Pine GPG

Pine and GPG keys

This page describes how to use pine together with pinepgp. Both are installed on the CSE system. Familiarity with basic pine usage is assumed.

Setting up pinepgp

  1. First of all, you should create a GPG key for yourself as described in UsingGPG.
  2. Install pinepgp for gpg in your account (yourname@cse.unsw.edu.au is the email address that you created a key for): pinegpg-install yourname@cse.unsw.edu.au If you do not specify the email address, then "encrypt to self" is not enabled, and even you won't be able to read encrypted messages that you have sent.

Using pinepgp

Signing/encrypting an email

When sending an email, you can sign it, to verify you wrote it, and/or you can encrypt it. All of these are done as a "send filter".
  1. Compose an email as usual
  2. When you press Ctrl-X to send, you should get asked "=Send message (unfiltered)?=". You can then press Ctrl-N (Next Filter) to change to gpg-sign, or gpg-encrypt instead of unfiltered.
  3. Once you've chosen the filter, press y to send, and you should be prompted for your passphrase to unlock your key for signing. After typing your passphrase, the message is sent, well done.

Signing an email by default

Pine by default doesn't sign the message. To make it always sign by default, you need to set the gpg-sign filter as the default.
  1. Enter the Pine Setup menu (S in the pine main menu).
  2. Press C for Config.
  3. Scroll down to the [ Composer Preferences ] section.
  4. Select the [ ] compose-send-offers-first-filter option, and press X to turn it on.
  5. Press E to exit setup, then Y to save changes.

Verifying an email

Most signed emails will by default be checked by pinegpg. It will modify the view of the message, adding a header that looks like: --[PinePGP]--------------------------------------------------[begin]-- and a footer like this: --[PinePGP]----------------------------------------------------------- gpg: Signature made Wed Apr 27 19:57:52 2005 EST using DSA key ID XXXXXXX (results) --[PinePGP]----------------------------------------------------[end]-- The results will indicate the validity. To truely validate a key, they must be in your GPG key list. See UsingGPG for information on how to retrieve, add and ultimately trust other people's keys.

Manually verifying an email / detached signature

If your PGP-signed message is not automatically checked (e.g. it has a "detached signature" (the signature is an attachment, the MuttGPG default)), then you must manually verify it.
  1. Turn on full headers: press H. This is needed to get the full email information to the filter.
  2. Press | (the "pipe" key, shift-backspace), to send your message to a command
  3. Type gpg-check if it isn't there already (pine will remember the last-used command). Press return.
  4. You should now get a message indicating the results of the check
You may need to enable full headers before you can do step 1, and pipe command for step 2. To do these:
  1. Enter the Pine Setup menu (S in the pine main menu).
  2. Press C for Config.
  3. Scroll down to the = [ Advanced Command Preferences ]= section.
  4. Select the [ ] enable-full-header-cmd option, and press X to turn it on.
  5. Select the [ ] enable-full-header-and-text option, and press X to turn it on.
  6. Select the [ ] enable-unix-pipe-cmd option, and press X to turn it on.
  7. Press E to exit setup, then Y to save changes.
This method will only work at CSE. We have manually modified gpg-check to handle detached signatures. If you wish to use our gpg-check at home, feel free to copy it. Note that it is covered by the (open source) licences of the software it is derived from: pinepgp and pine pgp filters.

Other questions

Can Pine sign email with a "detached" signature instead of inline/clearsign (like mutt)?
No. Pine does not allow send filters to mess with attachments. If you must do this, you will have to do it by hand:
  • Create your message in a text file
  • Use GPG to create a detached signature, as described in UsingGPG
  • Compose your email in pine, attach your message file, and your GPG signature. You must attach the message file, not copy it in, as the text has to be identical for the signature to be valid.
Last edited by Kam Hoong Cheong 04/04/2011

Tags for this page:

GPG, pine, email, encryption