Linux – automatically encrypt and decrypt emails using gnupg (gpgrelay for unix)


My point of view related to email security is: whenever possible emails should be protected with PGP/GPG while transporting, but it doesn't have sense to store encrypted emails in local mailbox (this doesn't add to security but make complicated searching in mailbox and processing it using scripts).

There is perfect tool for Windows: GPGrelay. It works like local POP3/SMTP relay server, encrypting outgoing emails and decrypting incoming (it can append to incoming email status information about used encryption/checked signature, so user able to see this information in decrypted email received by his MUA) and thus "add PGP support" for any MUA.

I need to find similar tool for Linux.

Running POP3/SMTP relay like GPGrelay is one option, but there are other possible solutions, like using some sendmail-wrapper script for encrypt/sign while sending emails from MUA and some other script executed by procmail or .qmail for decrypt/verify while receiving emails.

For now I've found only kuvert, which is able to encrypt/sign sent emails, but I didn't see any solutions to automatically decrypt/verify emails for GnuPG (I've only seen old procmail recipe for PGP).

I'm using mutt and qmail, so non-universal solutions compatible with them acceptable too. I managed to configure mutt to store in mailbox unencrypted copy of send email, and automatically decrypt email when trying to open it, but this way I see only decrypted email and don't know is it was signed correctly:

set fcc_clear=yes
message-hook '~h"Content-Type: multipart/encrypted"' 'push <decrypt-save>\cu^<Enter>'

Best Answer

There is a new project having this kind of idea but a little more evolved. It is called STEED and is pushed by the maintainer of GnuPG