Encrypt email to known GPG users with mutt using crypt_opportunistic_encrypt
If you use mutt and GPG, you may want to say that messages sent to other GPG users should be encrypted by default, and others should not.
This used to be surprisingly hacky to do, with the most common solution apparently being a script that listed known GPG keys and added mutt hooks to enable them. This was ugly and it also didn't work well because it would try to encrypt messages as soon as some recipient supported GPG, even when all recipients did not.
This post advertises a recent solution to this problem: the crypt_opportunistic_encrypt setting of mutt, which was merged1 in mutt version 1.5.24 (the one currently in Debian testing). This setting allows you to do essentially what the hacky script did, but in a much cleaner and simple way, also fixing the problem I mentioned.
I am currently using the setting in my mutt config and I am quite happy about it. Here are things to know when the setting is enabled:
- The choice to encrypt or not encrypt the message is toggled whenever the recipients are edited, it's not only based on the initial recipients.
- Encryption is chosen only if all recipients have a key.
- You can always edit signing options
with the usual
pgp-menu
command ('p'). You can also disable the opportunistic encryption setting for a single message in thepgp-menu
and you can then fall back to configuring encryption in the usual way. - Encryption is enabled as soon as the recipients have a GPG key that looks
reasonable (i.e., when I tested, it was not enabled for recipients where all
keys were either disabled or expired), but there is no
check2 to see whether
the key is known to be valid. If a recipient has no trusted key, you will
get the usual prompt to choose a key and confirm that you want to use the
key even though its validity is unknown. If you get too
many of these prompts, you can consider adding
set crypt_use_gpgme=no
to yourmuttrc
. - GPG seems to get invoked for the purposes of the option, so, whenever gpg decides to (presumably) check the trustdb, mutt may mysteriously hang. Just be patient.
-
I think that this is quite reasonable, because in practice active attacks with GPG are not a huge problem, much less than the problem that few people are using GPG. I think it especially makes sense in combination with GPG's recent support of trust on first use (TOFU) to make it less painful to use. ↩