Force PGP in Neomutt

neomutt logo

I recently started experimenting with PGP (Pretty Good Privacy) encryption over email with the neomutt mail client. I used this tutorial to get started, but I've encountered a problem I've seen no discussion on.

The Problem

(neo)mutt is very good at obeying mimetype standards, but other programs not so much. Incoming mail sent with PGP encryption which doesn't have the proper mime encoding isn't automatically recognized and decrypted by neomutt

Encrypted Mail

You could manually pipe the message to gpg --decrypt but this feels clunky. I have found a better way to force the email to be decrypted directly in neomutt. It's simple.

Notes

My instructions below use standard shortcut keys, but here are the relevant actions incase it helps you.

  • 'e' does exec edit-or-view-raw-message

  • ^E does exec edit-type

Permanent Decryption

In this method, the mail will remain permanently recognized as PGP, and therefore always decrypted in neomutt.

  1. With the mail highlighted or open, press e to edit the message
  2. look for the Content-Type header. Ensure it is not multipart.
    • If it is, then look for another Content-Type header that has encrypted data
  3. change the Content-Type to application/pgp-keys

The mail will now be decrypted permanently in neomutt.

Permanent decryption doesn't decrypt the stored file itself (but you can do that with <decode-copy> and <decode-save>

You can change the Content-Type back at any time to view the original content.

Temporary Decryption

In this method, the mail will be decrypted for as long as you remain in the mailbox

  1. With the mail highlighted or open, press ^E.
  2. Ensure the Content-Type is not multipart.
    • If it is, then go to attachments and find the one you want to decrypt. Press ^E
  3. set the Content-Type to application/pgp-keys

The mail will now be decrypted in-app until the mailbox is closed.

Decrypted Mail

That's it! Let me know if you enjoyed this or found an even better way!