PGP Signature Setup & Config

Wayne Pascoe freebsd at
Tue Apr 15 10:17:47 PDT 2003

On Tue, Apr 15, 2003 at 08:48:59AM -0700, Sêrêciya Kurdistanî wrote:
>   I'm interested in implementing a PGP, and I'd like to poll those
>   of you who could give me pointers on where to start ;)

I would suggest using GNUPG. It's in ports at /usr/ports/security/gnupg

>   1) Where do I go to setup my key(s)?

To create a key, use gpg --gen-key

>      a) should I try to use a specific type of key?
>         any compatibility issues?

I personally use the defaults (DSA and ElGamal key, 1024 bits)
Messages I encrypt can be decrypted by people using GNUPG and PGP alike.

>      b) are there certain key servers preferred for posting public
>         keys?  commercial, non-commercial, etc...

Again, I personally use

>   2) How do I use it with "Mutt"? 

One of the main reasons I moved to mutt was it's simplicity of use with
PGP. In my .muttrc I have the following :

--- Please excuse lines longer than 72 chars here, but I want to show 
the config as it should be

set pgp_decode_command="gpg %?p?--passphrase-fd 0? --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --batch --output - %f"
set pgp_sign_command="gpg --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="pgpewrap gpg -v --batch --output - --encrypt --textmode --armor -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 -v --batch --output - --encrypt --sign %?a?-u %a? --armor -- -r %r -- %f"
set pgp_import_command="gpg --import -v %f"
set pgp_export_command="gpg --export --armor %r"
set pgp_verify_key_command="gpg --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg --batch --with-colons --list-secret-keys %r"
set pgp_getkeys_command=""
set pgp_timeout=120

>      a) are there any automated/simplified interfaces?

Just press y to send :) 

Hope that all helps

Wayne Pascoe

More information about the freebsd-questions mailing list