How to Use the ciphertext password in the Mutt Mail Client

How to Use the ciphertext password in the Mutt Mail Client

Mutt is an open-source email client in a Linux/UNIX terminal environment. Mutt and Alpine have the most loyal followers among Linux Command Line enthusiasts, not for no reason. Think about the functions that you expect the mail client should have: multi-protocol support (such as POP3, IMAP and SMTP), S/MIME and PGP/GPG integration, session clues, color tag, customizable macros/shortcuts, and so on. In addition, the command-line-based Mutt is compared to the crude browser-based Mail Client (such as Gmail, Ymail) or graphical user interface mail client (such as: Thunderbird, MS Outlook, is a lightweight alternative to using email.

When you want to use Mutt to access or send emails through the company's SMTP/IMAP server, or replace the webpage mail service, you may be concerned with how to protect your email creden( (for example: SMTP/IMAP password), which is stored in a plain text Mutt configuration file (~ /. Muttrc.

There is indeed an easy way to encrypt the Mutt configuration file * for security concerns of these people to prevent this risk. In this tutorial, I describe how to encrypt Mutt sensitive configurations, such as using GnuPG (GPG) to encrypt SMTP/IMAP passwords. GPG is an open-source OpenPGP implementation.

Step 1 (optional): Create a GPG key

Because we will use GPG to encrypt the Mutt configuration file. If you do not have a GPG key, the first step is to create a public/private key pair ). If yes, ignore this step.

To create a new GPG key, run the following command:

$ gpg --gen-key

Select the key type (RSA), key length (2048 bits), and expiration time (0 indicates that the key is not expired ). When the user ID prompt appears, enter the name (Dan Nanni) and email address ([email protected]) associated with the public/private key pair. Finally, enter a password to protect your private key.

Generating a GPG key requires a large number of random bytes to form entropy. Therefore, during key generation, make sure to perform some random behaviors (such as hitting the keyboard, move the mouse or read/write disk ). It takes several minutes or more to generate a GPG key based on the key length.

Step 2: encrypt Mutt sensitive configurations

Next, go ~ Create a new text file in the/. mutt directory, and put some Mutt sensitive configurations that you want to hide in it. In this example, the SMTP/IMAP password is specified.

$ mkdir ~/.mutt$ vi ~/.mutt/password

set smtp_pass="XXXXXXX"set imap_pass="XXXXXXX"

Now you can use your public key to encrypt the file through GPG as follows:

$ gpg -r [email protected] -e ~/.mutt/password

This will create ~ /. Mutt/password. gpg, which is the GPG encrypted version of the original file.

Then delete ~ /. Mutt/password. Only the encrypted version of GPG is retained.

Step 3: create a complete Mutt configuration file

Now you have placed encrypted Mutt sensitive configurations in a separate file. You can ~ /. Muttrc specifies the remaining Mutt configurations. Then add the following line in ~ /. Muttrc end.

source "gpg -d ~/.mutt/password.gpg |"

When you start Mutt, this line will be decrypted ~ /. Mutt/password. gpg, and then apply the decrypted content to your Mutt configuration.

The following shows a complete Mutt configuration example, which allows you to access Gmail through Mutt without exposing your SMTP/IMAP password. Replace yourgmailaccount with your Gmail ID. In addition, you also need to enable "Access to apps that are not secure" in your Goolgle account settings ".

set from = "[email protected]"set realname = "Your Name"set smtp_url = "smtp://[email protected]:587/"set imap_user = "[email protected]"set folder = "imaps://imap.gmail.com:993"set spoolfile = "+INBOX"set postponed = "+[Google Mail]/Drafts"set trash = "+[Google Mail]/Trash"set header_cache =~/.mutt/cache/headersset message_cachedir =~/.mutt/cache/bodiesset certificate_file =~/.mutt/certificatesset move = noset imap_keepalive = 900# encrypted IMAP/SMTP passwordssource "gpg -d ~/.mutt/password.gpg |"

Step 4 (optional): configure the GPG proxy

At this time, you can use the Mutt that encrypts the IMAP/SMTP password. However, every time you run Mutt, you must first be prompted to enter a GPG password to use your private key to decrypt the IMAP/SMTP password.

If you want to avoid such a GPG password prompt, you can deploy a gpg-agent. It runs in the form of a daemon. The gpg-agent can safely cache your GPG password without manual intervention. The gpg can automatically obtain your gpg password from the GPG-agent. If you are using a Linux desktop, you can configure to use specific desktop software equivalent to gpg-agent, such as GNOME-keyring-daemon for gnome Desktop.

You can install gpg-agent on the Debian-based system:

$ sudo apt-get install gpg-agent

Gpg-agent is pre-installed on Red Hat-based systems.

Add the following to your. bashrc file.

envfile="$HOME/.gnupg/gpg-agent.env"if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then    eval "$(cat "$envfile")"else    eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")"fiexport GPG_AGENT_INFO

 

Reload. bashrc, or simply log out and log on again.

$ source ~/.bashrc

Now, make sure that the environment variables of gpg agent info are properly set.

$ echo $GPG_AGENT_INFO/tmp/gpg-0SKJw8/S.gpg-agent:942:1

In addition, when you enter the gpg-agent command, you should see the following information.

$ gpg-agentgpg-agent: gpg-agent running and available

Once the gpg-agent starts running, it will cache your GPG password when you are prompted to enter the password for the first time. After you run Mutt multiple times, you will not be prompted for the GPG password (the gpg-agent is always on, and the cache will not expire ).

Conclusion

In this tutorial, I provide a Mutt sensitive configuration method that uses GnuPG encryption, such as SMTP/IMAP passwords. Note: If you want to use GnuPG to encrypt or sign your email on Mutt, you can refer to the section on how GPG and Mutt are combined in the official guide.

If you know any security tips for using Mutt, share it.