Mailpile post-installation tutorial

Ver. 2021-03-14 19:15:40 UTC (first preview release: 2020-10-06)   –   Based on Mailpile 1.0.0rc6
GitHub repository:


This tutorial comes with no warranties whatsoever, I'm not a Mailpile expert nor a certified security expert, I've quoted Wikipedia on a few important points and I'm discussing what my own approach is, also mentioning why certain aspects of it actually constitute one of various possible bets about possible attacks.

If reading this document you realize that you can't evaluate this information enough to be able to conclude that it promotes awareness of possible security problems, then you should probably do some research on your own and/or find a knowledgeable person that you can trust.

This tutorial isn't in any way proceeding from the team of Mailpile developers, it's only my best effort to share hopefully useful information while encouraging more persons to use this powerful email client. All evaluations and opinions expressed here are solely mine.


I can not guarantee that I'll be always in condition to update this tutorial in the future, but you can always fork it and improve it.

In a nonessential section below, I mention an optional device to hold keys, to hopefully raise the security level against keys theft. I'm not getting any compensation whatsoever from the maker. Again: I'm just sharing possibly useful info. That device happens to be the one I bought, I can't say anything about any others.

If you want to jump hands-on on Mailpile, at least don't miss:


Why Mailpile is so extremely interesting and what should be kept in mind while starting to use it.


Mailpile is a wonderful email client available for Linux, MacOS and Windows.

I've been using Thunderbird+Enigmail during years by now, but Mailpile has winning features.

One of its most innovative and important characteristics is that it can very quickly search through encrypted emails without having to decrypt them. This breakthrough was implemented by mean of a search index.[1]

Mailpile enables you to easily send and receive encrypted emails (believe it or not, despite all the info and caveats reported here LOL).

It keeps your settings and email messages encrypted in your local storage, optionally also the messages you received unencrypted. You don't need to keep your signatures in separate unencrypted files, easy to read for any intruder.[2]

Mailpile interacts with the servers of your email service providers, copying emails and folders to your local storage.

Optionally, Mailpile removes your emails from the remote servers, not by default (although that would be the philosophy that the project leader recommends to embrace, keep your emails on your computer[3]).

I still need to find clarifications on a few things, I'll mark them with this color and add "[needs clarification]".

Disabling "Leave mail on server" in the email accounts settings[4], my emails are actually disappearing from the remote Inbox folders, although not always at once. I'll see if I can find a way through the GUI or the CLI to:

I can do both things connecting in webmail with a browser (I use Firefox and Vivaldi) or with Thunderbird. [needs clarification]

I understand that the developers had to respect priorities during this certainly huge amount of work, and that not all functionalities are already accessible through the Graphical User Interface (or GUI), nor a full documentation is available. But it's evident that the development has been done with high quality in mind. Just to mention one point: the search engine performance is astonishing.

Open issues

Here's the GitHub page for Mailpile issues. I've read a bunch of them, I think that it is possible that some of the issues which appear to be still open have been resolved through other fixes by now. The current development status looks better hands on than on that page.

Again, I'm using version 1.0.0rc6, which means the 6th candidate to become release 1.0.0.

Non-issues to be aware of

Wish List

I might be adding a few items in the future, but for now this is quite a short list.

In lists of emails

Encryption made easy for non-tech savvies

Mailpile can create and manage encryption keys for you, if you prefer, or it can use your own pre-existent keys.

You can choose whether or not to let Mailpile memorize your keys passphrase, both for keys created by Mailpile and pre-existent keys.

Would it be more secure to type in the keys passphrase when Mailpile requires it once in a while?

That's quite a bet, I don't know if there are more chances that my keystrokes can be recorded at some point or that the encryption with which Mailpile saves my settings gets compromised (or even that a side channel attack grabs my secret keys anyway).[11]

The possibility to use a hardware device to hold your secret keys is mentioned below in this document.


Mailpile's GUI enables you to classify selected messages by a simple mouse-button click. Tags can work in two ways:

Tags can also be nested one inside another. It is an extremely flexible tool to keep your messages organized.

From the CLI, it is also possible to tag and untag emails.
CLI + tags = a powerful mean to classify or trash or immediately delete huge amounts of emails.


The GUI is beautifully designed, keeping functionality in mind. One of Mailpile creators is a real designer.[12]

Easy installation and setup

The installation procedure was very quick and easy on Ubuntu Linux 18.04[13], following the instructions on their website to add their repository.[14]

Multiple email accounts

Mailpile can handle multiple email accounts, I'm not losing this important feature switching from Thunderbird.

If you are not already used to having multiple email accounts in the same client at once, you might end up answering from one account an email you had received into another account.

Hands-on session

Again: I am using Mailpile 1.0.0rc6, which means the 6th candidate to become release 1.0.0.

Here is a basic post installation startup tutorial.

When I started this tutorial, I would have liked to have more emails to test on already, but with Thunderbird I used to remove emails from remote servers. I enthusiastically wanted to make this tutorial anyway, because I know quite a few different groups of persons who would be glad to use Mailpile, for instance a few journalists, and a friend in a humanitarian non-profit organization that was needing something exactly like Mailpile, to make a transition towards better protection of their supporters' privacy and financial data, while staying compatible with their pre-existent email services and being able to search through encrypted emails.

Starting Mailpile

On Linux, I start Mailpile from the terminal window:

image 1
img 1

By default, Mailpile launches my web browser to be used as the Graphical User Interface.[16]

The fact that our web browser is used as the GUI empowers us to have various tabs open and connected to Mailpile at the same time, in order to keep going with various tasks. For instance, I could be preparing an email while searching in others or checking if any new incoming emails need an urgent replay.

Notice the URL: localhost:33411

"localhost" means that the web browser itself is connected to Mailpile which is running locally on my own machine, this browser tab does not connect directly to a remote server.

Mailpile in turn is connecting to the remote servers of my email service providers, if possible, or it is enabling me to work on my emails in local storage, while staying offline.

image 2
img 2

In the terminal window, you'll see that Mailpile also has a Command Line Interface (or just CLI).[17]

This is the command I've used to tell Mailpile "please send now the emails which already are in the Outbox", when I was too impatient to wait during at most 90 seconds, which is the default interval for Mailpile to check if there are any emails in the Outbox:[18]

I can also access the Command Line Interface via the GUI, clicking the Settings and Tools gear icon in the upper right corner and then the <> CLI button. I prefer the terminal window, which gives me more lines visible at the same time. Both ways, however, I can scroll up to see previous output.

This document includes a section showing how to search and export emails or search and delete emails with the Command Line Interface.

image 3
img 3

Now let's go back to the GUI.

First-time setup

I'll choose my preferred language and click the Begin button.

image 4
img 4

I'm asked to type a password. Afterwards, the same password will be necessary to unlock the whole setup with my settings and emails.

It can actually be a passphrase made of various words separated by spaces. Mailpile itself suggests a sequence of words, I prefer to create my own sequence some of which modified from any vocabulary (avoiding obvious substitutions which would be part of hackers' dictionaries anyway), including uppercase and lowercase letters, numbers and special characters. After checking that no smartphone cameras or webcams are around, I write it down on paper first (no cameras around) and type it in afterwards, and keep the paper somewhere safe during the first few days. (The same when I change it.)

But you might have other methods.

Just don't lose or forget it!

image 5
img 5

image 6
img 6

After typing in the same password twice, I'm going to click the Set Mailpile Password button.

And I'm ready to go.

image 7
img 7

image 8
img 8

On my first login, I am guided through the few easy basic setup steps.

image 9
img 9

image 10
img 10

I scroll down...

image 11
img 11

My personal choice here is to change the above defaults as in the next picture, BUT you should read this note before deciding.

image 12
img 12

(Later, I've created a separate Mailpile setup with my GMail accounts (which I'd like to progressively abandon). Mailpile fetched some years of emails. My PC is not too slow for these settings, even with over 46k emails exceeding 14 GB.)

And I'll click the Save Settings button.

You might want to read below about the third setting I'm modifying: Use shared GnuPG keychain for PGP encryption keys

image 13
img 13

image 14
img 14

I'll type in the name I want to be displayed with this email address and the email address itself.

image 15
img 15

And I'll click the Next button.

image 16
img 16

If you lack the time or will to read the following "not essential" section, then read this frame content (but I'd recommend that someday you read the part you are skipping now):

If anything more complicated than "normal"[19] unencrypted emails means no encryption at all for you, then let's choose the easiest way for now, any level of security on your emails is better than none.

  1. Check out this recommendation.
  2. Remember that encrypting doesn't mean that you can be absolutely sure that your messages are and will always be secure.
    GnuPG doesn't support "forward secrecy": if a key is compromised then the secrecy of all past messages encrypted with it is compromised.
    You can periodically revoke secret subkeys (or even preliminary set an expiration date on them) and create new ones, but it's not the same as having different keys for each communication session.
  3. Flip a coin to choose your key type. I may still choose RSA4096 for now, despite RSA Security having been the target of strong accusations of adding backdoors. I may add further encryption levels with other encryption types for important messages.
  4. Let Mailpile create and manage your keys for now.
  5. Click the button and move on to the next step.

