muacrypt command line docs¶
Note
While the command line tool and its code is automatically tested
against gpg, gpg2, python2 and python3, the sub commands are subject
to change during the 0.x
releases.
The muacrypt
command line tool helps to manage Autocrypt information
for incoming and outgoing mails for one or more accounts. It follows
and implements the Autocrypt spec which defines
header interpretation.
Contents
- muacrypt command line docs
- getting started, playing around
- Using a key from the gpg keyring
- Using separate accounts
- subcommand reference 0.9
- status subcommand
- add-account subcommand
- mod-account subcommand
- del-account subcommand
- process-incoming subcommand
- process-outgoing subcommand
- sendmail subcommand
- test-email subcommand
- make-header subcommand
- export-public-key subcommand
- export-secret-key subcommand
- bot-reply subcommand
- destroy-all subcommand
getting started, playing around¶
After Installation let’s see what sub commands we have:
$ muacrypt
Usage: muacrypt [OPTIONS] COMMAND [ARGS]...
access and manage Autocrypt keys, options, headers.
Options:
--basedir PATH directory where muacrypt state is stored
--version Show the version and exit.
-h, --help Show this message and exit.
Commands:
status print account info and status.
add-account add named account for set of e-mail...
mod-account modify properties of an existing account.
del-account delete an account, its keys and all state.
find-account print matching account for an e-mail address.
process-incoming parse Autocrypt info from stdin message if it...
scandir-incoming scan directory for new incoming messages and...
import-public-key import public key data as an Autocrypt key.
peerstate print current autocrypt state information...
recommend print Autocrypt UI recommendation for target...
process-outgoing add Autocrypt header for outgoing mail if the...
sendmail as process-outgoing but submit to sendmail...
make-header print Autocrypt header for an emailadr.
export-public-key print public key of own or peer account.
export-secret-key print secret key of own account.
bot-reply reply to stdin mail as a bot.
destroy-all destroy all muacrypt state.
For getting started we need to add a new Account:
$ muacrypt add-account
account added: 'default'
account: 'default'
email_regex: .*
gpgmode: own [home: /tmp/home/.config/muacrypt/gpg/default]
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: nopreference
own-keyhandle: C40A50563C73AD76
^^ uid: <6403c471d4d440cc83e568e6e4a245b7@random.muacrypt.org>
This created a default account which contains a new secret key and a few settings.
Note
If you rather want muacrypt to use your system keyring so that all own and all incoming keys will be stored there, see syskeyring.
