-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, July 28 at 05:12 PM, quoth Michele Martone: > I was wondering about some way to protect the passwords potentially > stored in the mutt rc files (i have multiple acccounts, and I feel > unconfortable remembering and typing all of them each time using > mutt) on my Linux laptop.
The obvious answer is: don't store them in the mutt rc files. Instead, store them somewhere in encrypted form and extract them when mutt is loaded. For example: set imap_pass=`getpassword [EMAIL PROTECTED] Programs that can be used to do this include pwsafe (http://nsd.dyndns.org/pwsafe/) and passwords (http://passwords.sourceforge.net/). But you can do it even more simply than that! For example, you can use gpg to encrypt a file that looks like this: export ACCT1_PASS=thepassword export ACCT2_PASS=theotherpassword export ACCT3_PASS=yetanotherpassword Then, once you've encrypted it, you can create a wrapper command for mutt that will decrypt it and use it to put those passwords into mutt's environment: #!/bin/sh pwds=`gpg --decrypt ~/.passwords` eval "$pwds" exec mutt "$@" And finally, in your muttrc, you can simply have things like this: set imap_pass=$ACCT1_PASS or: account-hook account2 'set imap_pass=$ACCT2_PASS' Thus, you will be prompted once for a passphrase when mutt loads, and after that mutt will use those passwords as it needs them without additional overhead. Nothing will be stored in plaintext on disk, your encryption is guaranteed to be world-class, and best of all: it will work on virtually any Unix machine. > But how about storing a whole encrypted muttrc file and letting mutt > to decrypt it with some passphrase ? That seems like overkill to me. ~Kyle - -- All we have to decide is what to do with the time that is given us. -- Gandalf the Grey -----BEGIN PGP SIGNATURE----- Comment: Thank you for using encryption! iEYEARECAAYFAkiOCKgACgkQBkIOoMqOI14JMACgvaPBdVSUqbnPjYXpz21FrlvM K98An2uqhZ3eZ0o4FTZfwoduMLuvEZ9B =TVF/ -----END PGP SIGNATURE-----
