Polarwave's OpenBSD
Tips and Tricks for Newbies
| Mutt & GPG Keys |
Mutt & GPG Keys
Exporting & Importing GPG Keyrings in Mutt
Here's a simple way to exchange your gpg public keyring with others while
in your mutt email program without having to exit or shell out.
You can either send to someone by e-mail or save it into a file and transfer
the file. Both approaches work.
Let us say you are using vim/vi as your editor for typing out e-mail and you
have gpg setup.
Then you want to export all the public keys in your keyring so that you can
send it to someone who shares many common friends with you.
There is no need for him to search the keyid of each of the friends and download
each key with "gpg --recv-key" or "gpg --search-key" and sign and trust
each key individually.
Instead he can simply import your keyring.
This is how my friend Girish did it. There might be better ways to achieve it,
but it worked for him and for me too when I tried it.
While you're using mutt with either vi or vim, type this:
:r !gpg --export --armor
This will save the output of the command as text of the e-mail message. Alternately
you can redirect the command to a file:
$ gpg --export --armor > keyring.txt
Now send the mail to your friend.
Your friend can save the e-mail message and import all the public keys in your
keying with this command:
$ gpg --import keyring.txt
gpg will ignore all the e-mail headers and trailers and process the ASCII armored
keys alone.
So, that's how it works! Thanks to Girish for the idea. Here's his web site link:
http://gayatri-hitech.com/
Girish is an old Unix hand and C programmer. He's also a regular contributor
to the on going dialogue on the FreeBSD Questions and OpenBSD Miscellaneous
mailing lists, among others, and has some ports and patches currently submitted,
waiting on approval. He's currently working on a killer top-secret project soon
to be unveiled. :-)
The following is an addition after the original material for this page was posted.
In ~/.gnugp/gpg.conf there's an option, keyserver-options auto-key-retrieve.
If it's commented out, when you open a message in mutt that's signed with someone's
key, if you don't have that person's public key on your keyring, mutt will display this:
PGP signature could NOT be verified.
If you uncomment the above mentioned keyserver option, and have a default keyserver
defined, when you open a signed message for which you don't have the public key on
your keyring, gpg will download it from your default keyserver, but, it'll also add it to
your keyring. If you look at a lot of messages like that, over time you' accumulate a
lot of keys. Here's a way I came up with to leave that gpg.conf option commented
out and, when you come across a signed message from which you do want to add the
public key to your keyring, add this to your gpg section in ~/.muttrc:
pager \ca "|gpg --no-verbose --batch --with-colons --recv-keys %r"
This is assuming your lowercase 'a' is free in your mutt configuration. Then, when you
open the message, even though gpg gives an error message about not being able to
verify the signature, it'll display the user's key ID information in the message body.
Hit Ctrl-a and you'll see the line you previously added to your .muttrc file displayed at
the bottom of the message pane. Copy the person's key ID onto the end of that line
and hit enter. The person's key will be downloaded and added to your keyring. The nice
part is, you can do all of it without having to even shell out, much less close your mail.
Personally, I like having the choice of selection rather than an all or nothing approach.
Back to Tips and Tricks
Home
No affiliation between this site and the OpenBSD project exists or is implied.