Let’s check out account info again with the status
subcommand:
$ muacrypt status
account-dir: /tmp/home/.config/muacrypt
account: 'default'
email_regex: .*
gpgmode: own [home: /tmp/home/.config/muacrypt/gpg/default]
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: nopreference
own-keyhandle: C40A50563C73AD76
^^ uid: <6403c471d4d440cc83e568e6e4a245b7@random.muacrypt.org>
This shows our own keyhandle of our Autocrypt OpenPGP key.
Let’s generate a static email Autocrypt header which
you could add to your email configuration (substitute
a@example.org
with your email address):
$ muacrypt make-header a@example.org
Autocrypt: addr=a@example.org; keydata=
mQGNBFvwXEwBDADTp/7odJiF7Gm8oKvddUl07QM17qzE8HoMwbYIhFQY9y5Qvi/OOyii1zZz35AH2P
BaMn0/IrnBknK9JM2klr9qPLKletEDQFs/WrvWekkbFt8CEO4FMJviOY4kCvv5sot462l5lkLh03qs
r+iURR0jhLJAgb3q8DljPNkIM/1vW3CP5PYyMIBSakzK8J3N3TFfOJnlw6w0sd2M5+DVm8piesWItX
OxDViNUS6x/0uET2ObrhSw0W7V/j0+/55WMmCxvLz0FBBbDz6nKrPToQtdm+B28azinrsyw0FMt7Q0
Uw4ogiI9SXygrGZI2IsNWp1JSzeRuVGLZ5dyBCPn+3R2eg//7EK21LGTqpFTSAe0pGOW+N0D6aVI07
Xb/gpcx7ZFSLycVIsV7dfI+Er3FDVS29zkDQ9SHMTiOxLZYEuA7yF5UXjeZVZVGp+mAdZBZtyAihT5
0ZI4TRo9PVL93eS9WfnNlAct9L0k5x11zzr4v/IT9NGj/E+DFCUTqq2v2F8AEQEAAbQ3IDw2NDAzYz
Q3MWQ0ZDQ0MGNjODNlNTY4ZTZlNGEyNDViN0ByYW5kb20ubXVhY3J5cHQub3JnPokBuAQTAQIAIgUC
W/BcTAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQxApQVjxzrXanfwv9Fce3thhG+NnOht
mruC0zVld73FFyUwuY1lDRPK0l8J2mRrIiXi+yB5OVtd1jAmpSz9KYaDTtIjRtAAARQB7/7wbXUTkV
WDwLn1DRPWyHEeraiCeFvU3fIzQb+KoDr2SfNb+fZC0BVWxBBuesHFFXhBdAY0P49nMuKZq3MvmZxS
oFTqaVO/9590smS6D3G1bTIW1RhQSo6nPc7VsMRcH4o/6vsx8vl9NJmTaPWASPk45EMAEjKmFAMQiy
DjFkaduqiDDVsupDEIoSJ2DdexlOi/PmxBBoxIkc31jPzNLd99LGZL26ghCtoEt8ruUeH2ZIY22fS+
9DEfpH379wcai8U9W6KvcDUO9KtA0cW1OQOQ97P/2uL9KynY8JbrIrTjncgoA0C/0IMR/TF16F4aSa
ho4OA/LYwvzM2+0cH5vqc40LKT0av2FUGt0lgNcx8vfmJgDBRzJGacJQ6EovrOgxuqDx6pfR0ZE4f0
jbMtEJT744oqgT8MNIHCV5IT4b1qjeuQGNBFvwXEwBDACzmQrMrP6DAMlUJHFtuD3jLyz+ihZRerwZ
scKEnnnpYLo5EAUE1SEwVWYub6LtlSZMxeTTAh2VlEvHgh/C8AwYoIw37QYN4zNU8/eh/wTZ76LRiz
qMuZBX1U6aoe/sKPOzgzjG9V9Pg2RBLpznFFL2VDY8eD9IFClolleaIIHKYyA2ZDM9Pqv4CIswH6W6
xiNoIh6Sno4wqwBT8paOMVI0g3HcP2d0gFjXO+xBVaILyh/efickcZqpKZeavw3VHKEPOLpRYrE/9L
VdPUXWFjechHlbHh/cZtIFIMSz05T/O1ydqkAp0HHRyss+VXL8t4NpHumtpdCm7t/Qybgl3XaR14tC
7bDI2pGq37VzMN3s+wZFTpvBodEiatkpjTYwQykYKM+NF77D9UQpkdyivKllXe0UkePhou8oPIhq1D
OlEa3xKsq3Hq1WQXgYNLqsA5vK+iAqAPbqBFZDM5j+PWkt4/EwnJaYe4r23BDpLkPxImFIZR5O6up2
fq/rbgIuHdcAEQEAAYkBnwQYAQIACQUCW/BcTAIbDAAKCRDEClBWPHOtdnS6DACal+GH6/znjRpswG
W4NxwMeW0W7s1bEBGva4frFRi12J6Hl95v5gVTgrlPzsCaOO8vYAcLI5fqbu+UsgH40DYjr0YYNIhq
SrLCKudIW6i69NTj6En48pnieaOFS+HrkV7RSYEh6Vtb//2ESIZ0LXV3El/Zk/MBTFuo5S6ltqBdYG
+0CKluXCf7ipYS1iBb0OGY4whOt6nrgSUtQwKC7JRe3Hq4tlpn8tu4Q8kMdzhMcVBa2QWDJp6WyFhg
