Product SiteDocumentation Site

8.9. GPG agent

It is very common nowadays to digitally sign (and sometimes encrypt) e-mail. You might, for example, find that many people participating on mailing lists sign their list e-mail. Public key signatures are currently the only means to verify that an e-mail was sent by the sender and not by some other person.
Debian GNU/Linux provides a number of e-mail clients with built-in e-mail signing capabilities that interoperate either with gnupg or pgp:
  • evolution.
  • mutt.
  • kmail.
  • icedove (rebranded version of Mozilla's Thunderbird) through the http://enigmail.mozdev.org/ plugin. This plugin is provided by the enigmail package.
  • sylpheed. Depending on how the stable version of this package evolves, you may need to use the bleeding edge version, sylpheed-claws.
  • gnus, which when installed with the mailcrypt package, is an emacs interface to gnupg.
  • kuvert, which provides this functionality independently of your chosen mail user agent (MUA) by interacting with the mail transport agent (MTA).
Key servers allow you to download published public keys so that you may verify signatures. One such key server is http://wwwkeys.pgp.net. gnupg can automatically fetch public keys that are not already in your public keyring. For example, to configure gnupg to use the above key server, edit the file ~/.gnupg/options and add the following line: [57]
keyserver wwwkeys.pgp.net
Most key servers are linked, so that when your public key is added to one server, the addition is propagated to all the other public key servers. There is also a Debian GNU/Linux package debian-keyring, that provides all the public keys of the Debian developers. The gnupg keyrings are installed in /usr/share/keyrings/.
For more information:


[57] For more examples of how to configure gnupg check /usr/share/doc/mutt/examples/gpg.rc.