5.6 Crypto

The mu4e message view supports²⁸ decryption of encrypted messages, as well as verification of signatures. For signing/encrypting messages your outgoing messages, see Signing and encrypting.

Currently, only PGP/MIME is supported; PGP-inline and S/MIME are not.

For all of this to work, gpg-agent must be running, and it must set the environment variable GPG_AGENT_INFO. You can check from emacs with M-x getenv GPG_AGENT_INFO.

In many mainstream Linux/Unix desktop environments, everything works out-of-the-box, but if your environment does not automatically start gpg-agent, you can do so by hand:

$ eval $(gpg-agent --daemon)

This starts the daemon, and sets the environment variable.

5.6.1 Decryption

If you receive messages that are encrypted (using PGP/MIME), mu4e can try to decrypt them, base on the setting of mu4e-decryption-policy. If you set it to t, mu4e attempts to decrypt messages automatically; this is the default. If you set it to nil, mu4e won’t attempt to decrypt anything. Finally, if you set it to 'ask, it asks you what to do, each time an encrypted message is encountered.

When opening an encrypted message, mu consults gpg-agent to see if it already has unlocked the key needed to decrypt the message; if not, it prompts you for a password (typically with a separate top-level window). This is only needed once per session.

5.6.2 Verifying signatures

Some e-mail messages are cryptographically signed, and mu4e can check the validity of these signatures. If a message has one or more signatures, the message view shows an extra header Signature: (assuming it is part of your mu4e-view-fields), and one or more ‘verdicts’ of the signatures found; either verified, unverified or error. For instance:

Signature: unverified (Details)

or

Signature: verified Darrow Andromedus <darrow@rising.com> (Details)

You can see the details of the signature verification by activating the Details or pressing v. This pops up a little window with the details of the signatures found and whether they could be verified or not.

Note that mu4e does not check whether the signer is the same as the sender of the message, since this would cause too many false negatives for senders that use an address that is not part of their certificate. Also, the From: address can easily be forged.

For more information, see the mu-verify manual page.