Mutt: store passwords encrypted with GPG
gpg key pair is a prerequisite to follow this wiki.
In short, these are the commands to store passwords encrypted and tell mutt to retrieve it:
$ cat > path/to/mutt/config/directory/keys.txt << EOF > set imap_pass = 'password' # or whatever your variables are called > set smtp_pass = 'password' > EOF $ gpg -r your_gpg_id -e path/to/mutt/config/directory/keys.txt $ rm -i path/to/mutt/config/directory/keys.txt $ sed -i -e '1i source \"gpg -dq path/to/mutt/config/directory/keys.gpg |\"'
Now I’ll describe the above commands step by step.
First, we need to create a file where you will store the password. We named that file
keys.txt but you can name it whatever you like. To do so run:
$ touch path/to/mutt/config/directory/keys.txt
path/to/mutt/config/directory/ with the actual path to the mutt configuration directory on your system.
Next we populate
keys.txt with the variable.s and password, for example:
set imap_pass = 'password' set smtp_pass = 'password'
smtp_pass are the variables.
password with the actual password. Note the
’ surrounding the password.
Tip: we can compress the above steps into one single command:
$ cat > path/to/mutt/config/directory/keys.txt << EOF > set imap_pass = 'password' # or whatever your variables are called > set smtp_pass = 'password' > EOF
keys.txt has been created and populated with data, we encrypt it using
gpg (note: you need a key pair):
$ gpg -r your_gpg_id -e path/to/mutt/config/directory/keys.txt
We can check that the encrypted file exists.
$ find path/to/mutt/config/directory/ -name keys.gpg $ file $(!!)
should return the name of the file and tell you that the file is encrypted.
Since we have the encrypted file, we can delete the unencrypted one:
$ rm -i path/to/mutt/config/directory/keys.txt
Now we need to tell
muttrc (that is mutt’s configuration file) to source
keys.gpg and decrypt it. To do so, we add the line at the top of your muttrc file:
source "gpg -d path/to/mutt/config/directory/keys.gpg |"
Don’t forget the pipe
You are done.
Next time you open mutt, a prompt should ask for your
Mutt is copyleft-licensed and is maintained by Kevin McCarthy1. It was first written by Michael Elkins and released in 1996.
GNU Privacy Guard or GnuPG or GPG is copyleft-licensed. It is was written by and still maintain by Werner Koch 2. It was first released in 1999.
Source: a snippet written by soardex, a blog post written by Sandy Uraz. I also used mutt’s man page (i.e.
$ man mutt) and GPG’s manual to double check and clarify my understanding of some of the information I had found on the web. A lot of conversations on the web converged to a discussion from mutt’s mailing list about storing passwords encrypted, unfortunately the tips provided were not much help, maybe to concise or esoteric for me.