aboutsummaryrefslogtreecommitdiffstats
path: root/_mutt/gpg.rc
blob: e9187687273e1e71e12cb1c6e1a3fd7c37c0d3ea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
##
## Mutt GPG configuration
## -*-muttrc-*-
##
## Weitian LI
## 2015/02/02
##
## Reference:
## [1] A Quick Guide to Mutt #GPG
##     http://srobb.net/mutt.html#GPG
## [2] Encrypting Mutt
##     http://jasonwryan.com/blog/2013/07/20/gnupg/
##

# %p    The empty string when no passphrase is needed,
#       the string "PGPPASSFD=0" if one is needed.
#
# %f    Most PGP commands operate on a single file or a file
#       containing a message.  %f expands to this file's name.
#
# %s    When verifying signatures, there is another temporary file
#       containing the detached signature.  %s expands to this
#       file's name.
#
# %a    In "signing" contexts, this expands to the value of the
#       configuration variable $pgp_sign_as.  You probably need to
#       use this within a conditional % sequence.
#
# %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
#       a list of key IDs.

# Note that we explicitly set the comment armor header since GnuPG,
# when used in some localiaztion environments, generates 8bit data
# in that header, thereby breaking PGP/MIME.

# Decode application/pgp
set pgp_decode_command="gpg2 --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"

# Verify a pgp/mime signature
set pgp_verify_command="gpg2 --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"

# Decrypt a pgp/mime attachment
set pgp_decrypt_command="gpg2 --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"

# Create a pgp/mime signed attachment
set pgp_sign_command="gpg2 --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"

# Create a application/pgp signed (old-style) message
set pgp_clearsign_command="gpg2 --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"

# Create a pgp/mime encrypted attachment
set pgp_encrypt_only_command="pgpewrap gpg2 --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"

# Create a pgp/mime encrypted and signed attachment
set pgp_encrypt_sign_command="pgpewrap gpg2 %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"

# Import a key into the public key ring
set pgp_import_command="gpg2 --no-verbose --import %f"

# Export a key from the public key ring
set pgp_export_command="gpg2 --no-verbose --export --armor %r"

# Verify a key
set pgp_verify_key_command="gpg2 --verbose --batch --fingerprint --check-sigs %r"

# Read in the public key ring
set pgp_list_pubring_command="gpg2 --no-verbose --batch --quiet --with-colons --list-keys %r"

# Read in the secret key ring
set pgp_list_secring_command="gpg2 --no-verbose --batch --quiet --with-colons --list-secret-keys %r"

# Fetch keys
# set pgp_getkeys_command="pkspxycwrap %r"

# Use gpg-agent
set pgp_use_gpg_agent

# This set the number of seconds to keep in memory the passpharse
# used to encrypt/sign the more the less secure it will be
set pgp_timeout=1800

# Pattern for good signature - may need to be adapted to locale!
#
# It's a regexp used against the GPG output: if it matches some line of the output
# then mutt considers the message a good signed one (ignoring the GPG exit code)
set pgp_good_sign="^gpg: Good signature from"
# set pgp_good_sign="^gpgv?: Good signature from "
# OK, here's a version which uses gnupg's message catalog:
# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
# This version uses --status-fd messages
# set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"

# Automatically sign all outcoming messages
set crypt_autosign
# Sign only replies to signed messages
#set crypt_replysign

# Automatically encrypt outcoming messages
#set crypt_autoencrypt
# Encrypt only replies to signed messages
set crypt_replyencrypt
# encrypt and sign replies to encrypted messages
#set crypt_replysignencrypted

# Automatically verify the sign of a message when opened
set crypt_verify_sig

# vim: set ts=8 sw=4 tw=0 fenc=utf-8 ft=muttrc: #