[If you know about PGP/MIME, skip to my Pine solution.]
There are two main standards for sending PGP-secured email. The
original, and still most commonly used method (generally called
pgp-inline) involves simply taking the plain-text message body,
giving it to the PGP program (in my case, gpg), and sending that
armored output as the new message body. It's simple, and it doesn't
require much to decode: the mail client (or the user, manually)
just takes the message body and gives it to PGP to decode.
But it does have some side effects. People who don't want to be
bothered with PGP don't really like to see the -----BEGIN
PGP SIGNED MESSAGE----- stuff at the top, or the signature
gibberish at the bottom. And PGP mangles some text to make sure
nothing interferes with its operation (for example, the standard
signature separator, -- , gets replaced with - -- ).
And then there's the issue of attachments. It often makes sense to encrypt, or at least sign attachments. In some ways, it's even more important that attachments are signed than the message text: nobody wants to get a virus because a legitimate attachment was replaced with a trojan horse.
So a solution was developed to use MIME and the newly defined security multipart formats. It has evolved into what we now call PGP/MIME or OpenPGP/MIME, and is defined by RFC 3156. (Curious people who know a bit about MIME and email may want to read the RFC--otherwise, you just need to know that it's a way to make PGP suitable for use with most email extensions.)
(Note: I don't use Pine anymore, now that I have discovered Mutt. So if this solution doesn't work, I'm not likely to have much time to fix it since my mail setup is so much different.)
As it turns out, unfortunately, not every email client supports PGP/MIME. And since basically everybody still uses pgp-inline, there's not always much incentive for this to change. (And there are some, like Ximian Evolution, that support PGP/MIME but absolutely refuse to support the older, yet practically more standard, pgp-inline. But that's outside the scope of this discussion.)
And that brings us back to Pine. Using pinepgp, it's fairly easy to send and receive pgp-inline encoded email. Unfortunately, it's not so easy with PGP/MIME. I don't mind so much not being able to send PGP/MIME encoded email--most everybody can read pgp-inline anyway--but I would like to be able to read any email I might receive.
Searching around online, I found this little gem, pgp-mime-handler.pl.
It was written by David Gümbel, mainly as a filter for the KDE
mail client, KMail.
Unfortunately, Pine's handling of display filters is a bit
different than KMail's--it expects the script's output to be only
body text; pgp-mime-handler.pl actually outputs a
re-encoded MIME message, with the encrypted parts decrypted, and
the output from gpg --verify in addition to the
signature part.
My workaround, though not particularly elegant, is to pipe the raw message text from Pine to a wrapper script, which hands the message to pgp-mime-handler.pl and then puts it all in a temporary mbox-format file in my mail directory.
To do this, you must first make sure that
enable-unix-pipe-cmd, under Advanced Command
Preferences in Pine is checked. Then, download this shell script, name it as you like, put it
somewhere in your $PATH, and make it executable
(chmod 0700 decode). You may need to edit the script
to suit your setup. Of course, you'll also need the
pgp-mime-handler.pl script and its prerequisites, as
explained on David Gümbel's site.
Regarding the Perl script, you'll probably want to edit the
$main::dialog_program variable, as the default uses a
KDE program, kdialog. Comment that one out, and
uncomment the line that uses /usr/bin/dialog.
Now that you've got the scripts set up, start Pine and open up a
PGP/MIME encoded message. Then, hit the | key (it's a
"pipe", keyed by pressing shift+backslash). Press control+W, so
that the status line reads,
Pipe RAW message [number] to
:and then type decode (or whatever you decided to
name the script). The script will do its thing, probably asking you
for a passphrase, and then it will instruct you to look in the
temp mailbox. Now you can go back to your folder list,
open the temp mailbox, and read your now-decrypted
message.
Don't forget to delete the temp mailbox when you're
finished--storing the email unencrypted pretty much defeats the
purpose of PGP encryption. I have an alias in my
.bashrc to do this for me, whenever I exit pine:
alias pine='pine ; rm -f
~/mail/temp'(Unfortunately, that alias eats any arguments--if you need to send arguments to pine, you could use a shell script like this one.)
Now, whenever you get a PGP/MIME encoded email, just pipe it to
the decode script and continue as described above.
It's not the most beautiful solution, but it really beats editing
the raw messages by hand and feeding them to gpg.
I hope you've found this useful; I realize I'm very wordy with my explanations, and maybe not always clear enough. But if you are confused, please feel free to email me, and I'll be glad to provide what additional help I can. And of course, suggestions as to how to make this page more useful, or an easier way to do what's described above, are welcome and much appreciated! (If you don't know my address, just import my public key--gpg will tell you my email address. Alternately, you may use my contact form.)