OpenBSD: Configuring mutt & gpg/gpg2

After spending some time configuring the mutt email client to use gpg2 in OpenBSD 6.1 and not finding a straight-forward explanation online, I thought I would document my process so other novice OpenBSD users would not have the same difficulties I had. I have used these same instuctions with some modification to configure mutt on Debian, Arch and other Linuxes, and it has helped me get to a working configuration.

  • Install mutt and gnupg.

# pkg_add -i mutt gnupg [add cyrus-sasl to your package manager on linuxes without it baked in]

A series of options will display. Pick the current version of mutt-1.8.0v3-gpgme-sasl and gnupg-2.1.15p2.

  • Copy the system example gpg.conf file to your home directory.

$ cp /usr/local/share/gnupg/options.skel /home/bedouin/.gnupg/gpg.conf

  • Add this text to the gpg.conf file [seemed necessary on OpenBSD, not on some varieties of Linux sans gnome]

# Enable gpg-agent
pinentry-mode loopback

  • Start the gpg-connect-agent daemon.

$ gpg-connect-agent

  • Import your secret and public keys into your keyring (see man if you need to make them new).

$ gpg2 –decrypt file.sec.gpg | gpg2 –import –batch

  • After import, check to make sure the secret keys imported.

$ gpg2 -K

  • Create a file /home/bedouin/.gnupg/email-password.gpg with this text.

set imap_pass = “yourpassword”
set smtp_pass = “yourpassword”

  • Encrypt email password file.

$ gpg2 –encrypt /home/bedouin/.gnupg/email-password.gpg

  • Finally, create a .muttrc configuration file and add a line to decrypt your password, which also has the benefit of launching gpg-agent and saves your password for use in mutt. Example:

# email configuration

set ssl_starttls = yes

set ssl_force_tls = yes

set folder = imaps://

set spoolfile = imaps://

set postponed = +Drafts

set record = +Sent

set trash = +Trash

mailboxes = +INBOX

set hostname =

set from =

set smtp_url = smtp://

set postpone = ask-yes

set delete = ask-no

set editor = “emacs”

set visual = “emacs”

set noconfirmappend

# Email password
source “gpg2 -dq /home/bedouin/.gnupg/email-password.gpg |”


set pgp_sign_as =

set pgp_use_gpg_agent = yes

set pgp_timeout = 3600

# Reduce polling frequency to a sane level
set mail_check=60

# keep a cache of headers
set header_cache=~/.hcache

# Display download progress
set net_inc=10

This should get you to a working set-up to read and write email. This discussion helps make explicit a few points that took me a few hours to figure out, e.g., without gpg-connect-agent started, I had not imported my secret key into my key ring despite thinking I had.

Also, I tried to indicate where gpg-connect-agent and some of these other steps were unnecessary on Linux distros in an update a year later.

Good luck!

One thought on “OpenBSD: Configuring mutt & gpg/gpg2

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s