After spending some time configuring the mutt email client to use gpg2 in OpenBSD 6.1 and not finding a straight-forward explanation online, I thought I would document my process so other novice OpenBSD users would not have the same difficulties I had. I have used these same instuctions with some modification to configure mutt on Debian, Arch and other Linuxes, and it has helped me get to a working configuration.
# pkg_add -i mutt gnupg [add cyrus-sasl to your package manager on linuxes without it baked in]
A series of options will display. Pick the current version of mutt-1.8.0v3-gpgme-sasl and gnupg-2.1.15p2.
- Copy the system example gpg.conf file to your home directory.
$ cp /usr/local/share/gnupg/options.skel /home/bedouin/.gnupg/gpg.conf
- Add this text to the gpg.conf file [seemed necessary on OpenBSD, not on some varieties of Linux sans gnome]
# Enable gpg-agent
- Start the gpg-connect-agent daemon.
- Import your secret and public keys into your keyring (see man if you need to make them new).
$ gpg2 –decrypt file.sec.gpg | gpg2 –import –batch
- After import, check to make sure the secret keys imported.
$ gpg2 -K
- Create a file /home/bedouin/.gnupg/email-password.gpg with this text.
set imap_pass = “yourpassword”
set smtp_pass = “yourpassword”
- Encrypt email password file.
$ gpg2 –encrypt /home/bedouin/.gnupg/email-password.gpg
- Finally, create a .muttrc configuration file and add a line to decrypt your password, which also has the benefit of launching gpg-agent and saves your password for use in mutt. Example:
# email configuration
set ssl_starttls = yes
set ssl_force_tls = yes
set folder = imaps://firstname.lastname@example.org:993
set spoolfile = imaps://email@example.com/INBOX
set postponed = +Drafts
set record = +Sent
set trash = +Trash
mailboxes = +INBOX
set hostname = emailprovider.com
set from = firstname.lastname@example.org
set smtp_url = smtp://email@example.com:587
set postpone = ask-yes
set delete = ask-no
set editor = “emacs”
set visual = “emacs”
# Email password
source “gpg2 -dq /home/bedouin/.gnupg/email-password.gpg |”
set pgp_sign_as = firstname.lastname@example.org
set pgp_use_gpg_agent = yes
set pgp_timeout = 3600
# Reduce polling frequency to a sane level
# keep a cache of headers
# Display download progress
This should get you to a working set-up to read and write email. This discussion helps make explicit a few points that took me a few hours to figure out, e.g., without gpg-connect-agent started, I had not imported my secret key into my key ring despite thinking I had.
Also, I tried to indicate where gpg-connect-agent and some of these other steps were unnecessary on Linux distros in an update a year later.