From 6a9c4d5b72ab494848488cc26abc8b2b05cab71f Mon Sep 17 00:00:00 2001
From: Luke Smith <luke@lukesmith.xyz>
Date: Thu, 25 Apr 2019 11:32:48 -0400
Subject: [PATCH] pam-gnupg notes

---
 README.md |  1 +
 mw.1      | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/README.md b/README.md
index cc18ca8..293b2c1 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ The mutt-wizard is run with the command `mw`. It also installs the `mailsync` co
 - `notmuch` - index and search mail. Install it and run `notmuch setup`, tell it that your mail is in `~/.local/share/mail/`. You can run it in mutt with `ctrl-f`. Run `notmuch new` to process new mail, although the included `mailsync` script does this for you.
 - `abook` - a terminal-based address book. Pressing tab while typing an address to send mail to will suggest contacts that are in your abook.
 - A cron manager - if you want to enable the auto-sync feature.
+- `pam-gnupg` - this is a more general program that I use. It automatically logs you into your GPG key on login so you will never need to input your password once logged on to your system. Check the repo and directions out [here](https://github.com/cruegge/pam-gnupg).
 
 ## Neomutt user interface
 
diff --git a/mw.1 b/mw.1
index fc925c3..ef69bf8 100644
--- a/mw.1
+++ b/mw.1
@@ -86,6 +86,25 @@ Google will require you to allow "less-secure" (third party) applications or use
 Protonmail users must use the Protonmail Bridge <https://protonmail.com/bridge/> to access their IMAP and SMTP servers. This too should be configured before running mutt-wizard.
 .B Enterprise and university accounts
 Many universities and businesses might host their domain's email via Google or another service. This often requires a special IMAP/SMTP-specific password that you must generate and use. Again, mutt-wizard can handle these systems, but only once they've been set up.
+.TP
+.B Password decryption
+mutt-wizard uses
+.I pass
+and therefore
+.I gpg
+to decrypt your passwords. Provided your GPG key has a password, this might mean that you will be prompted for your GPG password the first time you sync or send mail in a session. Once your password is cached, it might also expire later as well.
+
+Because of this I strongly recommend the program
+.I pam-gnupg
+<https://github.com/cruegge/pam-gnupg> which automatically unlocks your GPG password on login and keeps it active, thus giving you, with mutt-wizard, secure access to all your email accounts on your system without ever having to input a password.
+
+If you don't want to use this program, you can also increase the cache time of an inputted GPG password with the
+.I default-cache-ttl
+and
+.I max-cache-ttl
+variables in your
+.I
+gpg-agent.conf.
 .SH MUTT-WIZARD'S NEOMUTT CONFIGURATION
 Here is a list of not only mutt-wizard's particular defaults, but what you need to get the most out of email accounts configured with mutt-wizard.
 .TP