How to use PGP / GPG with console mail clients
Part 1 PGP / GPG with PINE
First of all, PGP or GPG are two different encryption/signing
utilities. PGP is made by Pretty Good Privacy and GPG is made
by GNU. These software are used to encrypt and sign documents and
e-mails, and can be used to many other tasks. We will talk here
about setting up PGP/GPG and PINE to work together. We assume
that you know how to setup PINE, PGP and GPG. We will use also
PGP4PINE, which is a program that will be use as interim between
encryption programs and mail clients.
2. PGP / GPG
With PGP / GPG, you just need a KeyID that you can use to sign
and/or encrypt your e-mails.
The name, pgp4pine, stand as an interim program between PGP
and PINE. But, it also supports GPG. First of all, you need to
install the port.
machine# cd /usr/ports/mail/pgp4pine && make all install clean
(NOTE: when this article has been written, there was a problem
with this port at FreeBSD. I sent a problem report, but
I will give you the "simple" fix. You must be in
/usr/ports/mail/pgp4pine and have it extracted)
machine# mv work/pgp4pine-1.76/stamp-h \
Once it's installed, we need to create a .pgp4pinerc.
machine$ cp /usr/local/share/doc/pgp4pine/pgp4pinerc.example \
I will let you configure the "Global Stuff" section because it
is some easy things. The most important thing for us is the
"Profile Stuff" section because it will tell PGP4PINE what kind
of encryption program we use (and which version, for PGP.)
For the next part, I will take pgp6 as an example. Just replace the
"pgp6" for the one you use.
e.g: profile_pgp6_tmpfile -> profile_gpg_tmpfile
* profile_pgp6_tmpfile (default: ~/pgp4pine.tmp)
* profile_pgp6_autosign (default: 0)
* profile_pgp6_autoencrypt (default: 0)
* profile_pgp6_encrypt_to_self (default: 1)
* profile_pgp6_ascii_armor (default: 1)
* profile_pgp6_universal_text (default: 1)
These are to specify where the binaries are.
I encourage you to keep the defaults. Now, we go with the
final step: adding filters lines to the PINE configuration. We
can do it in two ways.
First, by editing your ~/.pinerc and adding (or changing) the
lines starting by "display-filters" and "sending-filters" to:
display-filters=_BEGINNING("-----BEGIN PGP")_ \
/usr/local/bin/pgp4pine -d -i _TMPFILE_
sending-filters=/usr/local/bin/pgp4pine -e -i _TMPFILE_ \
This will auto-verify incoming mail for presence of signatures
or encrypted message. The second one will ask you if you want to
encrypt or sign any outgoing messages (depending on the settings
you put in your .pgp4pinerc.)
The second way is to enter PINE, go in the configuration and
change (near the bottom) display-filters to this line:
_BEGINNING("-----BEGIN PGP")_ /usr/local/bin/pgp4pine -d -i _TMPFILE_
And sending-filters to:
/usr/local/bin/pgp4pine -e -i _TMPFILE_ -r _RECIPIENTS_
If you want PINE to offer pgp4pine for sending mail by default,
go to Setup -> Configuration, and turn on
"compose-send-offers-first-filter". Otherwise, you have to use
Ctrl-N / Ctrl-P to access the filter.
Now you are ready to use PINE to encrypt and sign your emails,
and decrypt/verify the incoming ones.
Next week, MUTT will be the one being worked on. :>
** This article can't be duplicated without permission from **
** Félix-Antoine Paradis or the Idemnia Networks. 2001 **