The mu4e message view supports decryption of encrypted messages, as well as verification of signatures. For signing/encrypting messages your outgoing messages, see Signing and encrypting.
For all of this to work,
gpg-agent must be running, and it
must set the environment variable GPG_AGENT_INFO. You can check from
Emacs with M-x getenv GPG_AGENT_INFO.
In many mainstream Linux/Unix desktop environments, everything works
out-of-the-box, but if your environment does not automatically start
gpg-agent, you can do so by hand:
$ eval $(gpg-agent --daemon)
This starts the daemon, and sets the environment variable.
Some users have reported problems with certain S/MIME-signed messages where mu checks if the certificate has been revoked. This can be avoided by adding disable-crl-checks to ~/.gnupg/gpgsm.conf; alternatively, you could use the gnus-based viewer.
If you receive messages that are encrypted (using PGP/MIME), mu4e
can try to decrypt them, base on the setting of
mu4e-decryption-policy. If you set it to t, mu4e attempts
to decrypt messages automatically; this is the default. If you set it to
nil, mu4e won’t attempt to decrypt anything. Finally, if
you set it to 'ask, it asks you what to do, each time an encrypted
message is encountered.
When opening an encrypted message, mu consults gpg-agent to see if it already has unlocked the key needed to decrypt the message; if not, it prompts you for a password (typically with a separate top-level window). This is only needed once per session.
Some e-mail messages are cryptographically signed, and mu4e can
check the validity of these signatures. If a message has one or more
signatures, the message view shows an extra header Signature:
(assuming it is part of your
mu4e-view-fields), and one or more
‘verdicts’ of the signatures found; either verified, unverified
or error. For instance:
Signature: unverified (Details)
Signature: verified Darrow Andromedus <email@example.com> (Details)
You can see the details of the signature verification by activating the Details or pressing v. This pops up a little window with the details of the signatures found and whether they could be verified or not.
Note that mu4e does not check whether the signer is the same as the sender of the message, since this would cause too many false negatives for senders that use an address that is not part of their certificate. Also, the From: address can easily be forged.
For more information, see the
mu-verify manual page.