Hello,
this is going to be a little how-to configure aerc (a console mail client) in your @wpn shell - applies to other shells / mail servers as well, but it will be tailored for @wpn users.
aerc configuration is interactive as soon as you start it for the first time, but it will store your mail password in clear text inside ~/.config/aerc/accounts.conf file. We want instead to use the standard Unix password manager, pass, to encrypt it.
First you need a GPG key, which will be used to encrypt imap/smtp passwords. There are 2 ways:
- Import an existing private key
- Create a new keypair on @wpn and use that
Let's start:
$ gpg-connect-agent /bye # initializes the gpg-agent
If you see the following lines (you should), everything is good.
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
GOTO 1) to import an existing key
GOTO 2) to create a new key
GOTO 3) when 1) or 2) are done
- To import your secret key you have to first copy it from your PC to the server. Use FTP/WEBDAV or SCP: all of them are supported, suit yourself.
$ gpg --import roughnecks_SECRET.asc # import the key named, in this case, "roughnecks_SECRET.asc"
$ gpg --list-secret-keys # verify that your key is there and copy its ID (needed later)
$ gpg --edit-key [key-ID] # see previous step. You have to manage key's trust
type: "trust" # without the quotes
type: "5" # for ultimate trust
type: "save" # to save and exit
Now you can delete your file key, since it's not needed anymore
$ shred -u roughnecks_SECRET.asc # securely delete key file
- To create a new GPG key follow these steps:
$ gpg --full-generate-key
Specify parameters for your key (default are ok); for key expiration date I would recommend from 1 to 2 years, so you'll have to type respectively "1y" or "2y", but feel free to choose by yourself. Next, enter your information: name, email and comment (optional). Last step is to create a passphrase and then the system will generate the keys. List them when done and copy the ID (for later use):
$ gpg --list-keys # list your newly created keys
- Now that GPG keys are set up, we will store our mail password and proceed to configure and start aerc
$ pass init [your-gpg-ID] # the one you copied earlier in any of the steps, 1) or 2)
$ pass insert email/woodpeckersnest.eu/imap # don't modify anything, enter your email password
$ pass insert email/woodpeckersnest.eu/smtp # same as above, don't modify anything, enter your email password
We're going to create aerc's account configuration file now, bear with me.
This is a sample config, for you to edit:
[@wpn]
source = imaps://username@woodpeckersnest.eu
source-cred-cmd = pass show email/woodpeckersnest.eu/imap
outgoing = smtps://username@woodpeckersnest.eu
outgoing-cred-cmd = pass show email/woodpeckersnest.eu/smtp
default = INBOX
from = username <username@woodpeckersnest.eu>
copy-to = Sent
You can personalize [@wpn] with anything you like inside the square brackets (it's your aerc profile's name)
You MUST change every "username" occurrence with your actual email localpart (the part the comes before the @ symbol in your email address, actually the username you registered at @wpn); the first "username" occurrence in the "from" line can be your real name or whatever you want to show to your correspondents, for your contact name, e.g. from = Simone <roughnecks@woodpeckersnest.eu>.
Copy the config you just edited and..
$ mkdir ~/.config/aerc # create a directory for aerc
$ nano ~/.config/aerc/accounts.conf # paste the snippet you copied above to this file, save and exit
$ chmod 600 ~/.config/aerc/accounts.conf # set correct permissions for your accounts file
Now you can finally launch "aerc" and type your GPG passphrase:
$ aerc
YAY, email! 😍
