# gpg and mutt/neomutt "cannot copy message" issue



## gofer_touch (Apr 25, 2020)

I have recently switched from Thunderbird to neomutt and so far 'fairly' good in terms of things being in working order. I have based my muttrc on an example layout that I found on github:









						dotfiles/muttrc at master · javier-lopez/dotfiles
					

configuration files are king. Contribute to javier-lopez/dotfiles development by creating an account on GitHub.




					github.com
				




by Javier Lopez. His setup was last updated in 2017.

I have come to realize that a number of use flags have since changed in mutt/neomutt since Javier's last edit. For one I believe I may have run into the following issue since I get the same "cannot copy message" error when trying to read an encrypted email:

muttrc template 

The Gnupg section in the above muttrc (lines 252-285) I have used nearly verbatim. My modifications have included:

1) line 262 now has my key id 

2) line 257 has been commented out since it appears to be deprecated in more recent versions of mutt/neomutt.

Can someone kindly recommend how I should modernize the Gnupg section to do the following:

1) Automatically attempt to decrypt and show an email that was sent encrypted. 

2) When responding to an email that was sent encrypted, automatically reply with an encrypted email.

3) When composing an email, show a menu option to encrypt the email; or automatically encrypt the email if the individual's public key is stored in my keychain.

Any guidance on the above would be extremely appreciated!


----------



## zirias@ (Apr 25, 2020)

Well, I can share a configuration snippet that works fine for me using mail/neomutt with security/gnupg.

I don't have all the features you want here and don't know whether they are possible. But automatically decrypting and verifying the signature should work "out of the box" with a correct PGP configuration in (neo)mutt (it does for me), as well as getting a menu how to deal with outgoing mail (I set as default to just always sign with `crypt_autosign=yes`). So, assuming you have a working ~/.gnupg/gpg.conf (with e.g. "default-key" and "encrypt-to") and some pinentry configured in ~/.gnupg/gpg-agent.conf, you might want to take these settings in ~/.muttrc as a starting point:


```
set pgp_decode_command="gpg  --charset utf-8   --status-fd=2 --no-verbose --quiet  --batch  --output - %f"
set pgp_verify_command="gpg   --status-fd=2 --no-verbose --quiet  --batch  --output - --verify %s %f"
set pgp_decrypt_command="gpg   --status-fd=2 --no-verbose --quiet  --batch  --output - %f"
set pgp_sign_command="gpg    --no-verbose --batch --quiet   --output - --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg   --charset utf-8 --no-verbose --batch --quiet   --output - --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="/usr/local/libexec/neomutt/pgpewrap gpg  --charset utf-8    --batch  --quiet  --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_sign_command="/usr/local/libexec/neomutt/pgpewrap gpg  --charset utf-8 --batch --quiet  --no-verbose  --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
set pgp_import_command="gpg  --no-verbose --import %f"
set pgp_export_command="gpg   --no-verbose --export --armor %r"
set pgp_verify_key_command="gpg   --verbose --batch  --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg   --no-verbose --batch --quiet   --with-colons --list-keys %r"
set pgp_list_secring_command="gpg   --no-verbose --batch --quiet   --with-colons --list-secret-keys %r"
set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
set pgp_use_gpg_agent=yes
set pgp_default_key="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
```


----------



## gofer_touch (Apr 28, 2020)

Zirias, please accept my appreciation for your guidance. I took a bit of time in replying to ensure that I had all the pieces where they needed to be and that everything works accordingly. I have essentially replaced the entire gpg section from the previously linked muttrc with what you have added above. This does now work as expected and it has been a seamless process thus far. 
I can say that my switch to mutt is 98% of where I need it to be (the rest is mainly some minor cosmetic stuff). This is going to be my workhorse. I receive and send a lot of email and this is a faster, cleaner and lower resource-involved experience compared to Thunderbird.


----------



## zirias@ (Apr 28, 2020)

Nice, glad it works. And if you get your "advanced" requirements to work as well (like auto encrypt when replying to encrypted), I think you should share that, as there are probably people interested


----------



## gofer_touch (May 1, 2020)

Many thanks again for the heads up in the previous question.

I have settled on a solution that allows me to always encrypt to selected recipients, while defaulting to a normal email behavior for all others.

Here is what I have added to my muttrc


```
#The default behavior is to nor sign and not encrypt messages.

send-hook . 'unset pgp_autosign; unset pgp_autoencrypt'

#However, always sign messages to the following domains

send-hook '~t @protonmail.com' 'set pgp_autosign'

#And always send encrypted messages to these addresses

send-hook email1@protonmail.com set pgp_autoencrypt
send-hook email2@protonmail.com set pgp_autoencrypt

#Use the following keys when encrypting to the above recipients (their keys should already be in your gpg keychain)

pgp-hook email1@protonmail.com 0x01234567890
pgp-hook email2@protonmail.com 0x01234567890
```

So that's it pretty much. I am still testing this out, but so far it seems to work seamlessly. I am sure there are other ways of doing it, but this is easy enough for me to understand and trivial to add additional recipients. Several colleagues have started using protonmail over the years and they insist that this is the way to stay out of the various digital dragnets. 

At any rate, I hope this is helpful to someone.

I did want to know if anyone has a solution to what is probably trivial, but I have not been able to find a good answer. In Thunderbird it was easy to only direct sent messages to be saved on local folders instead of in the sent folder on the imap server. How can I replicate this behavior in mutt? I want to save a copy of all outgoing messages but only want them save to a local sent folder rather than on the server. I am sending email via msmtp if it matters. Many thanks!


----------



## zirias@ (May 1, 2020)

gofer_touch said:


> I did want to know if anyone has a solution to what is probably trivial, but I have not been able to find a good answer. In Thunderbird it was easy to only direct sent messages to be saved on local folders instead of in the sent folder on the imap server. How can I replicate this behavior in mutt? I want to save a copy of all outgoing messages but only want them save to a local sent folder rather than on the server. I am sending email via msmtp if it matters. Many thanks!



Normally, the `record` variable should be all that's needed and default to a local mbox file ~/sent — I use it for the exact opposite as I _want_ all my sent mails on the server — setting it to `+Sent` achieves exactly that. If it doesn't work for you, neomuttrc(5) might be helpful here:

```
record
              Type: string
              Default: "~/sent"

              This specifies the file into which your outgoing messages should
              be appended.  (This is meant as the primary method for saving  a
              copy  of  your messages, but another way to do this is using the
              "my_hdr" command to create a "Bcc:" field with  your  email  ad-
              dress in it.)

              The  value  of  $record  is  overridden  by  the $force_name and
              $save_name variables, and  the  "fcc-hook"  command.   Also  see
              $copy and $write_bcc.
```
Probably the last paragraph is pretty relevant


----------

