[gentoo-user] NeoMutt and GnuPG

[gentoo-user] NeoMutt and GnuPG

[Lucas Ramage]

[-- Attachment #1: Type: text/plain, Size: 1098 bytes --]

Hello,

I know I have posted about this once before, but basically, even though I
can receive and decrypt messages in neomutt, I am not able to send
encrypted emails.

Here is my muttrc on github:
https://github.com/lramage94/dotfiles/blob/master/.mutt/muttrc

When I receive an encrypted message, it is all inline:

-----BEGIN PGP MESSAGE-----

ASDKNALSKFASF!#@$!@ # <-- All that good encrypted stuff.

-----END PGP MESSAGE-----

When I send an encrypted message I see two files:

- noname (1kb)
- msg.asc (10kb) # <-- this one changes size depending on my message.

Thanks,

-- 

[image: Visit online journal] <https://lramage94.github.io>

*Lucas Ramage* / Software Engineer
ramage.lucas@openmailbox.org / (941) 404-6794

*PGP Fingerprint* / Learn More <https://emailselfdefense.fsf.org/en/>
EAE7 45DF 818D 4948 DDA7 0F44 F52A 5A96 7B9B 6FB7
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF52A5A967B9B6FB7>

*Visit online journal*
http://lramage94.github.io <https://lramage94.github.io>

[image: Github]  <https://github.com/lramage94>[image: Linkedin]
<https://www.linkedin.com/in/lramage94>

[-- Attachment #2: Type: text/html, Size: 4862 bytes --]

Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

Hi Lucas,

On Mon, 29 Jan 2018 15:20:23 -0500
Lucas Ramage <ramage.lucas94@gmail.com> wrote:
>
>When I send an encrypted message I see two files:
>
>- noname (1kb)
>- msg.asc (10kb) # <-- this one changes size depending on my message.
>

please be more specific, i.e. where did you see those two lines of 
files? In the attachment menu (after sending the mail) or compose menu 
(before you send the mail)? Can you see anchor pairs:

    -----BEGIN PGP MESSAGE-----
    -----END PGP MESSAGE-----

with your mail selected and after invoking :exec view-raw-message from 
NeoMutt’s command prompt?

Also, what is the version of your NeoMutt and the USE-flags.

-- 
Regards,
floyd

Re: [gentoo-user] NeoMutt and GnuPG

[Roger J. H. Welsh]

[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]

Hi Lucas,

> Here is my muttrc on github:
> https://github.com/lramage94/dotfiles/blob/master/.mutt/muttrc
It looks like you are using gpgme, I personally have not set this up for
my neomutt, instead I use a gpg.rc file from the samples provided.

For example;
bzcat /usr/share/doc/neomutt-*/samples/gpg.rc.bz2 > ~/.mutt/gpg.rc
echo "source ~/.mutt/gpg.rc" >> ~/.mutt/muttrc

There are a few other samples in
ls /usr/share/doc/neomutt-*/samples

Maybe there is something there that will fix your issue.

> When I send an encrypted message I see two files:
>
> - noname (1kb)
> - msg.asc (10kb) # <-- this one changes size depending on my message.
Whenever I see an encrypted message on my gmail account, which was
encrypted on my PC, I see the exact same thing. These are the raw
PGP/MIME type files for PGP, as opposed to inline PGP which is embedded
in the plain text.

https://security.stackexchange.com/questions/128368/is-using-pgp-mime-or-pgp-inline-more-secure

On my neomutt, when I press "v" to view attachments, all I can
see is text/plain. I think my neomutt does something automatic to
decrypt the messages.

My source docs I used when setting my gpg up with mutt were:
https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
http://codesorcery.net/old/mutt/mutt-gnupg-howto

I remember in particular reading the codesorcery one pretty closely.
Hope this helps.

--

Roger Welsh
fpr: 2FCB 9E31 EA77 CDEC A3AE  5DD7 D54C C777 553A 180D

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

Hi Roger,

On Wed, 31 Jan 2018 15:01:39 +1300
"Roger J. H. Welsh" <rjhwelsh@gmail.com> wrote:
>Hi Lucas,
>
>> Here is my muttrc on github:
>> https://github.com/lramage94/dotfiles/blob/master/.mutt/muttrc
>It looks like you are using gpgme, I personally have not set this up for
>my neomutt, instead I use a gpg.rc file from the samples provided.
>
>For example;
>bzcat /usr/share/doc/neomutt-*/samples/gpg.rc.bz2 > ~/.mutt/gpg.rc
>echo "source ~/.mutt/gpg.rc" >> ~/.mutt/muttrc

I would not do that. The topic itself is complex enough and sourcing of 
14 ! long and cryptic command lines doesn’t make it better. Also note 
that gpg.rc defines the deprecated ‘pgp_clearsign_command’ variable.

BTW. as we‘re talking about NeoMutt here, I use:

${XDG_CONFIG_HOME:-${HOME}/.}${XDG_CONFIG_HOME:+/}neomutt/neomuttrc

so I can run a parallel Mutt installation when things get broken.

Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no ‘crypt’, 
‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the ebuild and 
especially the comments. This way I only need to set one ! variable to 
get the stuff working:

set crypt_use_gpgme = yes


To be sure you may also set:

# ensure deprecated options are disabled or disarmed
set pgp_autoinline              = no
set pgp_clearsign_command       = ''
set pgp_mime_auto               = ask-yes
set pgp_replyinline             = no


And if one like:

# semi-automated encrypted reply to encrypted messages
# Notes:
#    - this can always be disabled by PGP-menu ('p')
#    - crypt_autoencrypt or crypt_replyencrypt (if set) disables crypt_opportunistic_encrypt
set crypt_opportunistic_encrypt = yes
set crypt_autoencrypt           = no
set crypt_replyencrypt          = no

# whether or not display unusable (revoked, expired, disabled) keys
set pgp_show_unusable           = yes
set crypt_timestamp             = no


With more than one mail address I suggest:
send2-hook  .                         'set pgp_sign_as = ""'
send2-hook  '~f "1st@example\.net$"'  'set pgp_sign_as = "0x0123456789ABCDEF0123456789ABCDEF01234567"'
send2-hook  '~f "2nd@example\.net$"'  'set pgp_sign_as = "0xABCDEF0123456789ABCDEF0123456789ABCDEF01"'


>On my neomutt, when I press "v" to view attachments, all I can
>see is text/plain. I think my neomutt does something automatic to
>decrypt the messages.
>

Indeed, viewing attachments encrypted would break many functions 
otherwise, e.g. piping, printing, saving.

>My source docs I used when setting my gpg up with mutt were:
>https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
>http://codesorcery.net/old/mutt/mutt-gnupg-howto
>

In the meantime NeoMutt != Mutt, so not to forget to mention
<https://www.neomutt.org/guide/>. ;-)


-- 
Regards,
floyd

[gentoo-user] Re: NeoMutt and GnuPG

[Ian Zimmerman]

On 2018-01-31 05:17, Floyd Anderson wrote:

> Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no
> ‘crypt’, ‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the
> ebuild and especially the comments. This way I only need to set one !
> variable to get the stuff working:
> 
> set crypt_use_gpgme = yes

I second that.  This has been my setup for about a year and it just works.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

On Tue, 30 Jan 2018 20:48:02 -0800
Ian Zimmerman <itz@very.loosely.org> wrote:
>On 2018-01-31 05:17, Floyd Anderson wrote:
>
>> Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no
>> ‘crypt’, ‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the
>> ebuild and especially the comments. This way I only need to set one !
>> variable to get the stuff working:
>>
>> set crypt_use_gpgme = yes
>
>I second that.  This has been my setup for about a year and it just works.
>

Yes, and when not (and you are interested in) you may investigate what’s 
going on by invoking:

    `GPGME_DEBUG="9:/tmp/gpgme.log" neomutt`


-- 
Regards,
floyd

Re: [gentoo-user] NeoMutt and GnuPG

[Roger J. H. Welsh]

[-- Attachment #1: Type: text/plain, Size: 3128 bytes --]

On  Wed, Jan 31, 2018 at 05:17:45AM +0100 , Floyd Anderson wrote:
> I would not do that. The topic itself is complex enough and sourcing of 14 !
> long and cryptic command lines doesn’t make it better. Also note that gpg.rc
> defines the deprecated ‘pgp_clearsign_command’ variable.
Right.

> BTW. as we‘re talking about NeoMutt here, I use:
> ${XDG_CONFIG_HOME:-${HOME}/.}${XDG_CONFIG_HOME:+/}neomutt/neomuttrc
> so I can run a parallel Mutt installation when things get broken.
That is a very good point.

> Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no ‘crypt’,
> ‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the ebuild and
> especially the comments. This way I only need to set one ! variable to get
> the stuff working:
>
> set crypt_use_gpgme = yes
>
>
> To be sure you may also set:
> # ensure deprecated options are disabled or disarmed
> set pgp_autoinline              = no
> set pgp_clearsign_command       = ''
> set pgp_mime_auto               = ask-yes
> set pgp_replyinline             = no
>
> And if one like:
> # semi-automated encrypted reply to encrypted messages
> # Notes:
> #    - this can always be disabled by PGP-menu ('p')
> #    - crypt_autoencrypt or crypt_replyencrypt (if set) disables crypt_opportunistic_encrypt
> set crypt_opportunistic_encrypt = yes
> set crypt_autoencrypt           = no
> set crypt_replyencrypt          = no
>
> # whether or not display unusable (revoked, expired, disabled) keys
> set pgp_show_unusable           = yes
> set crypt_timestamp             = no
>
>
> With more than one mail address I suggest:
> send2-hook  .                         'set pgp_sign_as = ""'
> send2-hook  '~f "1st@example\.net$"'  'set pgp_sign_as = "0x0123456789ABCDEF0123456789ABCDEF01234567"'
> send2-hook  '~f "2nd@example\.net$"'  'set pgp_sign_as = "0xABCDEF0123456789ABCDEF0123456789ABCDEF01"'
Thanks for the above, I will certainly revisit this email when I update
my config in the next month or so. :)

>
> > On my neomutt, when I press "v" to view attachments, all I can
> > see is text/plain. I think my neomutt does something automatic to
> > decrypt the messages.
> >
>
> Indeed, viewing attachments encrypted would break many functions otherwise,
> e.g. piping, printing, saving.
So Lucas's original problem sounds like an issue with this, I can only
imagine it is some sort of lack of pgp support.

