After spending some time configuring the mutt email client to use gpg2 in OpenBSD 6.1 and not finding a straight-forward explanation online, I thought I would document my process so other novice OpenBSD users would not have the same difficulties I had.
- Install mutt and gnupg.
# pkg_add -i mutt gnupg
A series of options will display. Pick the current version of mutt-1.8.0v3-gpgme and gnupg-2.1.15p2.
- Copy the system example gpg.conf file to your home directory.
$ cp /usr/local/share/gnupg/gpg-conf.skel /home/bedouin/.gnupg/gpg.conf
- Add this text to the gpg.conf file.
# Enable gpg-agent
- Start the gpg-connect-agent daemon.
- Import your secret and public keys into your keyring (see man if you need to make them new).
$ gpg2 –decrypt file.sec.gpg | gpg2 –import
- After import, check to make sure the secret keys imported.
$ gpg2 -K
- Copy example gpg.rc file from mutt into your home directory.
$ cp /usr/local/share/examples/mutt/examples/gpg.rc /home/bedouin/.mutt/gpg.rc
Then, change every instance of gpg to gpg2 in gpg.rc.
- Create a file /home/bedouin/.gnupg/email-password.gpg with this text.
set imap_pass = “yourpassword”
set smtp_pass = “yourpassword”
- Encrypt email password file.
$ gpg2 –encrypt /home/bedouin/.gnupg/email-password.gpg
- Finally, create a .muttrc configuration file and add a line to decrypt your password, which also has the benefit of launching gpg-agent and saves your password for use in mutt. Example:
# email configuration
set ssl_starttls = yes
set ssl_force_tls = yes
set folder = imaps://email@example.com:993
set spoolfile = imaps://firstname.lastname@example.org/INBOX
set postponed = +Drafts
set record = +Sent
set trash = +Trash
mailboxes = +INBOX
set hostname = emailprovider.com
set from = email@example.com
set smtp_url = smtp://firstname.lastname@example.org:587
set postpone = ask-no
set delete = ask-yes
set editor = “emacs”
set visual = “emacs”
# Email password
source “gpg2 -dq /home/bedouin/.gnupg/email-password.gpg |”
set pgp_sign_as = email@example.com
set pgp_use_gpg_agent = yes
set pgp_timeout = 3600
set crypt_autosign = yes
set crypt_replyencrypt = yes
# Reduce polling frequency to a sane level
# keep a cache of headers
# Display download progress
This should get you to a working set-up, and it helps make explicit a few points that took me a few hours to figure out, e.g., without gpg-connect-agent started, I had not imported my secret key into my key ring despite thinking I had.