Using PGP with Mail Programs

PGP (and GnuPG) can be seamlessly integrated into mutt, a console-based mail reader. A number of scripts are available for using PGP with pine, another popular mail reader, and mailcrypt allows PGP to be used with emacs. exmh and mew also have PGP support. See the GnuPG notes for references.

Just as there are two ways of digitally signing a file, by including the signature in the file or by creating a detached signature file, so too the mail programs can be set up to digitally sign an email in an analogous two ways. The signature can be incorporated into the body of the message, or provided as an attachment (as you may have noticed in my emails to the LUGOD mailing list). Giving the signature as an attachment appears to be the method preferred by the OpenPGP MIME standard.

The mail program receiving a signed or encrypted file must be correctly configured to handle the PGP data correctly, e.g. to recognise the PGP MIME types. Likewise the transmitting program must correctly label the mail as a PGP MIME type in the headers so that the receiver will recognise the message.

mutt, for instance, provides the digitial signature as an attachment, and in the header files identifies the email as type "multipart/signed" with protocol "application/pgp-signature". On the other hand I have on occasion received a signed email with the signature in the message body but no identifying labels in the headers. mutt does not recognise these types of messages as PGP, but it simple enough to pipe the message into 'gpg --verify' to check the signature. The documents say that in these situations a mail filter such as procmail could be applied to recognise the message and add the appropriate headers, but it's been easier to pipe the message manually.

Finally, PGP Version 6 for Windows has plug-ins for integrating PGP with both Outlook/Outlook Express and Eudora. No plug-in is currently available for Netscape, I believe.


Previous: Current software
Next: Further information and links
Back to index