How to set up GPG with various MailClients.


Easy Peasy! Edit your account fromTools/Mail Settings and enter your key ID in the Security tab. Then either check Always sign outgoing mail when using this account or sign on a case-by-case basis by using the Security menu when composing a new message.


From a GPG Mini Howto:

To set things up so you can sign and decrypt messages, you have to enter your GnuPG user ID in the Identity section of the KMail configuration. When you send a new message, the message will not be signed or encrypted by default. You have to check the [Sign message? and [Encrypt message? buttons in the tool bar.

These icons are the ones to the right of the default toolbar, showing a pen signing and a lock respectively. Keep in mind that you don't actually need to encrypt everything. Merely signing will often suffice unless you are paranoid or there's actually something you need to hide.


Download EnigMail, a plugin for Mozilla/Netscape here, install it, tell it which key ID to use, and it works.

It doesn't save your passphrase, and by default remembers it only for 5 minutes. You may wish to tweak this. By default it will sign outgoing mail, but you can change the default action, and when you email you can choose an option under the new EnigMail menu bar for default, signed, encrypted, signed + encrypted sends.

When Enigmail finds a key it doesn't know about, it downloads it for you then tells you that it's an unverified key because EnigMail understands the web of trust and most of the keys you download are likely to be ones that don't meet your WebOfTrust requirements. There is, however, an "Always trust userid" checkbox in the perferences that overcomes this problem. It can also use different keys for different email addresses.

Enigmail refuses to encrypt to newsgroups, even those newsgroups where encrypted messages are acceptable.


Mutt comes with GPG/PGP support by default -- you do not have to do anything special after creating your keys. You can select to sign or encrypt or both a message from the send menu by pgp menu, then sign, encrypt or both. Some options you might want to set to do this by default
  1. always sign outgoing messages by default

set pgp_autosign yes

  1. sign replies to signed messages

set pgp_replysign yes set pgp_replysignencrypted yes

The command to check the envelope on other people's messages is check-traditional-pgp, which is bound to [Esc? [Shift-p? in the index view by default.

If you see

unable to create PGP subprocess! --? -----END PGP SIGNATURE-----

then Mutt could not find gpg(1).


Get the GPG Plugin for Outlook Express (choose the "WinPT Outlook Express Plugin" link). Don't forget to configure the .reg file and tell it where your keys and GPG executable are kept.

Note that some MicrosoftOutlook users can't read some formats of encrypted mail generated by GPG. MicrosoftOutlook cannot handle PGP/MIME (ie, a detached signature in a separate MIME part as specified in RFC:2015). It needs an inlined signature (produced by giving the --textmode option to GPG/PGP), mails have to be

Content-Type: text/plain; charset="us-ascii"

Part of CategoryCryptography