2iXtqFIPkgaBkQPsxLbrolWEFKXIeJRMyNIV1RB1jJ8WHGextYuOhyK5ysF/ZYG0SmoXiXliwiAIvi
bs9GW7Vs6tyxljnzo6RmlJoEZvW926bH4j0V1JgDxpcfK0UpyIEU3FhEYsg6eArZi8UnCt6GjyMRRC
0Mt9DlPAbjxkGfl2NTRhiQXS5SDp7zAJKtLJaRtCWNRfsXlTpd2IwocCxlZi7OsmgQ5G3hC3gQfRf9
vaqA8jX+X6sHJwL2UnDD2jGgSQq9Y=
Getting our own public encryption key in armored format:
$ muacrypt export-public-key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQGNBFvwXEwBDADTp/7odJiF7Gm8oKvddUl07QM17qzE8HoMwbYIhFQY9y5Qvi/O
Oyii1zZz35AH2PBaMn0/IrnBknK9JM2klr9qPLKletEDQFs/WrvWekkbFt8CEO4F
MJviOY4kCvv5sot462l5lkLh03qsr+iURR0jhLJAgb3q8DljPNkIM/1vW3CP5PYy
MIBSakzK8J3N3TFfOJnlw6w0sd2M5+DVm8piesWItXOxDViNUS6x/0uET2ObrhSw
0W7V/j0+/55WMmCxvLz0FBBbDz6nKrPToQtdm+B28azinrsyw0FMt7Q0Uw4ogiI9
SXygrGZI2IsNWp1JSzeRuVGLZ5dyBCPn+3R2eg//7EK21LGTqpFTSAe0pGOW+N0D
6aVI07Xb/gpcx7ZFSLycVIsV7dfI+Er3FDVS29zkDQ9SHMTiOxLZYEuA7yF5UXje
ZVZVGp+mAdZBZtyAihT50ZI4TRo9PVL93eS9WfnNlAct9L0k5x11zzr4v/IT9NGj
/E+DFCUTqq2v2F8AEQEAAbQ3IDw2NDAzYzQ3MWQ0ZDQ0MGNjODNlNTY4ZTZlNGEy
NDViN0ByYW5kb20ubXVhY3J5cHQub3JnPokBuAQTAQIAIgUCW/BcTAIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AACgkQxApQVjxzrXanfwv9Fce3thhG+NnOhtmr
uC0zVld73FFyUwuY1lDRPK0l8J2mRrIiXi+yB5OVtd1jAmpSz9KYaDTtIjRtAAAR
QB7/7wbXUTkVWDwLn1DRPWyHEeraiCeFvU3fIzQb+KoDr2SfNb+fZC0BVWxBBues
HFFXhBdAY0P49nMuKZq3MvmZxSoFTqaVO/9590smS6D3G1bTIW1RhQSo6nPc7VsM
RcH4o/6vsx8vl9NJmTaPWASPk45EMAEjKmFAMQiyDjFkaduqiDDVsupDEIoSJ2Dd
exlOi/PmxBBoxIkc31jPzNLd99LGZL26ghCtoEt8ruUeH2ZIY22fS+9DEfpH379w
cai8U9W6KvcDUO9KtA0cW1OQOQ97P/2uL9KynY8JbrIrTjncgoA0C/0IMR/TF16F
4aSaho4OA/LYwvzM2+0cH5vqc40LKT0av2FUGt0lgNcx8vfmJgDBRzJGacJQ6Eov
rOgxuqDx6pfR0ZE4f0jbMtEJT744oqgT8MNIHCV5IT4b1qjeuQGNBFvwXEwBDACz
mQrMrP6DAMlUJHFtuD3jLyz+ihZRerwZscKEnnnpYLo5EAUE1SEwVWYub6LtlSZM
xeTTAh2VlEvHgh/C8AwYoIw37QYN4zNU8/eh/wTZ76LRizqMuZBX1U6aoe/sKPOz
gzjG9V9Pg2RBLpznFFL2VDY8eD9IFClolleaIIHKYyA2ZDM9Pqv4CIswH6W6xiNo
Ih6Sno4wqwBT8paOMVI0g3HcP2d0gFjXO+xBVaILyh/efickcZqpKZeavw3VHKEP
OLpRYrE/9LVdPUXWFjechHlbHh/cZtIFIMSz05T/O1ydqkAp0HHRyss+VXL8t4Np
HumtpdCm7t/Qybgl3XaR14tC7bDI2pGq37VzMN3s+wZFTpvBodEiatkpjTYwQykY
KM+NF77D9UQpkdyivKllXe0UkePhou8oPIhq1DOlEa3xKsq3Hq1WQXgYNLqsA5vK
+iAqAPbqBFZDM5j+PWkt4/EwnJaYe4r23BDpLkPxImFIZR5O6up2fq/rbgIuHdcA
EQEAAYkBnwQYAQIACQUCW/BcTAIbDAAKCRDEClBWPHOtdnS6DACal+GH6/znjRps
wGW4NxwMeW0W7s1bEBGva4frFRi12J6Hl95v5gVTgrlPzsCaOO8vYAcLI5fqbu+U
sgH40DYjr0YYNIhqSrLCKudIW6i69NTj6En48pnieaOFS+HrkV7RSYEh6Vtb//2E
SIZ0LXV3El/Zk/MBTFuo5S6ltqBdYG+0CKluXCf7ipYS1iBb0OGY4whOt6nrgSUt
QwKC7JRe3Hq4tlpn8tu4Q8kMdzhMcVBa2QWDJp6WyFhg2iXtqFIPkgaBkQPsxLbr
olWEFKXIeJRMyNIV1RB1jJ8WHGextYuOhyK5ysF/ZYG0SmoXiXliwiAIvibs9GW7
Vs6tyxljnzo6RmlJoEZvW926bH4j0V1JgDxpcfK0UpyIEU3FhEYsg6eArZi8UnCt
6GjyMRRC0Mt9DlPAbjxkGfl2NTRhiQXS5SDp7zAJKtLJaRtCWNRfsXlTpd2IwocC