This is not essential to use Mailpile

About keys and security – not essential to use Mailpile

Mailpile, just as Thunderbird+Enigmail, can work in combination with GNU Privacy Guard to use all keys in its "keyring" (or "keychain").

We can let Mailpile handle gpg to create keys for us and totally manage them, or we can use gpg from a terminal window to create keys, import keys, export keys, and also encrypt symmetrically or asymmetrically, sign files, sign other persons' keys...

(I didn't plan to put any GnuPG commands in this document, because there are many good tutorials out there, but after mentioning Mailpile in an online<=>air-gapped workflow, I ended up doing so in an appendix.)

Mailpile will be able to use any keys that we might import directly with gpg into its keyring.

Please NOTE that one of the Security and Privacy settings I modified above was Use shared GnuPG keychain for PGP encryption keys and I activated it.

I haven't tested at all what happens with "Off", what follows is pure speculation and that setting might even have another meaning. [needs clarification]

If you do not want to have anything to do directly with GnuPG, you might want to leave that "Off", I don't know if doing so would imply a higher security level. [needs clarification]

I prefer to be able to fully use Mailpile in combination with gpg on the command line.

Besides, in the GitHub page for Mailpile issues, I've seen reports about difficulties to import keys via Mailpile's GUI, while it's trivial to import keys with GnuPG's command line:

gpg --import filename

(Those issues may have been solved by now. [needs clarification])

As for the security level: I prefer to create my own keys apart with GnuPG, I set a stronger passphrase on my keys than Mailpile's current passphrases, alphanumeric instead of numeric-only, and I keep the primary secret key stored apart, I only export secret subkeys and import them into the keychain I actually use. This way, the primary secret key remains valid as a long-term identity key, I can always revoke the secret subkeys, periodically or if I think that they might be compromised, and create new ones.

Unless you really prepare the whole Mailpile+GnuPG setup on some air-gapped machine, this approach might actually turn out to be weaker than leaving it all to Mailpile, because at some point you would have to type the keys passphrase, at least twice, once when importing into the keyring, and once for Mailpile, and you don't know if those keystrokes are being recorded... This is about bets, make yours. If there isn't an option to prepare the whole Mailpile+GnuPG setup on some air-gapped machine (at least for creating keys and moving secret subkeys to a hardware device), then leaving it all to Mailpile might be the best bet after all.

On the other hand, you'll be typing Mailpile's login password anyway, so the encryption on your local storage might also get compromised... well if somebody's "watching over your shoulder", then simply nothing can be kept secure on that machine, unencrypted or decrypted messages will be exposed as well.

Better chances of security would be gained by also encrypting/decrypting exclusively on an air-gapped machine, better if with a supposedly audited Operative System like Tails, especially at the moment of keys generation, to avoid Kleptography.

As for purely brutal force attacks on the local storage encryption, they wouldn't probably be successful for a few more years.
I don't know at the moment what type of encryption it is. [needs clarification]
The current PGP key of Mailpile's developers team is EdDSA, a type of ECC, so maybe the local encryption scheme is also based on ECC. I've quoted something below about that.


I describe below how I handled secret keys for a Yubikey 5 NFC.

Types of keys

Keys can be of different types. Compatibility with Autocrypt mentioned below is "as far as I've read", it could be outdated info (but a few tests are enough to understand that it is a secondary importance matter):

Please share if you have more information to evaluate for this choice.

I may choose RSA4096 as the basic key type associated with an account, considering – and despite – what follows, and considering the recommendations I've found in various tutorials about creating GnuPG keys, one is mentioned in the appendix with examples of usage of GnuPG in a Linux terminal command line.

After reading below about Kleptography, you'll wonder, as I do:

Were the tutorials I've seen made by backdoors creators pushing their trojan horses?
I don't think so,
but the truth is:
I don't know[22]

Let's see what Glenn Greenwald uses[23], I guess he learned from Edward Snowden:[24]

pub   rsa4096/0xA4A928C769CD6E44 2015-01-06 [SCA] [expires: 2021-01-19]
uid                   [ unknown] Glenn Greenwald <>
uid                   [ unknown] Glenn Greenwald <>
uid                   [ unknown] Glenn Greenwald <>
uid                   [ unknown] Glenn Greenwald <>
sub   rsa4096/0x30B33AC842F37B85 2015-01-06 [E] [expires: 2021-03-05]

That's one point for RSA4096.

And another one: Mailpile developers themselves qualify as "strong" the RSA4096 key type in that pull-down menu, meaning that they don't have elements against RSA4096 either (and they seem to know what they are doing, Mailpile can actually use or not use the pre-installed gpg-agent and gpg binary).

Now one point less for EdDSA:

This page tells us that EdDSA is based on elliptic-curve cryptography:
Such encryption, with shorter keys, might be as hard to break as RSA encryption with larger keys... except for quantum computing attacks.

Let's quote from this other page (please visit the page to also read those footnotes):
Elliptic-curve cryptography –

Quantum computing attacks

Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.[43] In comparison, using Shor's algorithm to break the RSA algorithm requires 4098 qubits and 5.2 trillion Toffoli gates for a 2048-bit RSA key, suggesting that ECC is an easier target for quantum computers than RSA. All of these figures vastly exceed any quantum computer that has ever been built, and estimates place the creation of such computers as a decade or more away.[citation needed]

Supersingular Isogeny Diffie–Hellman Key Exchange provides a post-quantum secure form of elliptic curve cryptography by using isogenies to implement Diffie–Hellman key exchanges. This key exchange uses much of the same field arithmetic as existing elliptic curve cryptography and requires computational and transmission overhead similar to many currently used public key systems.[44]

In August 2015, the NSA announced that it planned to transition "in the not distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy."

Higher security: superposing encryption levels

Whatever setup we have chosen now, if in the future we need a higher security level on some emails we can superpose one or more encryption steps.

This is not difficult at all, at least on any Linux-based machine (I can only guess that gpg takes the same command line syntax in Windows). Just check out the appendix on GnuPG, especially this part.

Other communication tools than email

The "encrypt apart and attach or copy&paste" modus operandi opens the possibility to use GnuPG to add secrecy to other communication channels instead of e-mail, e.g. Threema via or Signal via its desktop app (without forgetting that our smartphones are probably the least secure devices around), or maybe Element, which is mentioned in this interesting page on Without forgetting that GnuPG doesn't support forward secrecy.

Keys theft

After plainly stealing my secret keys from storage space, the attacker should crack its encryption. I'm setting strong passphrases, but today's computers are increasingly fast (and keystrokes could be monitored/recorded).

Keeping secret subkeys on a hardware device

DISCLAIMER: I'm not getting any compensation whatsoever from Yubico (alas LOL), I'm just sharing possibly useful info. This device happens to be the one I bought, I can't say anything about any others.

CAVEAT: Keeping secret subkeys on a hardware device is probably pretty good against keys theft and should grant that what's signed with your signing subkey is actually signed by you.

As for secrecy:

So, again, I'm afraid that this is about odds and bets and actually guessing.
And again: letting Mailpile manage your secret keys might also be a good bet after all, or not using a hardware device to keep your keys (lacking certainties, I'm offering a honest analisys, so you can at least evaluate what this is about).

To prevent keys theft, an increased level of security would be a hardware device holding the secret subkeys, hoping that the device has no back doors.
Using a hardware device wouldn't necessarily prevent a side channel attack... or it possibly would on older PCs, provided they're not phisically exposed to anybody else but the owner.

Personally, after reading plenty of articles and posts in forums about discoveries of vulnerabilities apparently built in on purpose, I tend to think that the most recent is the hardware you buy from certain brands the most likely it is to come prepared with all sort of tricks to steal your data.

On a Yubikey 5 NFC (or Yubikey 5 Nano) you'd have to type in the device PIN[26] only once in a while[27] and touch its sensor button (or touch sensitive part) for any single operation required from it. Disabling this request would decrease the level of security against remote hackers, who might possibly be able to decrypt, encrypt or sign something with your secret subkeys, but still, they wouldn't be able to steal them.

I've given a try at this Yubikey 5 NFC with Mailpile and it works fine (actually Mailpile works with GnuPG which in turns handles the Yubikey nicely).

Unfortunately the device can only hold one PGP credential.[28] If you need separate email accounts, you'll have to choose one and keep your other secrets in the gpg keyring as usual. If you don't care if the same GnuPG keys are used with various email accounts/addresses, then plenty of tutorials out there will tell you how to use GnuPG on the command line to add more than one user id to the same key (basically gpg --edit-key <keyID> then adduid then save).

Or you can use the key you store on the hardware device as described above, as an additional encryption level, pasting/attaching to an email which is also going to be encrypted with the key associated to that account.

(A higher security level would be encrypting and decrypting on an air-gapped machine with keys which secret part never leave that machine, they'd only be stored in the encrypted USB flash drive from which you exclusively boot that machine, and possibly in its backup copy also "touching" only the air-gapped machine.)

Creating keys and moving them to the hardware device

Here you have a couple of tutorials I read for this Yubikey 5 NFC:

A summary of the workflow I followed:

If using the Yubikey Manager[30] is a problem on the offline machine, you can leave the last steps for the destination machine before going back online, but with the offline machine you'll have already set up on your Yubikey three strong PINs (or passphrases) after writing them down on paper (no cameras around), one for normal operations, one as admin, one to reset it and unblock it after submitting a mistyped PIN three times. (On the online machine, I'd uninstall the Yubikey Manager, just not to leave it there ready and tempting any intruding hackers to spend additional time messing around.)

