rss
August 18, 2023

Mutt: store passwords encrypted with GPG

Note: a gpg key pair is a prerequisite to follow this wiki.

In short, these are the commands to store passwords encrypted and tell mutt to retrieve it:

$ cat > path/to/mutt/config/directory/keys.txt << EOF
> set imap_pass = 'password' # or whatever your variables are called
> set smtp_pass = 'password'
> EOF
$ gpg -r your_gpg_id -e path/to/mutt/config/directory/keys.txt
$ rm -i path/to/mutt/config/directory/keys.txt
$ sed -i -e '1i source \"gpg -dq path/to/mutt/config/directory/keys.gpg |\"'

Now I’ll describe the above commands step by step.

First, we need to create a file where you will store the password. We named that file keys.txt but you can name it whatever you like. To do so run:

$ touch path/to/mutt/config/directory/keys.txt

Note: replace path/to/mutt/config/directory/ with the actual path to the mutt configuration directory on your system.

Next we populate keys.txt with the variable.s and password, for example:

set imap_pass = 'password' 
set smtp_pass = 'password'

imap_pass and smtp_pass are the variables.

Replace password with the actual password. Note the surrounding the password.

Tip: we can compress the above steps into one single command:

$ cat > path/to/mutt/config/directory/keys.txt << EOF
> set imap_pass = 'password' # or whatever your variables are called
> set smtp_pass = 'password'
> EOF

Once keys.txt has been created and populated with data, we encrypt it using gpg (note: you need a key pair):

$ gpg -r your_gpg_id -e path/to/mutt/config/directory/keys.txt

We can check that the encrypted file exists.

$ find path/to/mutt/config/directory/ -name keys.gpg
$ file $(!!)

should return the name of the file and tell you that the file is encrypted.

Since we have the encrypted file, we can delete the unencrypted one:

$ rm -i path/to/mutt/config/directory/keys.txt

Now we need to tell muttrc (that is mutt’s configuration file) to source keys.gpg and decrypt it. To do so, we add the line at the top of your muttrc file:

source "gpg -d path/to/mutt/config/directory/keys.gpg |"

Don’t forget the pipe |.

You are done.

Next time you open mutt, a prompt should ask for your gpg password.

Mutt is copyleft-licensed and is maintained by Kevin McCarthy1. It was first written by Michael Elkins and released in 1996.

GNU Privacy Guard or GnuPG or GPG is copyleft-licensed. It is was written by and still maintain by Werner Koch 2. It was first released in 1999.

Source: a snippet written by soardex, a blog post written by Sandy Uraz. I also used mutt’s man page (i.e. $ man mutt) and GPGs manual to double check and clarify my understanding of some of the information I had found on the web. A lot of conversations on the web converged to a discussion from mutt’s mailing list about storing passwords encrypted, unfortunately the tips provided were not much help, maybe too concise or esoteric for me.

  1. $ less /usr/share/doc/mutt/copyright↩︎

  2. $ less /usr/share/doc/gpg/copyright↩︎


personal computing command-line interface (cli) gnu linux trisquel shell literacy office applications wiki gpg mutt

No affiliate links, no analytics, no tracking, no cookies. This work © 2016-2024 by yctct is licensed under CC BY-ND 4.0 .   about me   contact me   all entries & tags   FAQ   GPG public key

GPG fingerprint: 2E0F FB60 7FEF 11D0 FB45 4DDC E979 E52A 7036 7A88