diff options
author | David Runge <dave@sleepmap.de> | 2015-10-20 23:25:17 +0200 |
---|---|---|
committer | David Runge <dave@sleepmap.de> | 2015-10-20 23:25:17 +0200 |
commit | 03ebc69eab7d645060911e8b0d8354fe94c2242c (patch) | |
tree | 736e208d068c158e32d4ac0733b2e59dddd32fc1 | |
parent | 9e290b2d3c2f611d7aa9999d02b2003515c0e7b8 (diff) | |
download | dotfiles-03ebc69eab7d645060911e8b0d8354fe94c2242c.tar.gz dotfiles-03ebc69eab7d645060911e8b0d8354fe94c2242c.tar.bz2 dotfiles-03ebc69eab7d645060911e8b0d8354fe94c2242c.tar.xz dotfiles-03ebc69eab7d645060911e8b0d8354fe94c2242c.zip |
.mutt/gpg.rc: Updating pgp settings to be compliant with gnupg > 2.1.
-rw-r--r-- | .mutt/gpg.rc | 108 |
1 files changed, 24 insertions, 84 deletions
diff --git a/.mutt/gpg.rc b/.mutt/gpg.rc index 42e0929..2ee9ae8 100644 --- a/.mutt/gpg.rc +++ b/.mutt/gpg.rc @@ -1,87 +1,27 @@ -# -*-muttrc-*- -# -# Command formats for gpg. -# -# This version uses gpg-2comp from -# http://70t.de/download/gpg-2comp.tar.gz -# -# $Id$ -# -# %p The empty string when no passphrase is needed, -# the string "PGPPASSFD=0" if one is needed. -# -# This is mostly used in conditional % sequences. -# -# %f Most PGP commands operate on a single file or a file -# containing a message. %f expands to this file's name. -# -# %s When verifying signatures, there is another temporary file -# containing the detached signature. %s expands to this -# file's name. -# -# %a In "signing" contexts, this expands to the value of the -# configuration variable $pgp_sign_as. You probably need to -# use this within a conditional % sequence. -# -# %r In many contexts, mutt passes key IDs to pgp. %r expands to -# a list of key IDs. - -# Note that we explicitly set the comment armor header since GnuPG, when used -# in some localiaztion environments, generates 8bit data in that header, thereby -# breaking PGP/MIME. - -# decode application/pgp -set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" - -# verify a pgp/mime signature -set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" - -# decrypt a pgp/mime attachment -set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" - -# create a pgp/mime signed attachment -# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" -set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" - -# create a application/pgp signed (old-style) message -# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" -set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" - -# create a pgp/mime encrypted attachment -# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" -set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" - -# create a pgp/mime encrypted and signed attachment -# set pgp_encrypt_sign_command="pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" -set pgp_encrypt_sign_command="pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" - -# import a key into the public key ring -set pgp_import_command="gpg --no-verbose --import %f" - -# export a key from the public key ring -set pgp_export_command="gpg --no-verbose --export --armor %r" - -# verify a key -set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" - -# read in the public key ring -set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r" - -# read in the secret key ring -set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r" - -# fetch keys -# set pgp_getkeys_command="pkspxycwrap %r" - -# pattern for good signature - may need to be adapted to locale! - -# set pgp_good_sign="^gpgv?: Good signature from " - -# OK, here's a version which uses gnupg's message catalog: -# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" - -# This version uses --status-fd messages -set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" +set pgp_decode_command="gpg %?p? --pinentry-mode loopback --passphrase-fd 0? --no-verbose --output - %f" +set pgp_verify_command="gpg --pinentry-mode loopback --no-verbose --output - --verify %s %f" +set pgp_decrypt_command="gpg --pinentry-mode loopback --no-verbose --output - %f" +set pgp_sign_command="gpg --pinentry-mode loopback --no-verbose --output - --armor --detach-sign --textmode %?a?-u %a? %f" +set pgp_clearsign_command="gpg --pinentry-mode loopback --no-verbose --output - --armor --textmode --clearsign %?a?-u %a? %f" +set pgp_encrypt_only_command="pgpewrap gpg --pinentry-mode loopback --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xF5A1A949 -- -r %r -- %f" +set pgp_encrypt_sign_command="pgpewrap gpg --pinentry-mode loopback --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xF5A1A949 -- -r %r -- %f" +set pgp_import_command="gpg --pinentry-mode loopback --no-verbose --import -v %f" +set pgp_export_command="gpg --pinentry-mode loopback --no-verbose --export --armor %r" +set pgp_verify_key_command="gpg --pinentry-mode loopback --no-verbose --fingerprint --check-sigs %r" +set pgp_list_pubring_command="gpg --pinentry-mode loopback --no-verbose --with-colons --with-fingerprint --list-keys %r" +set pgp_list_secring_command="gpg --pinentry-mode loopback --no-verbose --with-colons --with-fingerprint --list-secret-keys %r" + + +set pgp_good_sign="^gpg: Good signature from " +set pgp_use_gpg_agent = yes +set pgp_sign_as = 0xF5A1A949 +set pgp_timeout = 60 +set crypt_autosign = yes +set crypt_replyencrypt = yes +set crypt_replysignencrypted = yes # add message-hook for non standard-compliant (old) gnupg style messages message-hook '!(~g|~G) ~b"^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"' "exec check-traditional-pgp" + +send-hook . 'reset crypt_autoencrypt' +source "~/.mutt/gpg-auto.rc" |