You can read encrypted or signed PGP or GPG messages with MH-E22. This section assumes that you already have a good understanding of GPG and have set up your keys appropriately.
If someone sends you a signed message, here is what you’ll see:
[[PGP Signed Part:Bill Wohler <email@example.com>]] This is a signed message. [[End of PGP Signed Part]]
If the key for the given signature is not in your keychain, you’ll be given the opportunity to fetch the key from a key server and verify the key. If the message is really large, the verification process can take a long time. You can press C-g at any time to cancel23.
If the signature doesn’t check out, you might see something like this:
[[PGP Signed Part:Failed]] This is a signed message. This is garbage added after the signature was made. [[End of PGP Signed Part]]
If someone sends you an encrypted message, MH-E will ask for your passphrase to decrypt the message. You should see something like this:
[[PGP Encrypted Part:OK]] [[PGP Signed Part:Bill Wohler <firstname.lastname@example.org>]] This is the secret message. [[End of PGP Signed Part]] [[End of PGP Encrypted Part]]
If there is a problem decrypting the message, the button will say:
[[PGP Encrypted Part:Failed]]
You can read the contents of this button using the methods described in Viewing Attachments. If the message were corrupted, you’d see this:
[[PGP Encrypted Part:Failed] Invalid base64 data]
If your passphrase were incorrect, you’d see something like this:
[GNUPG:] ENC_TO CD9C88BB610BD9AD 1 0 [GNUPG:] USERID_HINT CD9C88BB610BD9AD Bill Wohler <email@example.com> [GNUPG:] NEED_PASSPHRASE CD9C88BB610BD9AD CD9C88BB610BD9AD 1 0 [GNUPG:] BAD_PASSPHRASE CD9C88BB610BD9AD gpg: encrypted with 1024-bit RSA key, ID 610BD9AD, created 1997-09-09 "Bill Wohler <firstname.lastname@example.org>" gpg: public key decryption failed: bad passphrase [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_FAILED gpg: decryption failed: secret key not available [GNUPG:] END_DECRYPTION gpg exited abnormally: '2'
The appearance of the buttons is controlled by the faces
mh-show-pgg-unknown depending on the validity of the signature.
The latter is used whether the signature is unknown or untrusted.
The ‘pgg’ customization group may have some settings which may interest you. See The PGG Manual.
This feature depends on post-5.10 versions of Gnus. MIME Security with OpenPGP is documented in RFC 3156. However, MH-E can also decrypt old-style PGP messages that are not in MIME format.
Unfortunately in the current version, the validation process doesn’t display a message so it appears that MH-E has hung. We hope that this will be fixed in the future.