It looks more complicated than it is (of course it requires attention).

Am I being too paranoid? I was believing so, before coming to know what's mentioned below about "air-gapped" (especially this part of this footnote), and before what happened days ago, two different "weird" facts in the same day:

Possible attack, symptom A

Hours after a successful operation, I found the Yubikey's PIN blocked, supposedly meaning that 3 attempts with a wrong PIN had been made (but of course I hadn't omitted setting up different PINs/passphrases than the default ones).

Unblocking the Yubikey after repeated introduction of the wrong PIN/passphrase

In such cases, here is how to unblock the device normal operations PIN (that's what I did with this Yubikey).


gpg --edir-card

choose the menu item which enables you to unblock the normal PIN using the reset one, with this GnuPG version (2.2.4):


to exit:


Now, I'm keeping the device plugged into a HUB with real mechanical switches to cut power to any of its USB slots. The idea is to leave that switch off unless necessary. Apparently, the device works just fine also via the HUB, I've tested signing some 1.9 GB files and it worked flawlessly. If you do that, before you try to use the Yubikey, be sure that its USB slot is switched ON.[31]

Possible attack, symptom B

The same day, I couldn't eject an USB flash drive, Linux kept warning that the device was busy while I was closing anything else. Finally, it turned out that I could unmount it with no warnings only after closing the last thing I would have deemed responsible, the Firefox browser instance I had been using to surf the web, despite the fact that I hadn't accessed that USB flash drive at all from Firefox and despite having launched Firefox inside firejail (I'll have to review the apparmor and firejail profiles).

Apparently, you are never too paranoid. And BTW:

I use a separate Firefox instance to connect to Mailpile, I do not surf the web and connect locally to Mailpile with the same Firefox instance. The one-line bash script I use to launch Firefox:

firefox -ProfileManager -no-remote -new-instance "$@"

If you are running out of RAM space, you might possibly save a bit of it by omitting the -no-remote option, with decreased security level though.

Supposedly more secure:

firejail firefox -ProfileManager -no-remote -new-instance "$@"

Or you could use a browser, e.g. Vivaldi, to surf the web and another, e.g. Firefox, to connect to Mailpile on your computer, or the other way around.

Keeping secret subkeys stored apart and making them available when necessary

I've also tested not keeping in the GnuPG keyring the keys for the accounts I've configured in Mailpile until necessary. Luckily, Mailpile does not complain about a symlinked ~/.gnupg folder (GnuPG detects keyring changes and asks for your passphrases again).
My conclusion for now, for this trick not to have Mailpile complain and possibly create new keys if you pass through the settings of an account (even if only servers related settings):

When Mailpile is running, keep in the keyring at least the public keys of the accounts you have configured in Mailpile.

Before modifying an account settings – and obviously before doing anything requiring signing, encrypting, decrypting – make the secret keys available.[32]

Over your shoulder

Remember: apart the chance that the encryption scheme itself gets compromised in the future, or your keys get stolen and their passphrase cracked, there's also the chance that your computer itself might be compromised, with somebody watching "over your shoulder", no matter how secure your login and keys passphrases are.

Of course it also depends on the level of security you need. Protecting from common criminals is not the same as being a journalist whose sources are up against 9-11'ers.

But at least slowing down possible bad guys in general is an important step that worldwide citizens should all take.

You might also need to warn someone, e.g. police forces somewhere in the world, that by analyzing certain news it seems possible that something bad might happen, and you would not want to risk giving out that idea to the bad guys in case it turns out that they hadn't actually thought about it. But it doesn't look like police forces in general, as well as journalists in general, are nowadays "encryption aware" (not that mainstream journalists are up against the "biggest" bad guys around, anyways, it looks more like the opposite... but I was thinking about real journalists).


Staying offline while decrypting and reading a message doesn't guarantee that it will remain secure once you get back online, even if you have securely deleted the unencrypted message. The same consideration is valid for any password you type on your computer, even if used locally.

Edward Snowden was asking Glen Greenwald to only decrypt/encrypt on an air-gapped machine certain messages.
That could be for instance:

Why the last point? Quote from ​How to Build a Raspberry Pi FM Transmitter – Circuit Digest:

Every microprocessor will have a synchronous digital system associated with it which is used to reduce the electromagnetic interference. This EMI suppression is done by a signal called Spread-spectrum clock signal or SSCS for short. The frequency of this signal can vary from 1MHz to 250MHz which luckily for us falls within the FM band. So by writing a code to perform frequency modulation using the spread-spectrum clock signal we can tweak the Pi to work as a FM transmitter.

If it can transmit radio frequency in a controlled manner, it can transmit data as well (with FM modulation or not).

When it comes to hardware, I tend to think:

Closing any sensitive piece of paper before opening any cameras around is a necessary precaution, also for any not air-gapped setup.

ATTENTION: encrypting/decrypting staying air-gapped might not prevent certain tricks, for instance:

Radio communications: see just above here and again this previously inserted footnote.

Kleptography: for instance not a truly random or pseudo-random generator at the moment of the creation of your keys.
The NSA was accused to have pushed a tricky algorithm as a commercial standard.

Dual_EC_DRBG – Wikipedia

[...] In 2013, The New York Times reported that documents in their possession but never released to the public "appear to confirm" that the backdoor was real, and had been deliberately inserted by the NSA as part of its Bullrun decryption program. In December 2013, a Reuters news article alleged that in 2004, before NIST standardized Dual_EC_DRBG, NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library, which resulted in RSA Security becoming the most important distributor of the insecure algorithm. [...]

This is why I've written "I may choose", "I'd still choose...", of course I feel uncomfortable when opting for RSA4096 after reading this.

I'd be willing to at least hope that these algorithms are somewhat audited by knowledgeable persons worldwide, which is probably why they got caught... although years later, but the truth is:

I don't know

For important messages, we might want to superpose encryption levels made with keys of different types.

Are "RSA Security" really the guys who created the RSA standards used by GnuPG?
RSA Security – Wikipedia

[...] RSA is known for allegedly incorporating backdoors developed by the NSA in its products. [...]

Yes, it's definitely them.

Well, if I were a lawyer, I'd probably think that opting for RSA4096 as the basic key associated to an account, in case of any backdoors at least they wouldn't exploit my customer's messages legally, because that would make public the existence of a backdoor.
Also, I don't know if there wouldn't be any backdoors with EdDSA or any other standard.

To be fair, however, I think these algorithms and their implementation is open to auditing by anyone having the time and knowledge to do it... and GnuPG binaries can be downloaded with signatures (it seems to be kind of circular, using GnuPG to verify GnuPG pre-compiled binaries, but you might use an audited version to verify the signature on the new one, at least you know that it is what the developers published).

Moving data air-gapped <=> not air-gapped is a PITA of course, given that USB is a big no no.[34] The smaller the data file is, the faster it is to pass it screen-to-cam fragmented in QRcodes (I've made myself a couple of scripts which do that, TX/RX screen-to-cam). More than a few tens of kBytes => it's probably faster to burn a rewritable CD or DVD.

Mailpile perfectly suitable if you also need to decrypt/encrypt apart

You might check out the appendix with examples of GnuPG usage in a Linux terminal window.

It's easy to add to a Mailpile message some data encrypted apart, you can simply attach the encrypted file to your email.

If your encryption result is in ASCII format, you can also paste it into the email body, but in case it is a long message, the extraction of your encrypted data to be decrypted offline might not be straightforward, depending on your correspondent's skill level and email client.

Mailpile is perfectly suitable for the "extraction" of a message that you might need to decrypt apart possibly after having moved it to another machine.

Its Command Line Interface enables to export more than one message at a time, you might want to check out the specific section of this document about that.

The GUI enables to easily save a message body or the whole message format.

You can save the message body to your browser downloads folder, after activating Display HTML formatted message content:

image 16b
img 16b
(About the picture: a few days have passed since I took the other snapshots in this tutorial, I've received a few more emails and I might have added a couple of tags.)

Or if you need the email source code with its entire format, you can hover the mouse cursor as in the following picture to reveal more functionalities:

image 16c
img 16c

Clicking that small hammer icon, which mouse hover hint says Display message source code, will open a new tab in your browser, with the whole message as received.
You can then save that tab content to a file (ctrl-s with Firefox in English).

Back to our hands-on session

As I've chosen for this tutorial to let Mailpile create and manage my keys, I won't have to type the keys passphrase (and/or touch any sensor button on a hardware device).

Accessing an email account

I'm ready to type this email account password, the password I normally type in when accessing my emails in this account.

By default, Mailpile temporarily remembers this password, so I won't have to type it in again during this session.

The drop-down menu (call it listbox if you prefer) where you can read "Unlock Account" enables me to choose other behaviors. I could prefer to let Mailpile permanently remember my password for that account (and possibly in the future easily tell it to forget it, Incoming Mail settings | Forget password.

image 17
img 17

I'll type in my password, I'll leave the default behavior "Unlock Account" and I'll press the button.

