NAME
mimegpg - MIME-GPG utility
SYNOPSIS
mimegpg [-s] [-E] [-e] [-c] [-d] [-p n] {--} {gpg options...}
DESCRIPTION
The mimegpg tool signs, encrypts, or decrypts MIME-formatted E-mail
messages using GnuPG. mimegpg does not contain any encryption code. It
uses the GnuPG utility for all encryption and decryption functions.
The -s option signs an E-mail message. The -E or the -e option encrypts
the E-mail message. Specifying both -E/-e and -s encrypts and signs the
E-mail message in a single step. The -d option decrypts the message.
The -c option checks signatures.
mimegpg works as a filter. It reads an E-mail message from standard
input, which must be a MIME-formatted message. mimegpg signs,
encrypts, and/or decrypts the message; then writes the encrypted,
signed, or decrypted MIME message on standard output.
The standard input to mimegpg must be a MIME E-mail message, with a
"Mime Version: 1.0" header - even if the message does not contain any
attachments. If the message contains any attachments, they are also
signed and/or encrypted, individually.
mimegpg automatically runs GnuPG, with the required options. mimegpg´s
options may also be followed by a single -- option; any remaining
command line options are passed as additional options to GnuPG. The
-E/-e option usually requires at least one -r GnuPG option, which may
be specified in this fashion.
The -p option specifies a file descriptor that contains any required
passphrase. Any other valid GnuPG options may follow a double-dash,
"--", as long as it makes sense for this operation (note that mimegpg
automatically adds any GnuPG options that are needed to perform the
given operation). The "--no-tty" option can be useful when mimegpg is
used in a non-interactive mode. As always, secret keys that are
password-protected secret keys cannot be used in the --no-tty mode,
unless the -p option is used.
SIGNING AND ENCRYPTING MESSAGES
Use the -s option to sign MIME message content. Use the -E option to
encrypt it. Use both options to both sign and encrypt. Follow with --,
then any other GnuPG options. The -E option will require at least one
-r GnuPG option.
The -E option encapsulates the message content and all the attachments
into a single encrypted MIME object. Some mail software cannot handle
encapsulated content. The -e option encrypts each attachment
separately, without encapsulation.
If a secret key used for signing is password protected, the prompt to
enter the password will be issued directly by GnuPG. Note that the -s
and the -e (but not -E) options may issue multiple password prompts in
interactive mode. mimegpg runs GnuPG multiple times if the MIME
message contains attachments. GnuPG will be invoked separately for each
attachment in the MIME message, and each invocation will prompt for any
required key password. Note that the initial message headers are not
signed and/or encrypted, except for the MIME headers themselves.
However, any message/rfc822 MIME content - attached messages - are
encrypted/signed in their entirety, headers and content.
DECRYPTING AND CHECKING SIGNATURES
The -d option attempts to decrypt any encrypted content in a MIME
message. The -c option attempts to verify signatures of any signed
content. Both -c and -d can be specified at the same time. -d looks
for any multipart/encrypted MIME content, then attempts to decrypt it.
-c looks for any multipart/signed MIME content, then attempts to verify
the signature.
The -c and -d options replace the multipart/signed and
multipart/encrypted MIME content with a multipart/x-mimepgp section,
that contains an additional attribute called "xpgpstatus". The value of
the attribute is set to the exit code of GnuPG. Succesfully decrypting
the message and/or verifying the signature sets the exit code to 0. A
non-zero exit code indicates that the signature could not be verified,
or the message could not be decrypted.
The first section in this multipart/x-mimepgp is a text/plain section
that contains any messages from GnuPG. The second section is any
decrypted or signed content. mimegpg will include the signed content
even if the signature could not be verified (check xpgpstatus).
Encrypted content that could not be decrypted will not be included
(obviously).
Note - any existing x-mimegpg MIME section will have its content-type
quietly reset to multipart/mixed, in order to avoid confusion (except
when this is what got decrypted).
SEE ALSO
reformime(1)[1].
NOTES
1. reformime(1)
[set $man.base.url.for.relative.links]/reformime.html