Topal: GPG/GnuPG and Alpine/Pine integration
Copyright (C) 2001--2015 Phillip J. Brooke
Topal is a `glue' program that links
Pine/Alpine. It offers
facilities to encrypt, decrypt, sign and verify emails.
- Multiple inline PGP blocks can be processed in display filters.
- Decryption and verification output can be cached to reduce the
number of times a passphrase is entered. This also helps when
secret keys aren't always available, at the expense of storing
- MIME/OpenPGP (RFC2015/RFC3156) multipart messages can be sent
and received. Depending on configuration, this might involve
procmail, using sendmail-path or patching Alpine.
- The deprecated application/pgp content-type can be sent and received.
- S/MIME messages can be sent and received if gpgsm is
available. (openssl is also used in some circumstances, but
gpgsm is still required.)
- Topal can be used as Alpine's sendmail-path command.
- Topal has a remote sending mode (a server and a means of
accessing the server) for reading email on a distant computer via
SSH with secret keys on the local computer.
- A range of mechanisms for selecting keys for both self and recipients.
- There is a high level of configurability (although the
configuration interface does not expose all of it; you might have to
See the included documentation
for all the stuff like licensing, recent changes and instructions.
The current release of Topal is 76. Send email to
if you would like to be notified of new Topal releases by email.
Files for download
Most recent changes
- 29/4/2011; release 73
Fix crash when sending attachments with spaces in filenames.
Add new switch, wait-if-missing-keys, which requires the user
to acknowledge if keys are missing when defaulting to encryption.
Slightly reorganise configuration menu to keep it within 24 lines.
Update documentation re: crashes related to the second patch and
Topal makes greater efforts to check that external commands exist
before running them.
Exception messages are repeated via Ada's exception handling (if Topal
Added decrypt-prereq option. See this note.
Experimental S/MIME sending support added.
More use of GnuPG's --status-fd option so that we can determine exit
Replaced ancient expanding_array package
Adding sendmail-path filter mode. This is needed for the S/MIME
encrypted and S/MIME sign+encrypted modes. (Otherwise only Topal can
read them; neither Outlook nor Thunderbird will cope with an S/MIME
part inside multipart/mixed.) This mode also
for gpgsm: pinentry-curses doesn't like this environment.
In the sendmail-path filter mode, we no longer need the content-type
guessing. We can simply re-use the content-type from the original
Added replace-ids option which can replace Message-ID (and also
Content-ID) in sendmail-path filter mode.
The sendmail-path mode can also add a token to help spot our cc'd
emails. Use something like st=user@domain,token to set a
password. This is hashed with some headers for each email and added
to an X-Topal-Send-Token header. Topal then has a -cst
token mode which adds a X-Topal-Check-Send-Token
header with either yes or no for that header.
Investigation suggests that group addresses are handled other than I
expect. E.g., Group name:; in the to: field and the actual
list of addresses in lcc field will result in the addresses appearing
in the bcc field in sendmail-path filter mode.
Rewrite main documentation in LaTeX: the main manual is
now topal.pdf. The
change log is still in HTML.
Start adding interoperability notes to manual.
Diagnosing issue with clearsigned (both OpenPGP and S/MIME) emails
that have passed through an MS Exchange server being corrupted.
Added opaque signing option for S/MIME.
Added attachment-trap boolean option. In -asend
mode, this causes Topal to complain if the message body contains the
string “attach” but doesn't have any attachments.
- 23/6/2011; release 74
Oops, wrong year in release 73 date….
Topal needs GNAT's -gnat05 switch.
- Noted the need for GNU's sed (particularly
important if you're using
Mac OS X).
- Noted that gpg-agent needs HUPing
if trustlist.txt is updated.
Added include-send-token switch, where 1 never includes them,
2 asks and 3 always includes them.
Warnings about configuration errors now go to stderr, rather than
messing up other processing output.
Heuristic for attachment trap is improved. This now copes with the
case where the email comprises a single multipart/mixed MIME part.
Some comparisons for content-types are case-insensitive now.
- 26/2/2012; release 75
Most changes this time are to cope with non-cryptographic meddling for
my work environment.
Fix Clean_Email_Address to cope with mailboxes with double quotes and
Added fix-fcc option that modifies a X-Topal-Fcc header. It
is encrypted using the send-token for that sender to X-Topal-Fcce.
The --check-send-token filter will also reverse this.
Added fix-bcc option that adds a X-Topal-Bcce header. It's
handled similarly to X-Topal-Fcce, but records the Bcc contents.
The --check-send-token filter will also reverse this.
Fix token hashing so that it copes with different outputs
from openssl sha1.
- 22/2/2015; release 76
- Add -raw command, that can be used by piping a raw
message (with free output) from Alpine. Also usable on an mbox from
- Multiple documentation updates, including deprecation of the two
patches to Alpine, contact email address and copyright dates.
Last generated: Sun Feb 22 16:17:43 GMT 2015