xlZi7OsmgQ5G3hC3gQfRf9vaqA8jX+X6sHJwL2UnDD2jGgSQq9Y=
=RI6m
-----END PGP PUBLIC KEY BLOCK-----
Using a key from the gpg keyring¶
If you want to use autocrypt with an existing mail setup you can initialize by specifying an existing key in your system gpg or gpg2 key ring. To present a fully self-contained example let’s create a standard autocrypt key with gpg:
# content of autocrypt_key.spec
Key-Type: RSA
Key-Length: 3072
Key-Usage: sign
Subkey-Type: RSA
Subkey-Length: 3072
Subkey-Usage: encrypt
Name-Email: test@autocrypt.org
Expire-Date: 0
Let’s run gpg to create this Autocrypt type 1 key:
$ gpg --batch --gen-key autocrypt_key.spec
gpg: keyring `/tmp/home/.gnupg/secring.gpg' created
gpg: keyring `/tmp/home/.gnupg/pubring.gpg' created
......+++++
.....+++++
.+++++
.+++++
gpg: /tmp/home/.gnupg/trustdb.gpg: trustdb created
gpg: key 2436BADE marked as ultimately trusted
We now have a key generated in the system key ring and
can initialize autocrypt using this key. First, for our
playing purposes, we delete the current default
account:
$ muacrypt del-account
account deleted: 'default'
account-dir: /tmp/home/.config/muacrypt
no accounts configured
and then we add a new default account tied to the key we want to use from the system keyring:
$ muacrypt add-account --use-system-keyring --use-key test@autocrypt.org
account added: 'default'
account: 'default'
email_regex: .*
gpgmode: system
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: nopreference
own-keyhandle: DD1E25BE2436BADE
^^ uid: <test@autocrypt.org>
Success! We have an initialized autocrypt account with an identity
which keeps both our secret and the Autocrypt keys from incoming mails in
the system key ring. Note that we created a identity which matches
all mail address (.*
) you might receive mail for or from which you might
send mail out. If you rather use aliases or read different accounts
from the same folder you may want to look ingo accounts.
Using separate accounts¶
You may want to create separate accounts:
- if you receive mails to alias email addresses in the same folder and want to keep them separate, unlinkable for people who read your mails
- if you read mails from multiple sources in the same folder and want to have Autocrypt help you manage identity separation instead of tweaking your Mail program’s config to deal with different Autocrypt accounts.
You can manage accounts in a fine-grained manner. Each account:
- is defined by a name, a regular expression for matching mail addresses and an encryption private/public key pair and prefer-encrypt settings.
- updates Autocrypt peer state from incoming mails
if its regex matches the
Delivered-To
address. - adds Autocrypt headers to outgoing mails if its regex matches the “From” header.
