msmtp gpg encrypted password file

by Jun 25, 2025IT Tips0 comments

https://wiki.debian.org/msmtp <== msmtp setup mentions creating an encrypted password file

But when you try the command you get an error

gpg --encrypt --output=.msmtp-zoho.gpg [email protected] - <<END
ThisIsMySeCrEtPassword
END

# output
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: error retrieving '[email protected]' via WKD: No fingerprint
gpg: [email protected]: skipped: No public key
gpg: [stdin]: encryption failed: No public key

That is because you need to create a private and public key with gpg first. Then the gpg --encrypt ... command above will work without error

# never expire
gpg --batch --passphrase '' \
    --quick-gen-key [email protected] default default \
    never


# output
gpg: revocation certificate stored as '/home/myuser/.gnupg/openpgp-revocs.d/7EdE69E0AF5F609526FD2B3773F7C72852A2127F.rev'

Note the --passphrase '' command creates an empty passphrase so you don't have to enter anything to unlock the gpg private key before it decrypts the encrypted file. Note: This empty passphrase is so you can run msmtp from the command line, which decrypts the Google app password without ever having to enter a password... effectively make the password easy to obtain.

Then you can create the encrypted password file:

gpg --encrypt --output=.msmtp-zoho.gpg [email protected] - <<END
ThisIsMySeCrEtPassword
END
# output
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2028-06-24

Then list your keys

Notice one key has an expiry date and the other is blank (no expiry) where it would say the expiry date

 gpg --list-keys
/home/myuser/.gnupg/pubring.kbx
-----------------------------
pub   ed25519 2025-06-25 [SC] [expires: 2028-06-24]
      4A7560D818581F1D51104EE94F028462EA559950
uid           [ultimate] [email protected]
sub   cv25519 2025-06-25 [E]

pub   ed25519 2025-06-25 [SC]
      7EFE69E0AFCF609526FD2B3773F7C72862A2127F
uid           [ultimate] [email protected]
sub   cv25519 2025-06-25 [E]

Then delete one that you don't want

myuser@tgn-my-vm-test:~$ gpg --delete-secret-and-public-keys 7EFE69E0AFCF609526FD2B3773F7C72862A2127F
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  ed25519/73F7C72862A2127F 2025-06-25 [email protected]

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

pub  ed25519/73F7C72862A2127F 2025-06-25 [email protected]

Delete this key from the keyring? (y/N) y

During the above delete you will be prompted to delete the key twice with a text screen as follows

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.