Mutt GPG Signature Tracing

mutt-sigtrace is a wrapper for sigtrace to display signature paths from you to the key which signed an email, automatically, in mutt. It adds the bolded part of the following when viewing a signed email:

[-- PGP output follows (current time: Thu Nov 30 15:04:55 2000) --]
gpg: Signature made Mon Oct 23 13:55:35 2000 EDT using DSA key ID 621CC013
gpg: Good signature from "Werner Koch <>"
gpg:                 aka "Werner Koch <>"
gpg:                 aka "Werner Koch <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: ECAF 7590 EB34 43B5 C7CF  3ACB 6C7E E1B8 621C C013
(cached 0E9FF879 to 621CC013)
6 hop path: 0E9FF879 5AA5BCDF 31B70821 82B7D4BD ED9547ED 0C9857A5 621CC013
0E9FF879 Darxus <>
5AA5BCDF Michael J. Leone <>
31B70821 David L. Coe <>
82B7D4BD Joey Hess <>
ED9547ED Wichert Akkerman <>
0C9857A5 Werner Koch <>
621CC013 Werner Koch <>
[-- End of PGP output --]

To use it

  1. Make sigtrace work.
  2. Make GPG work with mutt.
  3. Tell your .muttrc to use mutt-sigtrace.

Make sigtrace work. Put the following files in your home directory:

gunzip the files ending in ".gz".

Test it by doing:

./ 0E9FF879 621CC013

Make GPG work with mutt.

Tell your .muttrc to use mutt-sigtrace.

By now, you should have a file containing lines similar to the following:

set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
This file is probably called .gpg.rc, located in your home directory, and loaded by "source ~/.gpg.rc" in your .muttrc.

Download to your home directory, and make it executable (chmod u+x mutt-sigtrace). Now modify the "set pgp_decode_command" and "set pgp_verify_command" lines by adding "~/mutt-sigtrace YourID " to the beginning of their values, like so:

set pgp_decode_command="~/ 0E9FF879 gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="~/ 0E9FF879 gpg --no-verbose --batch --output - --verify %s %f"
You must replace my ID (0E9FF879) with your gpg key ID. They come from here:
$ gpg --list-keys
pub  1024D/0E9FF879 2000-09-05 Darxus <>
sub  1024g/2EEAB976 2000-09-05

If you do not download keynames.db, it'll work, but it will only display the following parts:

(cached 0E9FF879 to 621CC013)
6 hop path: 0E9FF879 5AA5BCDF 31B70821 82B7D4BD ED9547ED 0C9857A5 621CC013
Without keynames.db, it will not list the names and email addresses corresponding to each ID.

If you would like to graph the relationships of all the keys in your path cache, email me. It would be rather easy for me to write something to let you do that.

Comment on this page.
Return to the Code Index.
Return to Darxus' Home Page.
Wed Apr 24 15:45:15 EDT 2002