More accounts

I get to the following screen, where the + Add Account link enables me to add as many accounts as I need.

Here I have already added a second account.

Basically, for each account, I had to:

With Vivaldi (, I didn't have to modify any settings from what Mailpile had been suggested by Vivaldi's autoconfig server.

See below for Google Mail.

image 18
img 18

The four icons below the small gear labeled Settings allow me to access the account settings.

I don't need to modify anything now, as the default settings and the ones guessed by Mailpile are just fine for me. I can omit pictures, so this tutorial won't appear unnecessarily (even more) long and scary.

IMPORTANT NOTICE: these are actually sections of the same "dialogue".

When you press the Save button, you are saving the settings in all sections.

If you are modifying the servers settings but Mailpile doesn't find your secret keys (e.g. because you activated another .gnupg folder and forgot to restore the previous one), then you will also be confirming what's in the other sections of the dialogue, and for "Security and Privacy" you'll be choosing the default behavior in absence of keys, which is, at present, the creation of new EdDSA keys for the account.

Beware that afterwards you might be sending e-mails signed with this new secret key and you might be attaching a new public key, instead of using the pair you had previously associated with this account.

When you need to leave "dialogue" windows of this kind without modifying anything, you can click the x in the upper right corner (you have already seen the "Create a new Account" and "Password Required" dialogues).

Copy of the remote folders structure and content is accessible in the sidebar

Notice, in the lower right corner of the above picture, that I mistyped the password of one of the two email accounts I've added.
In fact, in the sidebar on the left I have the copy of the remote folders structure of one account only.
No problem, by clicking the please login link under the notification I will be able to type the password again.

We'll see below how to change the order of the elements appearing in the sidebar.

After typing in the correct password:

TIP: If I wanted to disable fetching emails for one account, in its Incoming Mail settings I would "unmark" Enable this mail source and then I'd press the Save button.

image 19
img 19

[needs clarification]

It's unclear to me at the moment if there is already a way through Mailpile's GUI to do the following operations, which are intuitive in Thunderbird:

desired action how-to in Thunderbird (being online)
check what's actually in the remote folders at the moment left-button click the remote folder
immediately remove emails from remote folders drag emails from remote to local folders, or select emails then shift-del
"compact" remote folders right-button click and choose "Compact" from the contextual menu (same as for local folders)

I can do those things connecting to the account with my web browser in webmail, or with Thunderbird. Actually, I'm doing that progressively less frequently, because I'm seeing that Mailpile is also working fine when configured not to leave emails on servers.

I'm going to click the Inbox link in the upper part of the sidebar, just below Drafts.

Configuring Google Mail accounts in Mailpile

(I'm adding this section days later.)

At first, I let Mailpile detect all settings, and I was required to authenticate in a pop-up window, but after doing so I got a window from Google saying that I couldn't sign in with this app.

The solution is to generate an "App password".

At once, the structure of my remote folders in that account appeared and Mailpile was fetching my emails.

Despite having now downloaded almost 17 years of emails (over 46k emails exceeding 14GB) and despite having chosen full index encryption, Mailpile is still very fast searching, a wonderful client undoubtedly.[35]

However, this note mentions what is possibly slower because of having opted for full search index encryption.

Now, back to my Mailpile setup for this tutorial.

Here's my local Inbox.

Moving emails to the trash

I have four lines saying "(Subject not available)".
This is because I don't have the keys with which those messages were sent.[36]

Let's move those emails to the trash.

image 20
img 20


  1. select the messages by marking their checkboxes on the right
  2. click the Trash icon

This is common practice in the interface of various webmail services.

The following tasks are all very easy in Mailpile:

You'd better understand the instructions after reading other parts of this tutorial, but you can jump directly there now if you need to.

image 21
img 21

After sending those messages to the Trash, we want to better organize our emails.

Using tags

As mentioned above in this tutorial, Mailpile allows to classify messages with tags.
Each tag can work either as a category (like a folder) or an attribute (cross-folders, possibly assigned to emails of different categories).

Creating a tag

TIP: To create a new tag, we click the + Add link in the lower left corner.

In the first section of the tag settings, we can type in the tag name, change its color by clicking on Color, and by clicking the tag icon at its left we can also assign an icon to our new tag.

image 22
img 22

I'll leave to you the pleasure to discover all the icons, their design is very nice, actually I wish there were more icons.[37]

We'll see below in this doc how to use attributes and nested tags.

I'll type Reddit as the tag name and choose the red color for it. I'll leave the other settings in this section as per defaults:

image 23
img 23

Let's click Technical Settings to reveal that section.

I'm leaving None as the Parent tag because I don't want this tag to be nested within another.

I'm leaving Behave as category so it will work like a folder (we'll use attributes later).

I'm selecting Display in toolbar
This might become a default, I believe. At the moment, I don't see how I would be able to tag emails from the GUI without having my tags in the upper toolbar. [needs clarification]

Anyways, it's easy to do it from the CLI, there's a section about the CLI below which also shows how to tag and untag emails.

image 24
img 24

And I'm ready to click the + Add button.

Here's my newly created tag, in the sidebar on the left.

image 25
img 25

Moving emails to a tag

To move emails to a tag:

  1. after selecting at least one email by marking its checkbox on the right
  2. my tags appear in the upper toolbar (unless disabled, see above), and I can click the desired tag in the upper toolbar.

image 26
img 26

I'm going to do it now and move that email to the Reddit tag.

TIP: had I already created various tags, at this point I might make a mistake and move the email to the wrong tag, thus "losing sight" of that email. In that case, I could either:

  1. search for words that I've seen in the email subject or body, by mean of the search engine, which is accessible
    • in the upper portion of the GUI
    • through the Command Line Interface, in this case for instance search interesting code<enter>
      (this document includes a section showing how to search and export emails or search and delete emails with the Command Line Interface.).


  2. click the All Mail link just above the lower left corner and look there for the message.
    The All Mail link will show us all messages of all accounts regardless what categories we moved them to or attributes we associated them to.

Done. As it was an unread message, we now see "1" aside the Reddit tag.

TIP: Numbers aside an email account or tag are telling us how many unread messages are contained there.

TIP: lines of unread messages appear in bold.

image 27
img 27

I'll click the tag in the sidebar on the left to see its content.

image 28
img 28

The message is there, as expected. It is in bold, meaning it's actually still an unread message.

I'm clicking Inbox almost at the top of the sidebar to go back to the local inbox.

I want to create new tags for the remaining messages, I'll click the + Add link in the lower left corner.

image 29
img 29

Here you can see that I have created another tag, Syria, and I'm moving various messages to it.

image 30
img 30

Organizing Your Sidebar


This doesn't seem to work with nested tags. [needs clarification]

We'll see later in this document how to edit tags settings.

Two unread messages are now in the tag Syria.

image 31
img 31

I notice that I have two more emails from Reddit left in the Inbox, I'll move them to the Reddit tag as well.

image 32
img 32

One of the two was an unread message, which added 1 to the counter of unread messages in the Reddit tag-category.

image 33
img 33

I'm going to click the Reddit tag in the sidebar to check its content:

image 34
img 34

Look in the above picture at the search engine input field after clicking on the tag in the sidebar, in this case we read "in:reddit".

What we see after the ':' character is the tag keyword ("all:mail" is an exception to this format).

We don't see it when creating a tag, it's automatically added by Mailpile according to the tag name, but we can see and modify it later by editing the tag settings, and actually we want to keep it matched to the tag name and change both accordingly, in case, so we don't get confused when searching in the CLI.

(We'll see later that we can use what we see in the search engine input field after clicking a tag to search with the CLI, e.g. search in:inbox<enter>. Then we can export emails, delete, tag or untag them...)

Editing tags settings

We have seen above how to modify the order of the elements in the sidebar.


To edit the settings of a previously created tag:

If you change the tag name, you might want to also modify the keyword accordingly, you find it in the Technical Settings.
So you won't be confused by the results of your future search operations.

The keyword field is not visible at the moment of the tag creation, it's automatically created from the tag name.

Not all characters are valid for tag keywords, though [needs clarification], you'll realize by observing the keyword for the various tags you have created, at the right of "in:" in the search engine input field after you click each tag on the sidebar.

This document includes a section showing how to search and export emails or search and delete emails with the Command Line Interface.

And I'm already back to the inbox with another tag created (Ereticamente is a literary blog hosting various authors), moving a message to it:

image 35
img 35

And the following picture shows what's now left untagged in my local inbox, after also moving the message from Mondiaspora to the Diaspora tag.

Logout + shutdown or directly the latter

If I want to exit from Mailpile, I can either:

  1. logout from the GUI then shutdown from the command line interface
  2. go to the settings view and directly click the Shutdown button (we'll see it just below here)

Here's the first method, I can click the logout button, the one with the 0/1 icon by now "universally" meaning ON/OFF...

image 36
img 36

... then in the command line interface q and of course the <enter> key

image 37
img 37

If after Mailpile completes its shutdown the terminal prompt appears but not the blinking cursor, I can either:

  1. blindly type reset and of course the <enter> key
  2. ctrl-d to just close that terminal tab or window

image 38
img 38

Here's the second method. We can go to the settings by clicking the gear icon near the upper right corner of the GUI...

image 39
img 39

... and while we are here, we can click the Backup button before leaving.