In order to manage an account in a fine grained manner let’s
start from scratch and delete all muacrypt
state:
$ muacrypt destroy-all --yes
deleting directory: /tmp/home/.config/muacrypt
Let’s add a new “home” account:
$ muacrypt add-account -a home --email-regex '(alice|wonder)@testsuite.autocrypt.org'
account added: 'home'
account: 'home'
email_regex: (alice|wonder)@testsuite.autocrypt.org
gpgmode: own [home: /tmp/home/.config/muacrypt/gpg/home]
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: nopreference
own-keyhandle: 51581EF4DD1A3DC1
^^ uid: <151aaad143584c91b29a8b4b3aaf3377@random.muacrypt.org>
This creates an decryption/encryption key pair and ties it to the name
home
and a regular expression which matches both
alice@testsuite.autocrypt.org
and wonder@testsuite.autocrypt.org
.
And now let’s create an office
account:
$ muacrypt add-account -a office --email-regex='alice@office.example.org'
account added: 'office'
account: 'office'
email_regex: alice@office.example.org
gpgmode: own [home: /tmp/home/.config/muacrypt/gpg/office]
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: nopreference
own-keyhandle: 054E04470D75CE6E
^^ uid: <49fb9c1db86f4b7ea2c23a1fd5f03fbf@random.muacrypt.org>
We have now configured two accounts. Let’s test if muacrypt matches
our office
address correctly:
$ muacrypt find-account alice@office.example.org
office
and let’s check if muacrypt matches our home
address as well:
$ muacrypt find-account wonder@testsuite.autocrypt.org
home
Looks good. Let’s modify our home
account to signal to our peers
that we prefer receiving encrypted mails:
$ muacrypt mod-account -a home --prefer-encrypt=mutual
account modified: 'home'
account: 'home'
email_regex: (alice|wonder)@testsuite.autocrypt.org
gpgmode: own [home: /tmp/home/.config/muacrypt/gpg/home]
gpgbin: gpg [currently resolves to: /usr/bin/gpg]
prefer-encrypt: mutual
own-keyhandle: 51581EF4DD1A3DC1
^^ uid: <151aaad143584c91b29a8b4b3aaf3377@random.muacrypt.org>
This new prefer-encrypt: mutual
setting tells our peers that we prefer
to receive encrypted mails. This setting will cause processing of
outgoing mails from the home address to add a header indicating that we
want to receive encrypted mails if the other side also wants encrypted mails.
We can check the setting works with the make-header subcommand:
$ muacrypt make-header wonder@testsuite.autocrypt.org
Autocrypt: addr=wonder@testsuite.autocrypt.org; prefer-encrypt=mutual; keydata=
mQGNBFvwXFoBDACulxiA0CAOqxTb0h+hME/hgrXd6jZnA/A8f55F2Qw+q8surWZb/tPqpKepOXI3S+
V0V8zht/08AGcQNdAG3xR7W87GVyZpxF6vAvQAn96s8jNJ8KiG/UNrIwIJ6rAb9Anj5ouHFaq1Wbn1
HF/1sqUQnbiw1rztOE2wgmc8ld5aG3WFsDVvf9eefQK0ryIC34Irh5/KsCCRTNPqkPQIVp5uBqJc3y
KlHCArVoyEQLv3g4D1gNQzXF4VVtOMb6WYqR5dTdpqrfm8Karq+lv5jl4szynj9YUL8P7QHWJNr2Om
