mutt/gpg

   1 # -*-muttrc-*-
   2 #
   3 # Command formats for gpg.
   4 #
   5 # Version notes:
   6 #
   7 #   GPG 2.1 introduces the option "--pinentry-mode", which requires
   8 #   the "loopback" argument in instances where "--passphrase-fd" is
   9 #   used.
  10 #
  11 # Some of the older commented-out versions of the commands use gpg-2comp from:
  12 #   http://70t.de/download/gpg-2comp.tar.gz
  13 #
  14 # %p    The empty string when no passphrase is needed,
  15 #       the string "PGPPASSFD=0" if one is needed.
  16 #
  17 #       This is mostly used in conditional % sequences.
  18 #
  19 # %f    Most PGP commands operate on a single file or a file
  20 #       containing a message.  %f expands to this file's name.
  21 #
  22 # %s    When verifying signatures, there is another temporary file
  23 #       containing the detached signature.  %s expands to this
  24 #       file's name.
  25 #
  26 # %a    In "signing" contexts, this expands to the value of the
  27 #       configuration variable $pgp_sign_as, if set, otherwise
  28 #       $pgp_default_key.  You probably need to
  29 #       use this within a conditional % sequence.
  30 #
  31 # %r    In many contexts, neomutt passes key IDs to pgp.  %r expands to
  32 #       a list of key IDs.
  33
  34 # Section A: Key Management
  35
  36 # The default key for encryption (used by $pgp_self_encrypt and
  37 # $postpone_encrypt).
  38 #
  39 # It will also be used for signing unless $pgp_sign_as is set to a
  40 # key.
  41 #
  42 # Unless your key does not have encryption capability, uncomment this
  43 # line and replace the keyid with your own.
  44 #
  45 # set pgp_default_key="0x12345678"
  46
  47 # If you have a separate signing key, or your key _only_ has signing
  48 # capability, uncomment this line and replace the keyid with your
  49 # signing keyid.
  50 #
  51 # set pgp_sign_as="0x87654321"
  52
  53
  54 # Section B: Commands
  55
  56 # Note that we explicitly set the comment armor header since GnuPG, when used
  57 # in some localiaztion environments, generates 8bit data in that header, thereby
  58 # breaking PGP/MIME.
  59
  60 # decode application/pgp
  61 #
  62 set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
  63
  64 # Verify a signature
  65 #
  66 set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
  67
  68 # Decrypt an attachment
  69 #
  70 set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
  71
  72 # Create a PGP/MIME signed attachment
  73 #
  74 # set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
  75 #
  76 set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
  77
  78 # Create a application/pgp inline signed message.  This style is obsolete but still needed for Hushmail recipients and some MUAs.
  79 #
  80 # set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
  81 #
  82 set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
  83
  84 # Create an encrypted attachment (note that some users include the --always-trust option here)
  85 #
  86 # set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
  87 #
  88 set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
  89
  90 # Create an encrypted and signed attachment (note that some users include the --always-trust option here)
  91 #
  92 # set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
  93 #
  94 set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
  95
  96 # Import a key into the public key ring
  97 #
  98 set pgp_import_command="gpg --no-verbose --import %f"
  99
 100 # Export a key from the public key ring
 101 #
 102 set pgp_export_command="gpg --no-verbose --armor --export %r"
 103
 104 # Verify a key
 105 #
 106 set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
 107
 108 # Read in the public key ring
 109 #
 110 set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
 111
 112 # Read in the secret key ring
 113 #
 114 set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
 115
 116 # Fetch keys
 117 # set pgp_getkeys_command="pkspxycwrap %r"
 118
 119 # pattern for good signature - may need to be adapted to locale!
 120 # OK, here's a version which uses gnupg's message catalog:
 121 # set pgp_good_sign="^gpgv?: Good signature from"
 122 # set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
 123 #
 124 # Output pattern to indicate a valid signature using --status-fd messages
 125 set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
 126
 127 # Output pattern to verify a decryption occurred
 128 # This is now deprecated by pgp_check_gpg_decrypt_status_fd:
 129 # set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
 130 set pgp_check_gpg_decrypt_status_fd