Backup of Mailpile settings

TIP: You should always click this Backup button after modifying your settings or creating new keys
You should also make a backup copy of your ~/.gnupg folder, or whatever folder you have symlinked as ~/.gnupg

'~' expands to '/home/username/' or '/root/', it's the user's home folder in Linux, I don't know where the Windows version of GnuPG keeps that folder.

(Also notice the Password button, enabling to change the Mailpile password.)

image 40
img 40

My web browser tells me that it has a file for me (just like when I download a file from a remote server, but here the file origin is local).
I choose to save it.

image 41
img 41

I'm going to check if the file is now in the ~/Downloads folder, which is where Firefox is configured to save files on my PC.[39]

image 42
img 42

The file is actually there.
Its contents are encrypted. However, you never know... I prefer to store it away.


NOTICE: I have restored my previous Mailpile setup.[40] And a few more days have passed.

Tags as attributes

We have already been using tags.
As promised at the end of that section, here are attributes.

A tag-attribute enables us to establish that multiple emails belonging to different categories have something in common, and to search for those emails at once.

One of Mailpile's icons is a star icon.
I could use it for an Important tag-attribute if I wanted to keep this aspect as in Thunderbird.
Then, clicking this tag in the sidebar, I'd see all the emails I've tagged as important, possibly belonging to various tags-categories.

I'm going to click the latter in the sidebar.

image 43
img 43

Those emails clearly belong to various tag-categories, or if you want, to various folders.

I think we can create as many tag-attributes as we need. [needs clarification]
However, if we need to see them in the tool bar in order to use them from the GUI, then there is a practical usability limit to the number of tags we can create, at least for now.
Using a greater number of tags from the CLI should never be a problem, though.

Let's open the tag settings dialogue by clicking the small gear icon or its label Edit, above on the left, below the search engine input field.

In the Technical Settings section of the tag configuration, you can see that Behave as attribute is selected.

image 44
img 44

Nested tags (subtags)

I have now created two tags nested in the Reddit one.

(Actually, in this moment I am simulating that I have a use case for subtags.
In reality, each one of those emails contains notifications from various groups. I'll delete those subtags later.)

NOTICE: subtags can have a different color from their parent.
I chose the same on purpose.

I'm going to click each subtag in the sidebar, and then their parent.

image 45
img 45

(We see that some of the emails above have been tagged with the Interesting attribute, one has also the Important attribute.)

image 46
img 46

And here's the parent tag content, we see the emails contained in all its subtags:

image 47
img 47

For the emails above, inside the parent tag, the subtags icons now appear as if they were attributes.


Defining subtags as attributes is not necessary. Any parent tag will show the contents of all its nested tags.
(We might think of it as a special case of cross-folders search.)

Here, I have actually left them configured as categories.
Below, I'm also changing them to attributes.

Let's see the settings of one of the subtags:

image 48
img 48

image 49
img 49

(Tag Automation)

I'm also showing you the Automation section, which I'm not using in this tutorial.

It should enable me to establish an action which would automatically take place a certain amount of days after tagging an email, choosing among:

Below is the default setup: disabled.

image 50
img 50

Removing tags from emails

Here are a few ways to remove tags from emails:

image 51
img 51

After clicking the Interesting tag in the side bar, I see that its content now looks a bit different from before:

image 52
img 52

If I wanted to also see the parent tag here, I could have set the subtags as attributes instead of categories.

Here's the result (it's a matter of preferences, comparing the following with the previous picture, I prefer how it looked before, when these subtags where categories):

image 53
img 53

Let's see what the content of those subtags looks like now:

image 54
img 54

image 55
img 55

Again, I prefer how it looked when the subtag was a category.

I have clicked the Inbox link almost at the top of the sidebar and I see that I have no untagged messages.

Composing and sending an email

Now I'd like to compose and send a message. I'm going to click the pen icon above towards the right.
In this case, in my Inbox completely empty, I could also click the Compose a message button.

image 56
img 56

Here's the compose message dialogue.

image 57
img 57

I've selected from which account I'm sending, I've typed in the recipient address and I've written something in the message body.

When hovering the mouse cursor on the recipient, a contextual menu appears.

image 58
img 58

Out of curiosity, I'll click the Show Encryption Keys link.

NOTICE: this is not a necessary step, I could click the Send button right away.

image 59
img 59

There is some ongoing activity...

... now finished.

image 60
img 60

I'll close this information window by clicking the x in its upper right corner, then I'll click the Save button to save the message as draft or the Send button to send it.

And this is all for now.

This tutorial is far from what I'd like it to be. Had I started out with more time available, I would have possibly ended up having less afterthoughts leading to much more time being put into it than reasonably available at the moment, and getting it out better.
But here it is.

This is not essential to use Mailpile

The Command Line Interface (CLI) – not essential to use Mailpile

In Mailpile's Command Line Interface (CLI), you can search for one or more words and then export or delete all the matching messages or some of them.

Clearing the CLI space

To get rid of previous output in the CLI:

ctrl-L (lowercase or uppercase L, just as in a bash shell)


Getting help, switching output format

Let's start by getting some help.
To get help about the CLI commands (easier to read in text format than json format), just type the help command:


If the output format is not plain text but something else, you can switch to text:

output text

Should you need your results in json or html format, you can switch like this:

output json
output html

Don't forget how to switch back to text:

output text

Sometimes, as an unwanted side effect of a search, my output got switched to json. Switching back to text and repeating the same search was consistently having the same unwanted side effect. I guess the issue has been reported. [needs clarification]

Sometimes, when that happened, after doing a search with zero matches (searching for a word I don't have in any emails), I could with no surprises launch the same search which had been triggering the unwanted output format change. Sometimes that didn't work, it was possibly a coincidence.

Searching, exporting emails

Before executing an export command, you need to execute a search one.

To search:
search word another whatever

s word another whatever

All these words must be present in one email for a match to be triggered.
The match is apparently case insensitive.

In case any emails match your search, they'll appear in lines preceded by numbers. To export them all into one text file:

export all

Notice that e would be the shortcut for another command: Extract attachment(s) to file(s).

Here's what happens if I export the 2nd, 7th, 8th and 9th matching emails (the first line is my command):

export 2,7-9 <enter>
Elapsed: 0.208s (export: Exported 4 messages to mailpile-1602723517.mbx)

    "created": "mailpile-1602723517.mbx", 
    "exported": 4

I find the resulting text file in my home folder. Opening the file ~/mailpile-1602723517.mbx and searching for "Subject: " confirms that it contains all those emails, although in different order.
The help text mentions a few optional parameters to the export command that I haven't tried out yet.

To see all emails in the Reddit tag:
s in:reddit


Elapsed: 0.002s (search: search)

  1   Reddit               "A more complex take on the b  (Important)22 hours
  2   Reddit              *"Hi, i tried to make a message with a one   Monday
  3   Reddit              *"[D] How do I encrypt and decrypt a messag  Sunday
  4   Reddit               "How to tell how an encrypted message wa  Saturday
  5   Reddit               "S/MIME SSL Question"                       Friday
  6   Reddit               "PLONK by Hand (Part 1: Setup)"           Thursday
  7   Reddit               "A Year and a Half of End-to-End Encryptio  Oct 06
  8   Reddit               "someone give me this code but i don't hav  Oct 05
  9   Reddit              *"I have a quite interesting code that a fr  Oct 04
 10   Reddit              *"What is the connection between stream cip  Oct 03
 11   Reddit               "ccrypt alternative for windows (without c  Oct 02

Let's search in the Reddit tag for something more specific:
s in:reddit encrypt


Elapsed: 0.012s (search: Found 3 results in 0.012s)

  1   Reddit                  "ccrypt alternative for windows (without cygw..."  Oct 02
  2   Reddit                 *"[D] How do I encrypt and decrypt a message u..."  Sunday
  3   Reddit                  "A more complex take on the braille  (Important)Wednesday

Notice that the message which was result number 4 of the previous search didn't match now, searching for "encrypt" didn't match "encrypted":

Mailpile is matching whole words.

Wildcards do not seem to work, encrypt* doesn't match encrypted, I don't know yet whether or not there is a way to enable partial matches, I guess it would be much slower to also search for partial matches. [needs clarification]

Even if it turned out that there is no way...

I'm very impressed with the search engine, it's very fast. I've also tested searching through encrypted emails and it works just the same.

Days later: I'm downloading years of emails from a GMail account, I already have 4.7 GBytes, 7344 emails (and still downloading, they might sum up 12 GBytes), and I'm getting answers from the search engine in the CLI in 0.002-0.090 sec on a 10+ years old computer, with fully encrypted search index. About an hour later, I have 5.9 GB, 8886 mails (still downloading) and I'm getting search results in 0.002-1.178 seconds (the 1.178 seconds one was then always repeated in 0.215 seconds, maybe the disk was busy with something else the first time).**

Don't forget the recommendation I've included in a previous section of this document.