AnVdix9Ju/G0pctlsntlO4k1t4TZM4M4WRg91PeiJN1IhghleCMh8A1VAFkP89uiWzIBucEyZedHY0
2AnN3Q9hbBNphFzntetQg+Hby3R61cRE2tDAs0i1QzdV7EJEYAphvBcxYx1Dd3X2KxTljTaPUTbicj
ChcNh8aMv49wVU+TfunGQKFLAxuoBsbKHrVdgpgDHM8txHaMjyPJiVoUyPEAEQEAAbQ3IDwxNTFhYW
FkMTQzNTg0YzkxYjI5YThiNGIzYWFmMzM3N0ByYW5kb20ubXVhY3J5cHQub3JnPokBuAQTAQIAIgUC
W/BcWgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQUVge9N0aPcEF4wv/TbgwfNbhbjNk6i
ivbbDRAohW3XERUodvOuCwAj2PvxrDI6Rd5h7JpO6YebpciMw9I+K8iKig7OUwSyygbB2zZlNqotQX
mroYG1tv9i54a6J14SXf6eW5glNOc7RgrDCWneK/yoSo0pLIrFGjpnc1RzRlNTAnaSlyKct1UbWCUp
R4jj0CAL0xMKT///Q3VcLracsbogYOYI0V5Cf1ih6d4fjfd72zB7a1k2UvQifKut1ZQUPUtf8P2S6V
Re8RbaZSp7OI5iknZqVjpV3bXPTauI1dLpAd+n2qoAzhbsFHX7hxYfUdHyALkU5r3xaixYA+bZojh6
rpcLF0MjUTexWubuj32u3GShUOJA+2XetIRPz/Yqp0hTsDsMMUpMAYaIqtSXcCnzcFNK92Xy5ro80j
ESBcWztz2iBvmLVj83VaEe56oupROtff9Cyh0QDELZ3trHs/s3x0cWSkbG2sQ5disgDjH4pOVR6wrt
wGeYZDW/uAeM+gUknG29sC9WdknyGLuQGNBFvwXFoBDADZPQFBDP2qyPyoq1HhUK/oTjylDR05Slrf
JE7VvQkKfejwQk52oolsCX82ixh6fuEA9sHmv++8IL/JpfHZuP0teYHSfgeWC41v9atyEj2ZF1soHn
uDwxgvy7CGwHx9nw/zYBaigPGSd1Q1gAZz4XAU8tc37GLa7eRwQKkMh6YH5spUZid5qtPlRSJ/SU5s
x/J2Q0/7kExLB90F2h+j//ataCQNLnLk2ypFbre9rJwXLgLwL8Bcgt0y5oEMgBqFG57iwj9iZberYK
DX/qx5Xm92A/JszUNJOSDODOrkThILhcizlxFtEnaTK1A3mL5dQlKaoO9kHbUiCSzihTVJgkFrbi+E
/otooTIDDeqFLx+mRsPEFyRP4r5GiqkUJnduxJsC5W78XtphlEyX71avZQfgK/MFL1i4v3i8geFtBA
hrlNdqTJH6o/3OuBxt6wfKV6BIWmdHxL+doRkj4TLlDJ8h9rVJILoIxsjNrkMvI28kPw4euXcWA+XJ
C6lTyCzWNBEAEQEAAYkBnwQYAQIACQUCW/BcWgIbDAAKCRBRWB703Ro9wbXgDACWxBRljSpPH36C1F
J+K0IGRn1x0ZTw3rAacSKa0hf0goaOl9/pXAwc1LUOW9c9Mwxcv5HYHTi8E3ENQEqakQIsAnsPoRne
ubgQP8oLGzQJqQ5Y1iC3YRSAYwvhBxLXgWRp429llzEOVw+beXpzrreQ6Wxag6IdOAT/PDQkARnQ8u
qN59X62WxH2dAM/vQMO8IiXp5FbAZWVtYU6aDLtgrJAFxbifiUEqnaSAcr4otZ3oUEVzmY7oPsAUkr
cRAM7fEX3sxckeL20K+Q9ddLFPG/Uazwz0ZhNb8o8GcwsmK766QQOx/BL/7R20lD2D9uDdBCF8jQM2
oSET5uSsd0Fu7JQT5QigAlQ6s6ntTYhkk6N7+gMm2XIsKYN7sJfANv2QVwt2+dT35I/wjCumA6PQTn
H7MY7QNR6BGRwUOn4uHmEbSzdV+ZS4yLcda2V09uKoy0y/osDLacYhmygzH8Vo/FcGVZsycyMHjOTE
3q7l0UHBVGfAwx+uT1W8vkOafaFKg=
When you pipe a message with a From-address matching Alice’s home addresses into
the process-outgoing subcommand then it will add this header. By using the sendmail
subcommand (as a substitute for unix’s sendmail program) you can cause
the resulting mail to be delivered via the /usr/sbin/sendmail
program.
subcommand reference 0.9¶
status subcommand¶
Usage: muacrypt status [OPTIONS] [ACCOUNT_NAME]
print account info and status.
Options:
-h, --help Show this message and exit.
add-account subcommand¶
Usage: muacrypt add-account [OPTIONS] ACCOUNT_NAME
add a named account.
An account requires an account_name which is used to show, modify and
delete it.
Of primary importance is the "email_regex" which you typically set to a
plain email address. It is used when incoming or outgoing mails need to
be associated with this account.
