On Wed, Sep 1, 2021 at 12:05 PM Jörg Sommer <jo...@jo-so.de> wrote: > D.J.J. Ring, Jr. schrieb am Di 31. Aug, 17:13 (-0400): > > Is there a way to get mutt to automatically search for a gpg key for an > > email sender and put it in my keychain? > > If you use Emacs, you can do it there. I've wrote a blogpost (in German) > about this. https://jo-so.de/2020-11/neomutt.html Maybe you can use a > translator (https://www.deepl.com/translator) to read the text. > > Kind regards > > Jörg > > Automatic email encryption for Neomutt with Emacs ✎ Email encryption has always been a bit unwieldy, because it was added to the email system as an extension only after many years, and it is often implemented by add-on programs. In Thunderbird, for example, this was the Enigmail extension, but since version 78, encryption has been integrated into Thunderbird.
One problem is that you often don't even know that the other person offers a PGP key and you have to remember to enable encryption when you write. I myself use Neomutt as an email program and had written myself a program years ago that uses the send-hook intervention point to set crypt_autoencrypt. The system also worked quite reliably (but not always). Recently I discovered Web Key Directory (WKD) for PGP keys, which is much faster than querying a PGP key server. With gpg --locate-keys ... you can check availability based on local storage or by WKD; other sources can be set with --auto-key-locate local,wkd,keyserver,.... So my idea was to use Emacs to check key availability while writing the text. Roughly speaking, the flow is as follows: when opening the email (message-mode-hook) in Emacs to compose the text, I start querying the keys for the named recipients in the background. When saving (before-save-hook) the query has returned a result for all keys (exit code 0), the field Pgp: ES is inserted. This entry tells Neomutt to encrypt and sign the email. (add-hook 'message-mode-hook (lambda () (setq-local gpg-key-locate (let ((addrs (delq nil (mapcar (lambda (el) (when (string-match "[^ <]+@[^ >]+" el) (match-string 0 el))) (nconc (split-string (or (message-field-value "To") "") ",\s*") (split-string (or (message-field-value "Cc") "") ",\s*") ))) )) ;; Use to blacklist some addresses ;; (delete-if ;; (lambda (el) (find el '("f...@example.org") :test #'string=)) ;; addrs) (when addrs (start-process-shell-command "gpg-key-locate" nil (concat "gpg --locate-keys " (mapconcat 'shell-quote-argument addrs " ") ))) )) (add-hook 'before-save-hook (lambda () (when (and gpg-key-locate (string= "exit" (process-status gpg-key-locate)) (= 0 (process-exit-status gpg-key-locate))) (save-excursion (message-goto-eoh) (insert "Pgp: ES\n") (setq gpg-key-locate nil) ) )) t t) )) Use Emacs to autoencrypt emails Gpg offers the option to lookup a key in the local key storage or via Web Key Directory (WKD). The WKD lookup is pretty fast and could be done for every email. Hence, I'm using Emacs to do the lookup while I'm composing the message and if a key is available for all recipients, I add the header field Pgp: ES which tells neomutt to enable encryption. I'm also using trust-model tofu+pgp in gpg.conf to use the Trust on first use model to ease key verification. https://wiki.gnupg.org/WKD https://gnupg.org/ftp/people/neal/tofu.pdf Keywords: privacy Emacs PGP programming Source/Golem Copyright © 2017-2021 Jörg Sommer - Imprint & Privacy - Creative Commons License