Kuvert is a tool that automatically signs and/or encrypts outgoing email using the PGP/MIME standard (RFC3156), based on the availability of the recipient's key in your keyring.

Kuvert is written in Perl (with one helper in C) and works as a wrapper around your MTA. Kuvert is properly MIME-aware, and works perfectly with all kinds of MIME input; the resulting email will be enclosed in the appropriate security MIME type.

To use kuvert you need to make your MUA run kuvert_mta_wrapper instead of your usual MTA (eg. /usr/lib/sendmail) for submission of emails. The MTA wrapper will put your email into a queue directory of your choice, where the kuvert daemon will pick it up some seconds later.

The daemon will look at the recipient list and your configuration directives to figure out whether to leave the email unchanged, sign or sign and encrypt the email. The basic idea is: If you have a key for the recipient in your keyring, kuvert will encrypt and sign the email, otherwise just sign. The decision behaviour is quite configurable, though.

To sign something on your behalf, kuvert needs access to your passphrase, and as kuvert is an automation tool working with minimal/no user-interaction this means that the passphrase must be stored on your computer somehow, at least temporarily. Other than similar wrappers (eg. premail), kuvert does not store the passphrases on disk but keeps them in memory only; if available, kuvert prefers to store the key passphrases with quintuple-agent which can offer slightly more protection than kuvert itself.

The latest source version (1.1.10) is available here; if you are using Debian you can install kuvert simply by running apt-get install kuvert. Further information can be found on the manpages for kuvert and kuvert_mta_wrapper.

Update (Sat 23.06.2007 14:25):
The newest version of kuvert is now always available as kuvert_current.tar.gz.

[ published on Mon 28.11.2005 11:40 | filed in mystuff/kuvert | ]
Debian Silver Server
© Alexander Zangerl