Instead of generating an Autocrypt-compliant key (the default operation)
you may specify an existing key with --use-key=keyhandle where keyhandle
may be something for which gpg finds it with 'gpg --list-secret-keys
keyhandle'. Typically you will then also specify --use-system-keyring to
make use of your existing keys. All incoming muacrypt keys will thus be
statesd in the system key ring instead of an own keyring.
Options:
--use-key KEYHANDLE use specified secret key which must be findable
through the specified keyhandle (e.g. email, keyid,
fingerprint)
--use-system-keyring use system keyring for all secret/public keys instead
of storing keyring state inside our account directory.
--gpgbin FILENAME use specified gpg filename. If it is a simple name it
is looked up on demand through the system's PATH.
--email-regex TEXT regex for matching all email addresses belonging to
this account.
-h, --help Show this message and exit.
mod-account subcommand¶
Usage: muacrypt mod-account [OPTIONS] ACCOUNT_NAME
modify properties of an existing account.
Any specified option replaces the existing one.
Options:
--use-key KEYHANDLE use specified secret key which must be
findable through the specified keyhandle
(e.g. email, keyid, fingerprint)
--gpgbin FILENAME use specified gpg filename. If it is a
simple name it is looked up on demand
through the system's PATH.
--email-regex TEXT regex for matching all email addresses
belonging to this account.
--prefer-encrypt ]
modify prefer-encrypt setting, default is to
not change it.
-h, --help Show this message and exit.
del-account subcommand¶
Usage: muacrypt del-account [OPTIONS] ACCOUNT_NAME
delete an account, its keys and all state.
Make sure you have a backup of your whole account directory first.
Options:
-h, --help Show this message and exit.
process-incoming subcommand¶
Usage: muacrypt process-incoming [OPTIONS]
parse Autocrypt headers from stdin mail.
Options:
-h, --help Show this message and exit.
process-outgoing subcommand¶
Usage: muacrypt process-outgoing [OPTIONS]
add Autocrypt header for outgoing mail.
We process mail from stdin by adding an Autocrypt header and send the
resulting message to stdout. If the mail from stdin contains an Autocrypt
header we keep it for the outgoing message and do not add one.
Options:
-h, --help Show this message and exit.
sendmail subcommand¶
Usage: muacrypt sendmail [OPTIONS] [ARGS]...
as process-outgoing but submit to sendmail binary.
Processes mail from stdin by adding an Autocrypt header and pipes the
resulting message to the "sendmail" program. If the mail from stdin
contains an Autocrypt header we use it for the outgoing message and do not
add one.
Note that unknown options and all arguments are passed through to the
"sendmail" program.
Options:
-h, --help Show this message and exit.
test-email subcommand¶
Usage: muacrypt test-email [OPTIONS] EMAILADR
test which account an email belongs to.
Fail if no account matches.
Options:
-h, --help Show this message and exit.
make-header subcommand¶
Usage: muacrypt make-header [OPTIONS] EMAILADR
print Autocrypt header for an emailadr.
Options:
-h, --help Show this message and exit.
export-public-key subcommand¶
Usage: muacrypt export-public-key [OPTIONS] [KEYHANDLE_OR_EMAIL]
print public key of own or peer account.
Options:
-a, --account name perform lookup through this account
-h, --help Show this message and exit.
export-secret-key subcommand¶
Usage: muacrypt export-secret-key [OPTIONS]
print secret key of own account.
Options:
-a, --account name perform lookup through this account
-h, --help Show this message and exit.
bot-reply subcommand¶
Usage: muacrypt bot-reply [OPTIONS]
reply to stdin mail as a bot.
This command will generate a reply message and send it to stdout by
default. The reply message contains an Autocrypt header and details of
what was found and understood from the incoming mail.
Options:
--smtp host,port host and port where the reply should be instead of
to stdout.
--fallback-delivto TEXT assume delivery to the specified email address if
no delivered-to header is found.
-h, --help Show this message and exit.
destroy-all subcommand¶
Usage: muacrypt destroy-all [OPTIONS]
destroy all muacrypt state.
By default this command creates account(s) state in a directory with a
default "catch-all" account which matches all email addresses and uses
default settings. If you want to have more fine-grained control (which
gpg binary to use, which existing key to use, if to use an existing system
key ring ...) specify "--no-account".
Options:
--yes needs to be specified to actually destroy
-h, --help Show this message and exit.