Scroll to navigation

MHSIGN(1mh) [mmh-0.4] MHSIGN(1mh)


mhsign - sign or encrypt a message with gnupg


mhsign [-encrypt] [-mime] [-Version] [-help] file


mhsign is a script to simplify signing and encrypting, using gnupg.

mhsign is normally invoked automatically by send. When used directly, the source file, typically an MH draft file, is replaced by the signed or encrypted message. To permit recovery from mistakes, a backup copy of the original file is saved, under the same name with `.orig' appended.

The following options are recognized:

Encrypt to recipients, in addition to signing. The message will also be encrypted to the signing key.
Use the PGP/MIME standard for signing and encrypting. This is automatic if the message is already a multipart MIME message. Otherwise the default is to sign/encrypt in the old-fashioned non-MIME manner, for compatibility with older software. When a message is signed but not encrypted, using the PGP/MIME formatting, any line beginning with ``From '' will be indented, and any trailing spaces will be removed from lines in the message body. This is to ensure maximum compatibility. Where trailing blanks are important (sending patches, for example), it would be wise to use quoted-printable or other MIME encoding for that component.

The signing key is automatically determinded by gnupg, unless the the profile entry Pgpkey defines it. The environment variable MMHPGPKEY has highest precedence and can be used to overrule the key uid temporarily.

For encryption, the public keys of the recipients are taken from the gnupg keyring. To handle exceptions, e.g. recipient addresses that do not match the key uid in the keyring, a file named pgpkeys may be used. It should be located either in the gnupg directory (normally $HOME/.gnupg) or in the mmh directory (normally $HOME/.mmh). If both files exist, the one in the gnupg directory takes precedence.

A sample pgpkeys file:



^$HOME/.gnupg/pgpkeys~^Pubkey exceptions for encrypting
^$HOME/.mmh/pgpkeys~^... alternative location


^Pgpkey:~^To determine the user's signing key


whom(1), send(1), mhpgp(1), gpg(1), hostname(1)






The order of the command line arguments is relevant: Options must come first, the file must be last.

This script uses hostname to get the hostname if it isn't in the address, though hostname isn't specified by POSIX.

2019-01-06 MH.6.8