Monkeysign comes in two different interfaces: a commandline interface named monkeysign and a graphical interface named monkeyscan.

Monkeysign creates a temporary keyring to sign keys, and then encrypts and sends the signature by email to the owner of the key. This makes possible to verify that the holder of the private key (used to decrypt the signature) has also access to the mailbox mentioned in the key.


Make sure you have your email credentials in hand and read the Sending signed key material section before starting, as Monkeysign may not know, by default, how to send email.


If you have problems using Monkeysign, please do report issues and bugs about it, it’s a great way of contributing! We also welcome documentation, translation and patches, see Contribute for more information.


The commandline interface should provide you with a complete help file when called with --help:

monkeysign --help

For example, to sign the Monkeysign test key:

monkeysign 3F94 240C 918E 6359 0B04  152E 86E4 E70A 96F4 7C6A

This will fetch the key from your keyring (or a keyserver) and sign it in a temporary keyring, then encrypt the signature and send it in an email to the owner of the key. Emails can be sent in different ways, documented in Sending signed key material.

If the wrong secret key is chosen to sign the key, you can override it with the --user option.


It is important to use Monkeysign with the fingerprint, and not with the key id, specially when using it through the Tor network, as a key id can be duplicated easily, unlike fingerprints.


The graphical interface (GUI) should be self-explanatory, it should be in your regular application menus, or you can call start it form the commandline with:


The GUI will show you a bar code representing the fingerprint of what Monkeysign thinks is your primary key. You can change that in the Identity menu, or by customizing the default-key parameter in your gpg.conf file.

On the left side, you should see the output of your camera. You can change cameras (if you have more than one) in the Video device menu, where you can also turn off the camera altogether.

To exchange fingerprints, you should point the camera at another user’s bar code. Monkeysign will detect that user’s key fingerprint, fetch the key over the network from keyservers, then ask you for confirmation before signing and sending the email, just like the command line interface. See Sending signed key material for more information about how email is sent in Monkeysign in general.

There is a very crude preferences window available in the Edit menu. There is work underway to improve it (see 0xACAB issue #41), but it should allow you to create a configuration file with your personal settings. See Configuration files for more information about this as well.

Sending signed key material

Monkeysign will attempt to send the signed key by email, unless the --no-mail argument is specified. In this case, the encrypted key material is shown on the terminal and can then be copy-pasted in the medium of your choice. This is useful, for example, if you use a web email client like Roundcube, Google Mail or similar.

Monkeysign supports many ways of sending emails:

Also note that the --tor option affects how email will be sent, but only when using the SMTP method, as Monkeysign has no way to handle how your MUA or MTA will talk to the network.

Using the system email software (MTA)

Monkeysign, by default, assumes you have a local MTA installed as sendmail. If it is not, you can specify the path to a sendmail compatible program with the --mta option. Such a program should accept the complete message on standard input, and the recipient is passed on the commandline in place of the %(to)s argument.

Note that it is uncommon for workstations and laptops to have a working MTA installed: this is more commonly done on servers, and unless you know what you are doing, you are more likely to want to talk to your existing email client, your MUA.

Using your normal email client (MUA)

Therefore, to properly send email on your workstation, you may need to tell Monkeysign how to use your regular email client, your MUA. For this, you can use the --mua option.

By default, Monkeysign will try to figure out your default email client when you use the --mua flag is used without argument. This will in turn call the xdg-email command which automatically uses your configured email client correctly:

monkeysign --mua [...]

Your default mail client can be modified in your desktop environment control panel, or with the xdg-mime command, for example this will set Thunderbird as your default email client:

xdg-mime default thunderbird.desktop x-scheme-handler/mailto

You can also specify your own email client on the fly. Here are few examples of known working configurations.

  • Thunderbird:

    monkeysign --mua "thunderbird -compose to=%(to)s,subject=%(subject)s,body=%(body)s,attachment=%(attach)s" [...]


    Thunerbird fails to respect the attachment parameter in versions before 52.1.1, see Debian BTS #837771 for more details.

  • Mutt:

    monkeysign --mua "mutt -a %(attach)s -s %(subject)s -i %(body)s %(to)s" [...]

Finally, note that you need to confirm when you are finished writing the actual email. This is because we cannot tell when the email is sent, because a lot of software (especially Thunderbird) return before the email is sent, see Debian BTS #677430 for more information about this issue.


Essentially, the difference between --mta and --mua is that the complete message is piped through the MTA command whereas it is passed as an argument on the commandline for MUA commands. Also, the --mta command expands only the %(to)s parameter, whereas the --mua command expands %(attach)s, %(subject)s, %(body)s and %(to)s.

Note that when a --mua is used, only the key material is encrypted: the body of the email is sent in the clear. This is because Monkeysign cannot control how the attachment layout in the MUA in a standard way.

Furthermore, it may be more difficult for the end-user to import the key when it was sent with a MUA, as the recipient’s own MUA may not know how to both decrypt and import the key at the same time. The MTA method doesn’t have this problem because of MIME encapsulation. See also 0xACAB issue #7 for a broader technical discussion about the --mua implementation.

Using SMTP

Note that you can also send email using your provider’s SMTP server directly, turning Monkeysign into a MUA itself. For example:

monkeysign --smtpuser=john [fingerprint of OpenPGP key to sign]

In the above, Monkeysign will attempt to connect to the SMTP server over the submission port (587), attempt to upgrade the connection securely (using STARTTLS) and use the john username. Password will be prompted securely.


To use a raw TLS connection, you can also use the --tls flag.


You can also try to deliver email over Tor network with the --tor option. Be be aware that a lot of email providers block Tor exit nodes for spam control. You may need to use your provider’s hidden service to workaround those issues. Ask your email provider for Tor support if you have problems with the SMTP method.

Configuration files

Monkeysign will read /etc/monkeysign.conf and ~/.config/monkeysign.conf (in that order) for configuration options. Each option can be specified on its own line. Lines starting with the pound sign (#) are ignored as comments. A configuration file can be generated with the --save option, or through the preferences window in the GUI. Here is a sample configuration file:

# use my SMTP server to send email
# this is my username, password is securely prompted interactively
# be more verbose

As you can see, flags like --verbose are simply specified on their own, while options with arguments need to be seperated with an equal (=) sign.