Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@hjst
Last active February 29, 2024 10:02
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hjst/3f0f763f8dd8e722ae5e to your computer and use it in GitHub Desktop.
Save hjst/3f0f763f8dd8e722ae5e to your computer and use it in GitHub Desktop.
Simple Mutt config for using GnuPG via GPGME
# Old-school GPG config was taken from the following docs. I'm preserving these
# links here just in case I need to configure an old version of mutt & gnupg in
# the future without gpgme.
# * /usr/share/docs/mutt/gpg.rc
# * http://codesorcery.net/old/mutt/mutt-gnupg-howto
# * http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG
#
# Mutt now has solid support for GPGME, which not only makes config much
# simpler and eliminates the need to fork gpg processes & parse their output -
# it also makes working with gpg-agent, kwallet, gnome-keyring etc. a doddle
# (i.e. automatic)
#
# This does of course all assume that gnupg is configured correctly, so check
# ~/.gnupg/gpg.conf and make sure commands like `gpg --list-secret-keys` and
# `gpg --search-keys 0xBE0E47FC` work as expected.
#
# Mutt needs to be built with gpgme support for this to work:
# mutt -v | grep -i gpgme
set crypt_use_gpgme=yes
# Automatically sign all outgoing messages
set crypt_autosign=yes
# Automatically verify the sig of a message when opened
set crypt_verify_sig=yes
# Automatically sign replies to messages which are signed
# Automatically encrypt replies to messages which are encrypted
# Automatically sign replies to messages which are encrypted
set crypt_replysign=yes
set crypt_replyencrypt=yes
set crypt_replysignencrypted=yes
# This enables the new PKA method of key validation via DNS. It's currently
# very rare, but doesn't hurt to enable & test it. See the following links for
# more details:
# http://lists.gnupg.org/pipermail/gnupg-devel/2005-August/022254.html
# https://www.df7cb.de/blog/2007/openpgp-dns.html
# http://www.g10code.de/docs/pka-intro.de.pdf (German PDF)
set crypt_use_pka=yes
# Add OpenPGP header
# See: https://datatracker.ietf.org/doc/draft-josefsson-openpgp-mailnews-header/?include_text=1
my_hdr OpenPGP: url=http://domain.tld/pubkey.asc; id=12345678
@kylemanna
Copy link

Found this helpful after the v2.1 GPG upgrade that broke my non-gpgme mutt config. Have a quarter on me @changetip. Also, For your public URL, you might want to checkout https://keybase.io for your public key hosting, examples:

https://keybase.io/manna
https://keybase.io/manna/key.asc

@kylemanna
Copy link

@hjst Have a quarter @changetip

@kylemanna
Copy link

ChangeTip bot appears br0ke... sigh.

@hjst
Copy link
Author

hjst commented Feb 15, 2015

@kylemanna Glad you found it useful!

I have my public key on my own server more for historical reasons than anything else at this point, and yes I am aware of keybase: https://keybase.io/hjst :-)

@swimm3r
Copy link

swimm3r commented Feb 29, 2024

When I try to open an e-mail, I got this message:

[-- Error: decryption failed: No secret key --]

Do you have any idea why the public key of the sender is not detected?

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment