3.30 Security

Gnus is able to verify signed messages or decrypt encrypted messages. The formats that are supported are PGP, PGP/MIME and S/MIME, however you need some external programs to get things to work:

1. To handle PGP and PGP/MIME messages, you have to install an OpenPGP implementation such as GnuPG. The Lisp interface to GnuPG included with Gnus is called PGG (see section `PGG' in PGG Manual), but Mailcrypt and gpg.el are also supported.

2. To handle S/MIME message, you need to install OpenSSL. OpenSSL 0.9.6 or newer is recommended.

More information on how to set things up can be found in the message manual (see section `Security' in Message Manual).

mm-verify-option

Option of verifying signed parts. never, not verify; always, always verify; known, only verify known protocols. Otherwise, ask user.

mm-decrypt-option

Option of decrypting encrypted parts. never, no decryption; always, always decrypt; known, only decrypt known protocols. Otherwise, ask user.

mml1991-use

Symbol indicating elisp interface to OpenPGP implementation for PGP messages. The default is pgg, but mailcrypt and gpg are also supported although deprecated.

mml2015-use

Symbol indicating elisp interface to OpenPGP implementation for PGP/MIME messages. The default is pgg, but mailcrypt and gpg are also supported although deprecated.

Snarfing OpenPGP keys (i.e., importing keys from articles into your key ring) is not supported explicitly through a menu item or command, rather Gnus do detect and label keys as `application/pgp-keys', allowing you to specify whatever action you think is appropriate through the usual MIME infrastructure. You can use a `~/.mailcap' entry (see section `mailcap' in The Emacs MIME Manual) such as the following to import keys using GNU Privacy Guard when you click on the MIME button (see section 4.2 Using MIME).

application/pgp-keys; gpg --import --interactive --verbose; needsterminal

This happens to also be the default action defined in mailcap-mime-data.