Gnus is able to verify signed messages or decrypt encrypted messages. The formats that are supported are PGP, PGP/MIME and S/MIME, however you need some external programs to get things to work:
The variables that control security functionality on reading/composing messages include:
mm-verify-option
¶Option of verifying signed parts. never
, not verify;
always
, always verify; known
, only verify known
protocols. Otherwise, ask user.
mm-decrypt-option
¶Option of decrypting encrypted parts. never
, no decryption;
always
, always decrypt; known
, only decrypt known
protocols. Otherwise, ask user.
mm-sign-option
¶Option of creating signed parts. nil
, use default signing
keys; guided
, ask user to select signing keys from the menu.
mm-encrypt-option
¶Option of creating encrypted parts. nil
, use the first
public-key matching the ‘From:’ header as the recipient;
guided
, ask user to select recipient keys from the menu.
mml1991-use
¶Symbol indicating elisp interface to OpenPGP implementation for
PGP messages. The default is epg
, but
mailcrypt
is also supported although deprecated. By default,
Gnus uses the first available interface in this order.
mml2015-use
¶Symbol indicating elisp interface to OpenPGP implementation for
PGP/MIME messages. The default is epg
, but
mailcrypt
is also supported although deprecated. By default,
Gnus uses the first available interface in this order.
By default the buttons that display security information are not
shown, because they clutter reading the actual e-mail. You can type
K b manually to display the information. Use the
gnus-buttonized-mime-types
and
gnus-unbuttonized-mime-types
variables to control this
permanently. MIME Commands for further details, and hints on
how to customize these variables to always display security
information.
Snarfing OpenPGP keys (i.e., importing keys from articles into your key ring) is not supported explicitly through a menu item or command, rather Gnus do detect and label keys as ‘application/pgp-keys’, allowing you to specify whatever action you think is appropriate through the usual MIME infrastructure. You can use a ~/.mailcap entry (see mailcap in The Emacs MIME Manual) such as the following to import keys using GNU Privacy Guard when you click on the MIME button (see Using MIME).
application/pgp-keys; gpg --import --interactive --verbose; needsterminal
This happens to also be the default action defined in
mailcap-mime-data
.
More information on how to set things for sending outgoing signed and encrypted messages up can be found in the message manual (see Security in Message Manual).