Recipe 8.1 Encrypted Mail with Emacs

8.1.1 Problem

You use an Emacs mailer (vm, rmail, etc.) and want to send and receive encrypted email messages.

8.1.2 Solution

Use mailcrypt.el with GnuPG:

~/.emacs:
(load-library "mailcrypt")
(mc-setversion "gpg")

Then open a mail buffer, and use any Mailcrypt functions or variables as desired:

mc-encrypt

Encrypt the mail message in the current buffer

mc-decrypt

Decrypt the mail message in the current buffer

mc-sign

Sign the mail message in the current buffer

mc-verify

Verify the signature of the mail message in the current buffer

mc-insert-public-key

Insert your public key, in ASCII format, into the current buffer

...and many more.

8.1.3 Discussion

Mailcrypt is an Emacs package for encrypting, decrypting, and cryptographically signing email messages. Once you have installed mailcrypt.el in your Emacs load path, e.g., by installing it in /usr/share/emacs/site-lisp, and loaded and configured it in your ~/.emacs file:

(load-library "mailcrypt")
(mc-setversion "gpg")

compose a mail message in your favorite Emacs-based mailer. When done writing the message, invoke:

M-x mc-encrypt

(or select the Encrypt function from the Mailcrypt menu). You'll be prompted for the recipient, whose public key must be on your GnuPG keyring:

Recipients: jones@example.com

and then asked whether you want to sign the message, which is an optional step and requires your GnuPG passphrase.

Sign the message? (y or n)

Then voilà, your message becomes GnuPG-encrypted for that recipient:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 and Gnu Privacy Guard
hQEOAxpFbNGB4CNMEAP/SeAEOPP6XW+uMrkHZ5b2kuYPE5BL06brHNL2Dae6uIjK 
sMBhvKGcS3THpCcXzjCRRAJLsquUaazakXdLveyTRPMa9J7GhRUAJvd8n7ZZ8iRn
...
-----END PGP MESSAGE-----

Finally, send the message normally.

If you receive an encrypted message, and you already have the sender's key (indexed by her email address) on your GnuPG public keyring, simply invoke:

M-x mc-decrypt

for the buffer containing the message. If you receive a signed message, check the signature by invoking: [Recipe 7.15]

M-x mc-verify

Mailcrypt can be finicky about the buffer contents. If all else fails, save the encrypted message to a file and decrypt it with gpg manually. [Recipe 7.5]

By default, Mailcrypt will remember your GnuPG passphrase once entered?but only for the duration of the current Emacs session. You can run mc-deactivate-passwd to force Mailcrypt to erase your passphrase from its memory immediately.

The load-library code given earlier will cause your startup file to abort if Emacs cannot find Mailcrypt. To have it load conditionally, use this instead:

(if (load-library "mailcrypt") t)
        (mc-setversion "gpg"))

8.1.4 See Also

The official web site for Mailcrypt is http://mailcrypt.sourceforge.net. To list all Mailcrypt functions and variables in Emacs, try:

M-x apropos mc-


    Chapter 9. Testing and Monitoring