Kuvert is a tool that automatically signs and/or encrypts outgoing email using the PGP/MIME standard (RFC3156), based on the availability of the recipient's key in your keyring.
Kuvert is written in Perl (with one helper in C) and works as a wrapper around your MTA. Kuvert is properly MIME-aware, and works perfectly with all kinds of MIME input; the resulting email will be enclosed in the appropriate security MIME type.
To use kuvert you need to make your MUA run kuvert_mta_wrapper instead of your usual MTA (eg. /usr/lib/sendmail) for submission of emails. The MTA wrapper will put your email into a queue directory of your choice, where the kuvert daemon will pick it up some seconds later.
The daemon will look at the recipient list and your configuration directives to figure out whether to leave the email unchanged, sign or sign and encrypt the email. The basic idea is: If you have a key for the recipient in your keyring, kuvert will encrypt and sign the email, otherwise just sign. The decision behaviour is quite configurable, though.
To sign something on your behalf, kuvert needs access to your passphrase, and as kuvert is an automation tool working with minimal/no user-interaction this means that the passphrase must be stored on your computer somehow, at least temporarily. Other than similar wrappers (eg. premail), kuvert does not store the passphrases on disk but keeps them in memory only; if available, kuvert prefers to store the key passphrases with quintuple-agent which can offer slightly more protection than kuvert itself.
The latest source version (1.1.10) is
available here; if you
are using Debian you can install kuvert simply by running
apt-get install kuvert. Further information can be found
on the manpages for kuvert and kuvert_mta_wrapper.
