At the time of writing (May 1996), tools exist to give an excellent level of integration of PGP with a few mailers. The most commonly used of these is Elm, at 12.7% of usage. The elm-2.4pl24me8.tar.gz package available at ftp.pgp.net provides menus for encryption and signing of the message being composed; it automatically detects encrypted incoming email and offers to decrypt it; it checks signatures automatically. In an especially nice touch, the PGP-aware Elm checks to see whether the user has set up PGP's keyrings and configuration file and, if not, the mailer does not display its PGP-related functions to avoid confusing the user.
An alternative approach has been taken with privtool-0.85.tar.gz which re-implements Sun's mailtool agent from scratch. Reports suggest that PGP is well integrated, but that there are niggling differences between privtool and mailtool which some users find objectionable. Sun's mailtool is eleventh on the usage list, with 1.4% of the population.
Two minority interest mailers, exmh and Emacs' RMAIL, also have extremely well integrated PGP functions but neither of these appear in the top 95% usage. The authors of this report use these two MUAs.
A tolerably good level of integration is available for a few more mailers, including Pegasus on MS-Windows, Pine on Unix and Eudora on Macintosh and MS-Windows. The authors are familiar only with Pine out of these three and have to rely on third parties for opinions of the quality of the integration for the others. The Pine mailer is typical of many in that almost the only hook available for attaching PGP to it is its ability to use an external editor. The integration package ( mkpgp1.6.tar.gz) overloads this hook more than somewhat. The result is clunky and inelegant but usable. The editor approach has been used to attach PGP to a number of other mailers, including Open-VMS MAIL. Pine is relatively unusual, however, in that the source code is freely available and a well-integrated secure mailer could be produced if the effort was properly commissioned.
The inverse approach is taken by Private Idaho, a PGP front-end for MS-Windows 3. x systems. Rather than hook PGP into a mailer, it hooks mailers into PGP. Private Idaho provides a graphical interface to PGP and also knows about the email format used by a variety of Windows mailers. The user interacts with Private Idaho, which then communicates with the underlying mailer. Although this is an elegant solution to the problems of integrating many and varied MUAs, it does mean that the user has to learn yet another interface. Private Idaho's principle strength is that it makes the use of anonymous remailers very simple (a characteristic shared with the Emacs package mentioned above) but this is not particularly useful for most users of email.
On Microsoft Windows platforms, it would be possible to integrate PGP into mailers relatively easily if a DLL (Dynamic Link Library) of cryptographic functions were available. At the time of writing, a PGP DLL is in beta test but has not yet been released. Note, however, a DLL is of use only to those mailer authors who choose to use it. It is likely that some commercial mailers will not use this technique.
Unix machines running sendmail as the message transfer agent have an entirely different option available. The PGPsendmail package, written by Richard Gooch, is a wrapper for the true sendmail. When the wrapper is running, it intercepts all email to sendmail and ensures that it is encrypted before passing it on to sendmail for transfer. PGPsendmail first detects whether the user is using PGP by checking for the presence of an environment variable. If it is found, a per-user configuration file is read. The file specifies actions such as what to do if a required key is missing. If PGP is not in use, mail is passed on unchanged. The package also includes PGPdaemon (run by each user) which can automatically sign or decrypt PGP messages. This daemon, of course, must be given the user's passphrase so that it can access the private key required. On a multi-access computer this may be unacceptable. One of us (Leyland) has had over a year's experience with PGPsendmail and PGPdaemon. By and large, it is effective and almost invisible --- so much so that there is a temptation to encrypt mail before sending it and not realise that PGPsendmail will encrypt it a second time before transmission. PGPdaemon is more problematical. When it works, it is again effective and almost invisible. Unfortunately, the stored passphrase is lost when the machine reboots and it has to be re-entered by hand.