summaryrefslogtreecommitdiff
path: root/docs/source/usage/crypto.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/usage/crypto.rst')
-rw-r--r--docs/source/usage/crypto.rst41
1 files changed, 41 insertions, 0 deletions
diff --git a/docs/source/usage/crypto.rst b/docs/source/usage/crypto.rst
new file mode 100644
index 00000000..6cee7753
--- /dev/null
+++ b/docs/source/usage/crypto.rst
@@ -0,0 +1,41 @@
+Cryptography
+============
+
+Alot has built in support for constructing signed and/or encrypted mails
+according to PGP/MIME (:rfc:`3156`, :rfc:`3156`) via gnupg.
+It does however rely on a running `gpg-agent` to handle password entries.
+
+.. note:: You need to have `gpg-agent` running to use GPG with alot!
+
+ `gpg-agent` will handle passphrase entry in a secure and configurable way, and it will cache your
+ passphrase for some time so you don’t have to enter it over and over again. For details on how to
+ set this up we refer to `gnupg's manual <http://www.gnupg.org/documentation/manuals/gnupg/>`_.
+
+.. rubric:: Signing outgoing emails
+
+You can use the commands :ref:`sign <cmd.envelope.sign>`,
+:ref:`unsign <cmd.envelope.unsign>` and
+:ref:`togglesign <cmd.envelope.togglesign>` in envelope mode
+to determine if you want this mail signed and if so, which key to use.
+To specify the key to use you may pass a hint string as argument to
+the `sign` or `togglesign` command. This hint would typically
+be a fingerprint or an email address associated (by gnupg) with a key.
+
+Signing (and hence passwd entry) will be done at most once shortly before
+a mail is sent.
+
+In case no key is specified, alot will leave the selection of a suitable key to gnupg
+so you can influence that by setting the `default-key` option in :file:`~/.gnupg/gpg.conf`
+accordingly.
+
+You can set the default to-sign bit and the key to use for each :ref:`account <config.accounts>`
+individually using the options :ref:`sign_by_default <sign-by-default>` and :ref:`gpg_key <gpg-key>`.
+
+.. rubric:: Encrypt outgoing emails
+
+You can use the commands :ref:`encrypt <cmd.envelope.encrypt>`,
+:ref:`unencrypt <cmd.envelope.unencrypt>` and
+and :ref:`toggleencrypt <cmd.envelope.toggleencrypt>` and
+in envelope mode to ask alot to encrypt the mail before sending.
+The :ref:`encrypt <cmd.envelope.encrypt>` command accepts an optional
+hint string as argument to determine the key of the recipient.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-15 02:07:41 +0000