OpenBSD: Configuring mutt & gpg2

After spending some time configuring the mutt email client to use gpg2 in OpenBSD 6.1 and not finding a straight-forward explanation online, I thought I would document my process so other novice OpenBSD users would not have the same difficulties I had.

  • Install mutt and gnupg.

# pkg_add -i mutt gnupg

A series of options will display. Pick the current version of mutt-1.8.0v3-gpgme and gnupg-2.1.15p2.

  • Copy the system example gpg.conf file to your home directory.

$ cp /usr/local/share/gnupg/gpg-conf.skel /home/bedouin/.gnupg/gpg.conf

  • Add this text to the gpg.conf file.

# Enable gpg-agent
use-agent
pinentry-mode loopback

  • Start the gpg-connect-agent daemon.

$ gpg-connect-agent

  • Import your secret and public keys into your keyring (see man if you need to make them new).

$ gpg2 –decrypt file.sec.gpg | gpg2 –import

  • After import, check to make sure the secret keys imported.

$ gpg2 -K

  • Copy example gpg.rc file from mutt into your home directory.

$ cp /usr/local/share/examples/mutt/examples/gpg.rc /home/bedouin/.mutt/gpg.rc

Then, change every instance of gpg to gpg2 in gpg.rc.

  • Create a file /home/bedouin/.gnupg/email-password.gpg with this text.

set imap_pass = “yourpassword”
set smtp_pass = “yourpassword”

  • Encrypt email password file.

$ gpg2 –encrypt /home/bedouin/.gnupg/email-password.gpg

  • Finally, create a .muttrc configuration file and add a line to decrypt your password, which also has the benefit of launching gpg-agent and saves your password for use in mutt. Example:

# email configuration

set ssl_starttls = yes

set ssl_force_tls = yes

set folder = imaps://user@emailprovider.com:993

set spoolfile = imaps://user@emailprovider.com/INBOX

set postponed = +Drafts

set record = +Sent

set trash = +Trash

mailboxes = +INBOX

set hostname = emailprovider.com

set from = user@emailprovider.com

set smtp_url = smtp://user@emailprovider.com:587

set postpone = ask-no

set delete = ask-yes

set editor = “emacs”

set visual = “emacs”

set noconfirmappend

# Email password
source “gpg2 -dq /home/bedouin/.gnupg/email-password.gpg |”

# GPG

source ~/.mutt/gpg.rc

set pgp_sign_as = user@emailprovider.com

set pgp_use_gpg_agent = yes

set pgp_timeout = 3600

set crypt_autosign = yes

set crypt_replyencrypt = yes

# Reduce polling frequency to a sane level
set mail_check=60

# keep a cache of headers
set header_cache=~/.hcache

# Display download progress
set net_inc=10

This should get you to a working set-up, and it helps make explicit a few points that took me a few hours to figure out, e.g., without gpg-connect-agent started, I had not imported my secret key into my key ring despite thinking I had. 

Good luck!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s