> Options -> Mail Format tab. In the "Message Format" section, uncheck "Use Microsoft Word to edit e-mail messages." Click OK.

Also note that it appears the plugin does not support PGP/Mime -- it only supports traditional PGP.

Thanks to Rob Parke, KC Braunschweig, and Michael Royer for helping with the windows side of things.

Apple Mail

Install GPGMail, the GnuPGP Plugin for Apple Mail from http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html. The install is a Mac installer, so it's very straight forward. There are also excellent docs on the site.

In addition to the regular GPG setup mentioned on my main page, you will also need to uncomment the line:


keyserver-options auto-key-retrieve

in your gpg.conf. This is done by default in other distributions of gpg, but not in Mac GnuPG.

Now launch Apple Mail, go to Mail -> Preferences -> PGP. Under Keys:

Under Composing:

Under Viewing:

Note that there is an article here that covers the process from GnuPG install through Apple Mail configs with screen shots.

Outlook Express

By default OE has a broken Mime implementation. If an OE user gets a signed email, it will show both the email and the signature as attachments instead of displaying the message. Most other clients without help will at least show the message in-line. There is a plugin you an try here to add PGP support.

At this point I have not tried it, I have no idea if it works, and I do not support it. If you would like to try and it and let me know how it goes, I would much appreciated it.

Mutt

Mutt is a very modern text-based MUA that runs on a variety of platforms. However, it's designed for unix/linux like OS's, so if you want to use it in Windows, you'll need cygwin. Its supports imap, pop, ssl, pgp, custom keys, and much, much more.

Because it's unix-based, tweaking config files is necessary, and basic unix knowledge is assumed here.

To pgp enable mutt grab the mutt configs for gpg and put that in your ~/.mutt/. You will need to add to your ~/.muttrc or ~/.mutt/muttrc file the line:


source ~/.mutt/mutt_gpg

in order to make that take effect. If you do not yet have a ~/.muttrc or ~/.mutt/muttrc, then you can probably use your distribution's defaults, and create a new one with the above line.

At this point, you should be able to fire up mutt and have it automatically verify signatures as well as sign your email. After you are done composing an email, you can use "p" to change the PGP options (sign, encrypt, forget, etc.).

Pine

Pine doesn't really support Mime, or have an API for plugins, and as such, writing a good PGP implementation for pine is not a trivial task. There are a few options for pine, but none of them support PGP/Mime.

Pine Privacy Guard appears to be the best of them, but there's also PGP4Pine, PGPEnvelope, PinePGP, and Pine-PGP-Filters.

I don't use pine, but I'm happy to hear about any experiences with any of the above.

Denny White wrote in to say he got pinepg working fine with Pine and GnuPG, but in order to have his sent-mail copy encrypted to himself (so he could decrypt it), he had to change:


$command = "$gpg --encrypt ".($comment?"--comment \"$comment\" ":'').

to


$command = "$gpg --encrypt --encrypt-to keyid".($comment?"--comment \"$comment\" ":'').

With keyid replaced with his keyid. Thanks Danny!

Eudora

Eudora, despite it's mind-boglingly still-existent following, is a pretty horrible email client. Nonetheless, if you use it here are some PGP references for you PGPEudora (windows only?), Peics (windows only?), and Mullusc. Additionally, this page talks about using the commercial PGP product with Eudora on a mac.

I don't use Eudora, but I'm happy to hear about any experiences with any of the above.

Evolution

Evolution natively supports GPG signing, verifying, encrypting and decrypting in both traditional and PGP/Mime.