Setting the number of results per page

If on the GUI I click the Settings and Tools gear icon in the upper right corner and then the Preferences button, I get to the Search results per page drop-down menu. I can set a value not exceeding what can be displayed on my terminal window. I could also scroll up and down the terminal window, but it might be more confusing than using the commands Mailpile offers:

n next page
p previous page

Of course I could use both resources, setting for instance 120 lines per page and scrolling through them in the terminal window.

The chosen value will affect both the GUI and the terminal window, I haven't found out if it's possible (without using the python shell) to set two different values. [needs clarification]

Changing sort order of search results in the CLI

The help text says that I can change sort order with the o command, quote:

o|order     <how>          Sort by: date, from, subject, random or index

These two give me an "Unknown sort order" error [needs clarification]:

o from
o subject

The other ones seem to work fine and the result of the last search are displayed again in the expected manner.

I haven't seen how to revert the sort order in the CLI. [needs clarification]

(The GUI, from the "hamburger" menu below the 0/1 ON/OFF logout icon, allows to choose "Newest First" or "Oldest First".)

Definitive deletion of emails

(You might want to check out this recommendation.)

ATTENTION: The delete command in Mailpile's Command Line Interface performs immediate and definitive deletion, with no permanence in the trash, which means:


If you are leaving your emails on the remote server, and permanently delete some of them only from the local storage and not on the remote server, they will be downloaded again.

There's a suggestion below here.

The delete command seems to (correctly) only affect local storage. How I tested:

It has been suggested on GitHub that there might be two separate settings:

I've tested deleting multiple times one message in the Inbox with the delete command, then watching it appear again as Mailpile was fetching it again from the remote server.

Deletion of emails from remote servers as a consequence of immediate deletion from local storage with the delete command in the CLI might turn out to happen, but after a while. [needs clarification]

In the GUI: enabling deletion of emails

First of all in the GUI: Settings | Privacy | Allow deletion of e-mail from servers and mailboxes => On
(Mailpile 1.0.0rc6)

After enabling deletion, in the trash I'm seeing a line above all emails saying:
"Trash : Messages will be permanently deleted after 91 days."

In the GUI: setting the number of days in the trash before automatic definitive deletion of emails

Here is how to set a lower number of days of permanence in the trash before complete deletion.

To edit the trash tag settings:

You can also immediately empty the trash.

Immediately emptying the trash (or part of it) using the CLI

Before executing a delete command, you must execute a search one (please check out one short thing above if you've jumped here from the paragraph Sending emails to the trash).

To immediately empty the trash, I can do:

search in:trash`  
delete all

(That's super fast, unless you are using Mailpile on an old computer, you have 46+k messages, you are deleting 2500+ of them at once and you have set Mailpile for full index encryption, in which case you might have to wait for a few minutes, 3-4 minutes here.)

You may want to delete specific emails instead.

search in:trash


search your keywords

(the second one searches out of the trash, it won't find emails in the trash)

In case of any matching emails, this gives you a numbered list. You can delete messages with specific numbers or ranges, e.g.

delete 3,10-15

If you have more emails in the trash or in any tag than the ones you can see at once in the CLI, then after each search:


You can modify Settings | Preferences | Search results per page to establish how many lines per page your search operations will give, I've set 40.

n next page
p previous page

Again: if you are leaving your emails on the remote server, and permanently delete some of them only from the local storage and not on the remote server, they will be downloaded again.

Tagging and untagging emails using the CLI

Moving emails to the trash using the CLI

If you do not have the time to remove them right away from the remote server first, then instead of deleting them immediately from the CLI, you could move them to the trash (or another tag you create specifically to remind you), which will give you some time to remove them from the remote server first when you are not too busy, and then delete them permanently from local storage. For instance (here I'll use the shorthand s for search):

s some words
tag +trash 1-2,5-13

Suppose that you want to move to the trash all drafts.

s in:drafts
tag +trash all

Moving emails out of the trash using the CLI

But then you find out that you are actually going to need a few of those emails as drafts:

s in:trash
tag -trash +drafts 97-103

This is not essential to use Mailpile

Appendix: a few examples with GnuPG on the command line – not essential to use Mailpile

This appendix only contains a few examples, related to this document, of GnuPG usage on the command line in a Linux terminal window (I haven't seriously tested interacting with gpg from Mailpile's CLI).
This is not exhaustive information on GnuPG usage. There are many good tutorials on the web, some of which specific on one aspect.

Here's a nice tutorial about creating GnuPG keys, the one I follow more or less to create my own keys (air-gapped, with no picture and with a few other differences):
Creating the perfect GPG keypair – Alex Cabal[41]

As the tutorial recommends, I keep the whole result with the primary key stored apart and actually export and use the subkeys.

Let's see examples related with other aspects.


Listing the public keys in the keyring

gpg -k

(lowercase k)

Listing the secret keys in the keyring

gpg -K

(uppercase K)

Exporting a public key from the keyring

gpg -a -o pubkey.asc --export myemail@addr.ess

Exporting secret keys or subkeys from the keyring (not if held in a hardware device)

Evaluate where you are saving this file and consider securely removing it afterwards.

gpg -a -o secretkeys.asc --export-secret-keys myemail@addr.ess<enter>

To only export secret sub keys without the primary key:

gpg -a -o secretsubkeys.asc --export-secret-subkeys myemail@addr.ess<enter>

Importing public or secret keys or subkeys or a revocation certificate

gpg --import filename

Encrypting, signing

You might do something like this, possibly in an air-gapped machine (I switch to another e-mail address only to "simulate" the air-gapped scenario, that is to remind that I might be using another key with an invented e-mail address associated to it only to be able to easily select the key while using it):

gpg -o toX.tar.gpg -u -r -s -e toX.tar would be an invented user id associated to this key you have created not to actually directly use with email, probably specifically for air-gapped use with X, and the user id for X's key, GnuPG won't bother because those email addresses do not exist, it's just keys IDs so we don't have to use hexadecimal ones. Actually the user ID also identifies all related subkeys, one subkey will be specifically used to sign, another one to encrypt (and optionally you can add a subkey to authenticate which can be used with SSH connections). See above the link to Alex Cabal's tutorial about keys creation.

Instead of .tar it could be .zip or .txt or .rtf or whatever other extension, actually the name and extension of the input and output files are not relevant to GnuPG.
You can attach the resulting binary file toX.tar.gpg to a Mailpile email which is going to be encrypted with yet another key.

Or if you have a short message or any small file which you want to encrypt and copy&paste into the email body (again, instead of .txt it could be .rtf or whatever):
gpg -a -o toX.txt.asc -u -r -s -e toX.txt

You can still attach an ASCII file of course, but to that goal I'd go binary.

The following four lines are not commands, they mention options.

short option long equivalent
-a --armor
-o --output
-s --sign
-u --local-user

Specifying a local user is only necessary if you have more than one secret key in the keyring and the one you want to use is not the default one (which would normally be the first one you get with gpg -K).

If you and your correspondent haven't yet exchanged a public key for air-gapped use, you might use symmetric encryption, the result will possibly be a smaller file, especially evident if you are encrypting a small file, but it won't be as strong as asymmetric encryption with a proper key.

gpg -a -o toX.txt.asc -c toX.txt

If at least you have previously passed to your correspondent your public key, you can sign (-s) even if you are using symmetric encryption:

gpg -a -o toX.txt.asc -u -s -c toX.txt


gpg -o toX.txt -d toX.txt.asc

If your correspondent has already imported your public key and you encrypted with the -s option to include your signature, GnuPG will tell your correspondent that there is a good signature from you.

Creating a detached signature and verifying one

If you want to add a separate signature of a file:
gpg -u --detach-sig

The result will be a detached signature file named

Anybody having imported your public key and receiving that file will be able to verify your detached signature of that file, which certifies that the file hasn't been altered since you signed it:
gpg --verify

gpg --verify

The term "signature" is possibly confusing

The few lines of text that I want my email client to automatically put at the bottom of my emails are also called "signature".
They have nothing to do with the actual digital signature of my email message, which proves:

But they might be used to also carry information about my PGP key for that account:

  1. the primary key hexadecimal ID
  2. the fingerprint

To obtain the fingerprint:

gpg -o myFingerprint.txt --fingerprint

and you only use the line containing "Key fingerprint = ..." because that is what can and should be obtained by anybody only having imported your public key, after importing it, with the same gpg --fingerprint command, provided that the key they have imported has not been altered.

If the fingerprint doesn't match, then the public key they have imported is not your uncorrupted/unaltered public key.

Temporarily using another keyring

gpg --homedir relativePathToReplacementGnupgFolder --whatever-options-and-command


gpg --homedir /media/myuser/ENCR_FLASH/somepath/.gnupg_withMoreSecretKeys -K

Before signing somebody else's keys...

Finally: many tutorials out there explain the meaning and the how-to of signing the keys of other persons.
Just remember to do so after setting your trust level for those keys.


  1. The search index itself can optionally be totally encrypted as well.

    The Security and Privacy Settings page warns with the word "slow" about this choice, and actually the default would be partial encryption of the index.

    I've chosen to cope with the additional time. Here's the lower right portion of the GUI with my second "real" Mailpile setup, which includes two GMail accounts with many years of emails (and spam, which I'm going to be able to move to the trash, or directly permanently delete, much faster in Mailpile than via webmail, while I've used webmail to delete all emails from GMail servers):

    image 60b
    img 60b

    Searches can actually take much less time than that, and a repeated search even goes down to 0.001 seconds.

