On Wed, Sep 1, 2021 at 12:05 PM Jörg Sommer <jo...@jo-so.de> wrote:
> D.J.J. Ring, Jr. schrieb am Di 31. Aug, 17:13 (-0400):
> > Is there a way to get mutt to automatically search for a gpg key for an
> > email sender and put it in my keychain?
>
> If you use Emacs, you can do it there. I've wrote a blogpost (in German)
> about this. https://jo-so.de/2020-11/neomutt.html Maybe you can use a
> translator (https://www.deepl.com/translator) to read the text.
>
> Kind regards
>
> Jörg
>
>
Automatic email encryption for Neomutt with Emacs
✎
Email encryption has always been a bit unwieldy, because it was added to
the email system as an extension only after many years, and it is often
implemented by add-on programs. In Thunderbird, for example, this was the
Enigmail extension, but since version 78, encryption has been integrated
into Thunderbird.
One problem is that you often don't even know that the other person offers
a PGP key and you have to remember to enable encryption when you write. I
myself use Neomutt as an email program and had written myself a program
years ago that uses the send-hook intervention point to set
crypt_autoencrypt. The system also worked quite reliably (but not always).
Recently I discovered Web Key Directory (WKD) for PGP keys, which is much
faster than querying a PGP key server. With gpg --locate-keys ... you can
check availability based on local storage or by WKD; other sources can be
set with --auto-key-locate local,wkd,keyserver,....
So my idea was to use Emacs to check key availability while writing the
text. Roughly speaking, the flow is as follows: when opening the email
(message-mode-hook) in Emacs to compose the text, I start querying the keys
for the named recipients in the background. When saving (before-save-hook)
the query has returned a result for all keys (exit code 0), the field Pgp:
ES is inserted. This entry tells Neomutt to encrypt and sign the email.
(add-hook
'message-mode-hook
(lambda ()
(setq-local
gpg-key-locate
(let ((addrs
(delq
nil
(mapcar
(lambda (el)
(when (string-match "[^ <]+@[^ >]+" el) (match-string 0 el)))
(nconc
(split-string (or (message-field-value "To") "") ",\s*")
(split-string (or (message-field-value "Cc") "") ",\s*")
)))
))
;; Use to blacklist some addresses
;; (delete-if
;; (lambda (el) (find el '("f...@example.org") :test #'string=))
;; addrs)
(when addrs
(start-process-shell-command
"gpg-key-locate"
nil
(concat
"gpg --locate-keys "
(mapconcat 'shell-quote-argument addrs " ")
)))
))
(add-hook
'before-save-hook
(lambda ()
(when (and gpg-key-locate
(string= "exit" (process-status gpg-key-locate))
(= 0 (process-exit-status gpg-key-locate)))
(save-excursion
(message-goto-eoh)
(insert "Pgp: ES\n")
(setq gpg-key-locate nil)
)
))
t t)
))
Use Emacs to autoencrypt emails
Gpg offers the option to lookup a key in the local key storage or via Web
Key Directory (WKD). The WKD lookup is pretty fast and could be done for
every email. Hence, I'm using Emacs to do the lookup while I'm composing
the message and if a key is available for all recipients, I add the header
field Pgp: ES which tells neomutt to enable encryption.
I'm also using trust-model tofu+pgp in gpg.conf to use the Trust on first
use model to ease key verification.
https://wiki.gnupg.org/WKD
https://gnupg.org/ftp/people/neal/tofu.pdf
Keywords: privacy Emacs PGP programming Source/Golem
Copyright © 2017-2021 Jörg Sommer - Imprint & Privacy - Creative Commons
License
