Configuring mail client for message signing and encryption

In order to sign and encrypt messages, your mail client must be configured, so it will be able to use signing and encryption software.

The goal is to be able to

• sign and encrypt,
• sign only,
• encrypt only,
• decrypt and
• verify.

In our example, we want to configure an alpine mail client on a FreeBSD operating system to use GNU Privacy Guard (GPG) sign and encryption software. alpine was formerly known as pine. It is assumed, that this software is installed prior to this procedure, that the ports collections is up to date, and, that public keys has been exchanged, and maybe even trusted through key signing parties, between senders and recipients.

In order to support the configuration, a number of scripts are available, that simplifies this task. We will use ez-pine-gpg.

cd /usr/ports/mail/ez-pine-gpg
make
make install

The scripts can be confirmed to exist.

ls /usr/local/bin/ez-*

Run alpine. Press S and C to enter the configuration.

Press Ctrl-W and search for Display Filters.

Press A to add a value.

_LEADING("-----BEGIN PGP")_ /usr/local/bin/ez-pine-gpg-incoming

Find the Sending Filters below.

Press A to add a value and repeat this until the following filters has been added.

/usr/local/bin/ez-pine-gpg-sign-and-encrypt _INCLUDEALLHDRS_ _RECIPIENTS_
/usr/local/bin/ez-pine-gpg-encrypt _RECIPIENTS_
/usr/local/bin/ez-pine-gpg-sign _RECIPIENTS_

Press E and Y to end the configuration.

We can now create a new message, select one or more recipients from our address book, attach one or more documents, fill in a subject and type in our private message.

We can then press Ctrl-X to begin sending and press Ctrl-N to switch through the available signing and encryption combinations. In our example, we want to sign and encrypt. We switch to ez-pine-gpg-sign-and-encrypt, press Y, type in our private key pass phrase, press Y, press Enter and then our signed and encrypted message are sent.

The recipient will receive our message and will be able to read the name and address of sender and the subject. If the recipient has not configured the mail client for reading signed and encrypted mail, our message will be unreadable. If the mail client has been configured, the recipient will be asked to type in the pass phrase of the private key of the recipient.

Be aware, that ez-pine-gpg and other scripts does not encrypt attached files. You should encrypt files separately before attaching them.

gpg --encrypt daemon.jpg

GPG will ask for recipients and then write an encrypted version of the file, named daemon.jpg.gpg, which has been encrypted using the public key of the recipients. The recipient can decrypt the attached file.

gpg --output daemon.jpg --decrypt daemon.jpg.gpg

More files, or directory structures, should be zipped and then encrypted.