    So, what might become slower with full search index encryption?
    (As far as I can speculate at the moment, of course. [needs clarification])

    I'm not sure that what follows is actually related with the full encryption of the search index, but I suspect so because I don't see anything else slow.

    • The first login after starting up Mailpile, with over 46k messages, now takes over 45 secs on this old computer (it would take considerably more on a Raspberry PI4).
      It takes 2-3 seconds in my other non-GMail setup, which has less than 300 messages because the previous ones are all in Thunderbird.
      You can not use Mailpile from the CLI or the GUI before having made at least one login after startup, which can be done in the GUI or in the CLI with the command: login<enter>
      • If you log in via the GUI, you'll also be able to use the CLI.
      • If you log in via the CLI you'll have to type your passphrase again in the GUI in order to be able to use it, hence you may want to login directly in the GUI (unless you are staying with the console alone).
    • After logging out from the GUI without shutting down Mailpile, logging back in is "instantaneous" after typing your passphrase, as is logout.
      Shutdown, on the other hand, occasionally took up to 2-3 minutes on this old computer, even on my non-Gmail setup with less than 300 emails, so don't plan on shutting down and leave home in a hurry, do it with some anticipation.

      In the CLI, part of the answer to the help command is:

      cleanup                       Perform cleanup actions (runs before shutdown)

      I guess that's the reason why shutdown can take some time (possibly a bit more because I've opted for a strong encryption of the search index).

    • It took 3-4 minutes on this old computer to permanently delete at once many (2500+) conversations from the Trash, in my Gmail setup which had more than 46k emails (done with the CLI of course).

    • A "timeout" problem, with a 25.9 MB email containing various pictures, might have been related with the choice of full-encryption for the search index.

  2. "Signatures" is the common denomination for a few lines of text that you might want to automatically be added at the bottom of your emails (of course it's not about digitally signing emails). 

  3. Video: Bjarni Einarsson: Mailpile
    From this video, I'd also say that the design philosophy was not that of a "touch and go" e-mail client, but more a process running all day long, keeping things synced, while the user would login in the GUI once in a while. I'm rather using it "touch and go", taking into account that startup and shutdown can take a few seconds to a few minutes. 

  4. How to reach the "Incoming Mail" settings: Some of the settings in this section are:
  5. The color of the "ethernet + arrow down" icon changes, green if the last connection to the incoming mail server succeeded, red if not, and possibly gray – apparently not always – if Mailpile has been offline during some time and is now simply trying to connect to the incoming mail server each n seconds (300 seconds the default interval). [needs clarification]
    By hovering the mouse cursor on the icon, a hint-formatted message appears telling what the situation is. 

  6. Open the Incoming Mail settings and mark the checkbox labeled Add New, a new section will appear immediately, start by the dropdown menu where you initially read "None", there you choose the connection protocol and immediately more input fields will appear. You can copy the same settings as the first source if the symptoms where simply anomalous, or you can type in alternative settings if you got them from the account provider or the related support forum. Before saving, remember to disable the previous source by "unmarking" the Enable this mail source checkbox 

  7. I'd look into it (I did very little coding in python in the past but it doesn't seem more difficult than other languages I've worked with... Mailpile, though, is probably a rather complex project requiring some time to dig into it). But I have stormy weather incoming, meaning that I must relocate and outgoing money is going to be multipled by n, which means I'll have less time to work for free. Before, I hope to be able to finish prioritaire ad honorem ongoing works (actually, I've given priority to this tutorial despite a friend's recommendations). 

  8. These options appear in a small frame with an eye icon, on the left in the message body area. You can see that frame in the lower left fourth of this image and the one which follows it:

    This message references images or other content from the web. Downloading and displaying these images may notify the sender that you have read the mail.

    Okay, display the images
    Always display images from this sender
    No, thanks! 

  9. Without having to configure a smaller value for the "interval" setting. 

  10. The default setting is keepalive activated. Apparently, after a certain amount of time offline, Mailpile switches to another mode, just trying once each n seconds, being 300 apparently that value.
    Disabling keepalive and setting an interval of 300 seconds between connections is mentioned in an issue report mentioned above, which links this page explaining how to see all settings and how to modify those settings via the set command.
    You can use the unset command, identifying settings the same way, to restore default values.
    By default, interval = 300 appears to be commented out. I guess it's still a default behavior in case keepalive has not been possible for a while. After having been offline for hours, I'd expect the 300 seconds to have elapsed. Maybe what's not easily detectable in a way that would be portable to different platforms is that the computer is back online without actually trying to connect, in lack of which possibility the philosophy might have been to stop trying on and on. [needs clarification] 

  11. You'll think "if your keystrokes are being recorded, your Mailpile passphrase is compromised as well". Well, I've come up with a method to raise the bar just a bit, but publishing the trick wouldn't be the best security policy. Not knowing if my keystrokes had been watched before I came up with it, I've changed the Mailpile password afterwards.
    Absolutely secure now? Of course not, I'm simply progressively learning good practices to raise the sophistication level that an attacker should have to succeed. 

  12. As you can see in the already mentioned 2013 Video Bjarni Einarsson: Mailpile

  13. Yes, I've read rumors about Debian (hence derivatives like Ubuntu) having been infiltrated by the NSA. I've been considering moving to another distro with no specially made kernels (and no plans about making auto-update, update-at-any-moment-without-asking, a characteristic of the next major release, although I admit that I haven't been following the matter since reading a very long Reddit thread with plenty of users preliminarily complaining about that), they might have decided to add an auto-update ON/OFF switch.
    Which Linux distributions would be more secure and still allow to easily run plenty of software available over the Internet? 

  14. There is a second package, to have Mailpile act as a server for connections from other machines. I've only installed the first package for now. If you want to also test the second one, be sure to read the developers' warnings about security still needing to be checked out and possibly improved. (If you don't need a "real" Apache style server, I think there shouldn't be any problems setting an SSH tunnel from another machine and running the web browser on it, not even X forwarding should be necessary, and on the other machine the port number might be a different one.) 

  15. You can simply keep different Mailpile folders to have various completely separate setups that you will use one at a time. In Linux you don't even have to rename or move the folders, which could become confusing. You can create a symbolic link to the folder you want to use, making it accessible as ~/.local/share/Mailpile/
    You can put the commands to switch among your setups in one or more bash scripts, which would preventively test pgrep mailpile and exit with an error message if you are trying to switch while Mailpile is running. For instance:

    procID=`pgrep -x "$procName"
    if [ "$procID" != "" ]
        echo ""
        1>&2 echo "***** $procName process running (PID $procID) - NOT switching *****"
    and it deletes your symbolic link and creates another. My own script also checks what the situation is, folders and link found or not found, before doing anything, just in case there were any unexpected problems left previously. 

  16. This behavior can be modified in the settings. You might prefer to open you browser by yourself, or use a previously open instance of it. 

  17. The above mentioned video Bjarni Einarsson: Mailpile, starting at 18 minutes, demonstrates that this console offers a tremendous power for advanced users, even a python shell if you enable it with the following steps:
    1. Settings (gear icon in the upper right corner) | Preferences | "Enable developer-only features" => On and click Save Settings
    2. Settings again | Plugins, click on the new button you should now see, labeled <> Enable: hacks
    3. Now you can access the python Command Line Interface, by typing this command in Mailpile's CLI:
    Notice that the setting mentioned in the first step, Enable developer-only features, is in the Danger Zone. That's because you can do a mess if you don't know what you're doing, or you do know but make a mistake. 

  18. This command shows scheduled jobs:
    Here's the result I'm getting (notice the line starting by "sendmail"):

    Elapsed: 0.001s (cron: Displayed CRON schedule)
    Background CRON last ran at 2020-10-26 22:30.
    Current schedule:
     JOB                     INTERVAL LAST RUN         NEXT RUN         STATUS
     retrain_autotag            86400                  2020-10-27 05:03 new
     save_search_history          900 2020-10-26 22:26 2020-10-26 22:41 ok
     gpl_optimize                  30 2020-10-26 22:30 2020-10-26 22:30 ok
     rescan                       900 2020-10-26 22:24 2020-10-26 22:39 ok
     sendmail                      90 2020-10-26 22:29 2020-10-26 22:30 ok
     refresh_command_cache          5 2020-10-26 22:30 2020-10-26 22:30 ok
     save_metadata_index          900 2020-10-26 22:25 2020-10-26 22:40 ok
     tag_automation             28800                  2020-10-27 01:39 new
     motd                        3600 2020-10-26 22:29 2020-10-26 23:29 ok
As far as I can tell, when you explicitly use the sendmail command in the CLI, you get True as the result when there are no new emails to send. [needs clarification]
On the other hand, you may get some error messages if sendmail is already running. 

  1. Our "normal" everyday emails should all be encrypted. For years, I've been seeing blogs on the web recommending to encrypt every email, even "let's go for a picnic". It took me some time to understand why, being "I've nothing to hide" the first thought we all have. One of various good reasons is to help journalists who need to protect their sources. Epistolary secrecy, right to privacy, is a fundamental ingredient of any democracy.
    Aleksandr Solzhenitsyn, despite being a brave officer, went through various years in a gulag because he privately wrote to a friend criticizing how Stalin was leading war.
    Today, NWO-controlled governments are apparently trying to push in the same direction, as per Trilateral Commission statements about correcting an "excess of democracy"... 