> > My source docs I used when setting my gpg up with mutt were:
> > https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
> > http://codesorcery.net/old/mutt/mutt-gnupg-howto
> >
>
> In the meantime NeoMutt != Mutt, so not to forget to mention
> <https://www.neomutt.org/guide/>. ;-)
Lol. Of course. I read that for my current setup. Though I never really
got to grips with what gpgme was, as I was more concerned with
bootstrapping a working (neo)mutt configuration, which is why I source
my : "14 ! long and cryptic command lines".

Thanks for the critique Floyd.

--

Roger Welsh
fpr: 2FCB 9E31 EA77 CDEC A3AE  5DD7 D54C C777 553A 180D

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

On Wed, 31 Jan 2018 20:50:13 +1300
"Roger J. H. Welsh" <rjhwelsh@gmail.com> wrote:
>On  Wed, Jan 31, 2018 at 05:17:45AM +0100 , Floyd Anderson wrote:
>
>> > On my neomutt, when I press "v" to view attachments, all I can
>> > see is text/plain. I think my neomutt does something automatic to
>> > decrypt the messages.
>> >
>>
>> Indeed, viewing attachments encrypted would break many functions otherwise,
>> e.g. piping, printing, saving.
>So Lucas's original problem sounds like an issue with this, I can only
>imagine it is some sort of lack of pgp support.

Honestly, I did not comprehended Luca’s issue and therefore have no clue 
for the reason. Perhaps something with mixed and interfering USE-flags. 
IIRC, his prior Mutt installation works after some hiccups.

>> > My source docs I used when setting my gpg up with mutt were:
>> > https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
>> > http://codesorcery.net/old/mutt/mutt-gnupg-howto
>> >
>>
>> In the meantime NeoMutt != Mutt, so not to forget to mention
>> <https://www.neomutt.org/guide/>. ;-)
>Lol. Of course. I read that for my current setup. Though I never really
>got to grips with what gpgme was, as I was more concerned with
>bootstrapping a working (neo)mutt configuration, which is why I source
>my : "14 ! long and cryptic command lines".

Similar here, for a long time I plan to fully switch my setup away from 
widely spread (more or less) static config files, to a more dynamic one 
using Lua. But it works fine and that is murder for the motivation.

>Thanks for the critique Floyd.
>
You’re welcome.


-- 
Regards,
floyd

Re: [gentoo-user] NeoMutt and GnuPG

[Lucas Ramage]

Hello again,

I feel really stupid.

So I had set imap_user/pass, but not smtp_url so I was receiving emails
fine, but then instead of sending them, it was just encrypting them and
saving them via `set record = "+[Gmail]/Sent Mail"`.

** face palm **

Thanks for your help!

Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

On Wed, 31 Jan 2018 12:18:08 -0500
Lucas Ramage <ramage.lucas94@gmail.com> wrote:
>Hello again,
>
>I feel really stupid.
>
>So I had set imap_user/pass, but not smtp_url so I was receiving emails
>fine, but then instead of sending them, it was just encrypting them and
>saving them via `set record = "+[Gmail]/Sent Mail"`.
>
>** face palm **
>
>Thanks for your help!
>

Glad to hear it’s working now. I thought sending/receiving was not the 
problem, so my focus was on GnuPG.

Just a side note, you don’t need the imap and smtp USE-flags in your 
package.use/neomutt file. None of the NeoMutt ebuilds in tree will 
honour it because >=neomutt-20170602 always build those features, look 
at [1][2] and `neomutt -v`.

Also it seems you use NeoMutt 20171208 which has some regressions, so 
consider an update to not run into the next unnecessary issue.


References:
  - [1] <https://github.com/neomutt/neomutt/releases/tag/neomutt-20170602>
  - [2] <https://github.com/neomutt/neomutt/commit/07b78f9>


-- 
Regards,
floyd

Re: [gentoo-user] NeoMutt and GnuPG

[Lucas Ramage]

[-- Attachment #1: Type: text/plain, Size: 244 bytes --]

Oh excellent! I will drop those in my dotfiles.

I am going to try and write some of this down in the Gentoo Wiki since
there isn't really that much on the existing page.

https://wiki.gentoo.org/wiki/Mutt

There isn't even a page for NeoMutt.

[-- Attachment #2: Type: text/html, Size: 1030 bytes --]