Cryptography

Email transport is a fundamentally insecure system; messages can be easily intercepted, altered, forged and snooped without much evidence that this has happened. One way of preventing interception and eavesdropping is to increase the security of the network protocols.

pop3, imap and smtp can be encrypted at the network stage with ssl, TLS or ipsec - If possible you should use mutt with ssl enabled for imap and pop3, if only to keep your account password secret. OpenSSH is a freely available alternative to the SSH secure shell that will let you use mutt from any location on any machine you have ssh access-to.

End-to-end encryption and signing

The problem with network approaches to security is that you have no control over mail that passes outside your own physical network. To gain some end-to-end control over this mail you need to encrypt and/or sign the body of the email in your mail user agent - mutt.

This guide isn't going to discuss why you might want to use cryptography. A good place to start reading on the subject is Phil Zimmermann's text "Why I Wrote PGP".

There are three tools that you can use with mutt for this job:

PGP

Pretty Good Privacy is the original pgp tool developed by Phil Zimmerman, now somewhat out of fashion with mutt users since the Free Software gpg tool has matured.

GPG

The Gnu Privacy Guard is a complete and Free replacement for pgp, this is the tool you are likely to be using with mutt.

S/MIME

S/MIME is an alternative and incompatable system to pgp, differing mainly in that it depends on a public key infrastructure rather than the pgp concept of a web-of-trust. S/MIME is also supported by default in the Netscape, Outlook and Outlook Express mail user agents.

There is S/MIME support using the openssl library in the mutt-1.5 development series.

Guides

As well as the official notes for using PGP from within mutt, there is a slightly longer mutt gpg guide. If you are interested in using s/mime, you can read a comparision between S/MIME and OpenPGP.

PGP/GPG Problems with other MUAs

Mutt by default creates PGP/MIME signed and/or encrypted messages in the format specified by RFC 2015. Unfortunately, although an obvious successor to traditional pgp-mail and the only MIME aware alternative to S/MIME (defined by RFC 2311), PGP/MIME format messages are not supported by many other MUAs. This situation may improve with adoption of the OpenPGP replacement to PGP/MIME - OpenPGP is specified by RFC 3156.

When pgp signing mail with mutt, you are likely to have problems when sending to people who use other MUAs, such as Outlook and Outlook Express. These people may see the body of your message as an attachment that needs to be opened in a text viewer - You need to decide whether the advantages of signing everything outweigh the disadvantages of dealing with problems caused by other people's software.

Document Links

Gnu Privacy Guard
A complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
http://www.gnupg.org/
Pretty Good Privacy
Here you may download the latest freeware PGP version for your platform.
http://www.pgpi.org/
OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
http://www.openssh.com/
Why I Wrote PGP
Part of the Original 1991 PGP User's Guide by Philip Zimmermann
http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
mutt gpg guide
step by step introduction to mutt and pgp/gpg
http://codesorcery.net/old/mutt/mutt-gnupg-howto
S/MIME and OpenPGP
A comparison between the two systems
http://www.imc.org/smime-pgpmime.html
RFC 3156
MIME Security with OpenPGP
http://www.rfc-editor.org/rfc/rfc3156.txt
RFC 2015
MIME Security with Pretty Good Privacy (PGP)
http://www.rfc-editor.org/rfc/rfc2015.txt
RFC 2311
S/MIME Version 2 Message Specification
http://www.rfc-editor.org/rfc/rfc2311.txt
using PGP from within mutt
The official mutt/pgp/gpg documentation
http://www.mutt.org/doc/PGP-Notes.txt
This document was last modified on 2012-02-28 21:24:56.
Bruno Postle <bruno@postle.net>
Copyright © 2001 Bruno Postle and others. This guide is released under the Free Documentation License. http://www.gnu.org/licenses/fdl.txt