  2. Mailpile will show you the passphrases for the keys it is managing for you, in exchange for your Mailpile login password: and you'll see the passphrase that Mailpile uses to unlock that account secret keys.
    If Mailpile is using the GnuPG keyring, you'll be able to export using gpg on the Linux command line (or the Windows cmd window, I guess). The section about GnuPG mentions exporting secrets from the keyring, but there are also many good tutorials on the web. 

  3. Mailpile developers already have a draft for an evolution of SMTP, just great

  4. Was this one? I know it wasn't, but how would you know? LOL this reminds me of certain spy movies where nobody can trust anybody. 

  5. I went to one of many key servers out there and as search string I typed Glenn Greenwald.
    Each one of this servers may not always be up and working correctly. If you get errors like "Bad Gateway" when clicking on a key ID to actually get the key, you may want to wait a few seconds and retry. If you have the hexadecimal key ID, it is also possible to import directly into gpg, for instance in this case:

    gpg --keyserver --receive-keys 0xA4A928C769CD6E44
    (Of course you would replace the server URL and key ID.) 

  6. I've read that at first Greenwald was deeming as too complex the security procedures that Snowden was asking from him. He was later convinced by Laura Poitras, the author of the documentary Citizenfour (2014). 

  7. Months ago I would have added: "... and because by default GnuPG on Tails adds to the randomness more entropy created from keyboard and mouse events". But I have recently created keys on Ubuntu (ver. 18.04.5 with GnuPG ver 2.2.4 and libgcrypt 1.8.1) to simply check the syntax of a few commands I've added to the gpg appendix, and it's quite possible that the random generator was waiting for such events while giving out small chunks of the output sequence of the required size. 

  8. It can actually be an alphanumeric passphrase up to 127 characters long, if the information I recollected is correct. 

  9. As far as I can tell (I haven't dug): you are asked the PIN each time you use another subkey, or if many hours – possibly configurable – have elapsed since the last time you used that subkey (I don't know if keeping using it would extend the grace period indefinitely). For instance, if you have typed in the device PIN to sign something, you have only unlocked the use of the signing subkey. If right afterwards you want to use another subkey, e.g. to decrypt, you'll be asked the PIN again. After having enabled each function, the device can stay ON for quite a few hours – if you wish so – and later perform more such operations only requiring your touch on the sensor button. 

  10. With up to three subkeys, which means that it could also be used to authenticate in SSH connections, but as I just said, it can only hold one PGP credential (it can hold up to 25 credentials or infinite number of credentials of other standards of which I'll use zero to three credentials at most). 

  11. It contains a microcontroller who is supposed to do all operations. I want to believe that these devices are so highly audited and kept under observation worldwide that putting a backdoor into them would be highly risky for who did it, legally and not, and for a whole lot of countries by now. Yubico however, if I've read correct information, admitted some kind of vulnerability of a "FIPS" series which was actually supposed to have some stronger US Federal certification, and retired the vulnerable model replacing it for customers. 

  12. It is good practice to check sensitive software you download with the developers' signatures.
    In this document you have an appendix with examples of GnuPG usage on a Linux terminal command line, also showing how to create and verify detached signatures.

    As it has already been reported, in case any piece of software coming from Yubico has been signed with a key which hexadecimal ID you don't find on their Software Signing page, you can search for that ID here where you should find a primary key ID and a name. Then, you check that the name and key ID are actually listed on their Software Signing page. (Maybe Yubico staff will improve this aspect of their website as suggested in that GitHub issue and you won't have to lose extra time when verifying any of their signatures.) 

  13. Actually, if you forget to switch on the HUB slot before trying to use the Yubikey, you are normally simply invited to plug in the device. So far (about 40 days of everyday usage), only twice I went into a bit of a trouble and kept getting errors from GnuPG after switching the slot on.
    In case, try unplugging the HUB from your PC and plugging it in again (or plugging the Yubikey into a non-HUB USB port, using it once, then back to the HUB, but I think the first one is the way to go, at least on this Linux PC). 

  14. If you forget to make secret keys available before opening an encrypted message, Mailpile might later remember that it had no suitable secret keys to decrypt it, despite the fact that afterwards you might have made those keys available and sometimes even despite having shut down down and restarted Mailpile. In case, try moving that message to another tag (and back if you need). Once, so far, that has not worked here.
    (Opening the Security settings of that account and pressing the Save button – after checking that the correct key was appearing – didn't solve it either.)
    But I was able to decrypt that email again – and see it "green" again – minutes later after sending another email using the same secret keys

  15. I find it interesting to analyze and progressively adopt better habits (keeping in mind that our devices and OS'es are so insecure), as if I were handling something worth anybody's efforts to steal or alter, like industrial or military secrets, or the communications of a congressman or minister.
    The more I know, the more I'm convinced that you're never too paranoid.

    Just consider:

    As for the question "am I being too paranoid?", apart from radio waves, I had already mentioned a blocked Yubikey PIN and a firejailed Firefox instance engaging a USB flash drive

  16. Apparently, the hardware of USB ports is too flexibly reprogrammable, it can be used to steal information (maybe it's more difficult with encrypted USB volumes). Such attacks go under the common denomination of "bad-USB exploit". 

  17. Actually, when first adding the GMail account into Mailpile, I also wanted to test disabling since the beginning "Copy all mail and add to search engine" in the Incoming Mail settings.

    What happened? I could send emails through GMail SMTP server, but Mailpile wasn't fetching any, not even if I sent new emails to that account.

    Immediately after enabling "Copy all mail and add to search engine", the (large) structure of my remote folders in that account appeared and Mailpile was fetching emails. 

  18. Actually I do have those keys, but not in the gpg keyring I'm using at the moment: I sent those emails to myself earlier today with my previous Mailpile+gpg setup. For this tutorial, I wanted to restart from scratch, so before launching Mailpile from the terminal window I did what follows:

    mv -i ~/.local/share/Mailpile ~/.local/share/Mailpile_renamedToRestartFromScratchForTheTutorial  
    mv -i ~/.gnupg ~/.gnupg_b4_tutorial  
    install -d -m 700 ~/.gnupg  
    gpg -k

    You don't need to do this now, I'm just detailing this possibility of easily switching to/from another entire Mailpile setup (without having to switch to another user on your computer) because it might be useful to you.

    I guess Windows users should also be able to rename the corresponding folders.

    I'll restore my real Mailpile/GnuPG setup later. 

  19. I don't know if it's possible to add icons without having to modify parts of Mailpile. [needs clarification] 

  20. How did I learn that?

    By clicking a "learn" link about that when Mailpile kindly offered it to me in the notifications box:

    Mailpile lets you organize your mailbox the way you want it to be.
    You can start customizing your experince by rearranging the sidebar on the left.

    • In the bottom left, click: Organize.
    • From here you can click and drag any of the tags (Inbox, Outbox, etc.) up or down to change its order in the sidebar.
    • To customize each tag individually, click on one of the gears next to any tag.
      • Under Tag Settings you can change the name and color of a tag as well as where it's located and if you want it in your searches.
      • Under Technical Settings you can make sub-tags so that they're more organized. For example:
      • Receipts
        • Bills
        • Groceries
        • Personal
        • Work
    Stay tuned for more helpful hints to guide you in customizing your Mailpile! 

  21. Off topic: ls -l Mailpile* would have been a more strictly appropriate command, since the -a option is only needed to also list files which names starts by a dot, otherwise "invisible" (apparently, I've made a habit of checking them out as well). -l shows the file size (and permissions). 

  22. Here is how I restored my previous ~/.local/share/Mailpile folder and my previous ~/.gnupg folder.

    mv -i ~/.local/share/Mailpile ~/.local/share/Mailpile_createdOnlyForTheTutorialWillDeleteSoon  
    mv -i ~/.local/share/Mailpile_renamedToRestartFromScratchForTheTutorial ~/.local/share/Mailpile  
    mv -i ~/.gnupg ~/.gnupg_onlyForTheTutorialWillDeleteSoon  
    mv -i ~/.gnupg_b4_tutorial ~/.gnupg
    You don't need to do this now, I'm just detailing this possibility of easily switching to/from another entire Mailpile setup (without having to switch to another user on your computer) because it might be useful to you. 

  23. Yes do I realize that the familiy name of the author is not the most reassuring part of the tutorial LOL, in this context it looks like a nickname of somebody playing mind games with his readers.
    And you have probably already read about certain perplexities, here and here, which for now I've chosen to resolve opting for RSA4096 while awaiting for practical applications of upcoming results of research on post-quantum cryptography. 

trailing empty lines to allow your browser to position with the last footnotes at the top of your screen

trailing empty lines to allow your browser to position with the last footnotes at the top of your screen

trailing empty lines to allow your browser to position with the last footnotes at the top of your screen

trailing empty lines to allow your browser to position with the last footnotes at the top of your screen

trailing empty lines to allow your browser to position with the last footnotes at the top of your screen