Skip Navigation

Cryptography

Email transport is a fundamentally insecure system; messages can be easily intercepted, altered, forged and snooped without much evidence that this has happened. One way of preventing interception and eavesdropping is to increase the security of the network protocols.

pop3, imap and smtp can be encrypted at the network stage with ssl, TLS or ipsec - If possible you should use mutt with ssl enabled for imap and pop3, if only to keep your account password secret. OpenSSH is a freely available alternative to the SSH secure shell that will let you use mutt from any location on any machine you have ssh access-to.

End-to-end encryption and signing

The problem with network approaches to security is that you have no control over mail that passes outside your own physical network. To gain some end-to-end control over this mail you need to encrypt and/or sign the body of the email in your mail user agent - mutt.

This guide isn't going to discuss why you might want to use cryptography. A good place to start reading on the subject is Phil Zimmermann's text "Why I Wrote PGP".

There are three tools that you can use with mutt for this job:

PGP

Pretty Good Privacy is the original pgp tool developed by Phil Zimmerman, now somewhat out of fashion with mutt users since the Free Software gpg tool has matured.

GPG

The Gnu Privacy Guard is a complete and Free replacement for pgp, this is the tool you are likely to be using with mutt.

S/MIME

S/MIME is an alternative and incompatable system to pgp, differing mainly in that it depends on a public key infrastructure rather than the pgp concept of a web-of-trust. S/MIME is also supported by default in the Netscape, Outlook and Outlook Express mail user agents.

There is S/MIME support using the openssl library in the mutt-1.5 development series.

Guides

As well as the official notes for using PGP from within mutt, there is a slightly longer mutt gpg guide. If you are interested in using s/mime, you can read a comparision between S/MIME and OpenPGP.

PGP/GPG Problems with other MUAs

Mutt by default creates PGP/MIME signed and/or encrypted messages in the format specified by RFC 2015. Unfortunately, although an obvious successor to traditional pgp-mail and the only MIME aware alternative to S/MIME (defined by RFC 2311), PGP/MIME format messages are not supported by many other MUAs. This situation may improve with adoption of the OpenPGP replacement to PGP/MIME - OpenPGP is specified by RFC 3156.

When pgp signing mail with mutt, you are likely to have problems when sending to people who use other MUAs, such as Outlook and Outlook Express. These people may see the body of your message as an attachment that needs to be opened in a text viewer - You need to decide whether the advantages of signing everything outweigh the disadvantages of dealing with problems caused by other people's software.

<< | Up | >>

This document was last modified on 2012-02-28 21:24:56.
Bruno Postle <bruno@postle.net>
Copyright © 2001 Bruno Postle and others. This guide is released under the Free Documentation License. http://www.gnu.org/licenses/fdl.txt