From: Samir Benmendil Date: Fri, 26 Oct 2018 16:06:13 +0000 (+0100) Subject: mutt: track gpg.rc in dotfiles X-Git-Url: https://git.rmz.io/dotfiles.git/commitdiff_plain/dd809bdc6d9d3c73c6d4e3951f9eb920d6f3f858?ds=inline mutt: track gpg.rc in dotfiles probably to avoid different locations of file on different platforms. --- diff --git a/mutt/gpg b/mutt/gpg new file mode 100644 index 0000000..838fb37 --- /dev/null +++ b/mutt/gpg @@ -0,0 +1,130 @@ +# -*-muttrc-*- +# +# Command formats for gpg. +# +# Version notes: +# +# GPG 2.1 introduces the option "--pinentry-mode", which requires +# the "loopback" argument in instances where "--passphrase-fd" is +# used. +# +# Some of the older commented-out versions of the commands use gpg-2comp from: +# http://70t.de/download/gpg-2comp.tar.gz +# +# %p The empty string when no passphrase is needed, +# the string "PGPPASSFD=0" if one is needed. +# +# This is mostly used in conditional % sequences. +# +# %f Most PGP commands operate on a single file or a file +# containing a message. %f expands to this file's name. +# +# %s When verifying signatures, there is another temporary file +# containing the detached signature. %s expands to this +# file's name. +# +# %a In "signing" contexts, this expands to the value of the +# configuration variable $pgp_sign_as, if set, otherwise +# $pgp_default_key. You probably need to +# use this within a conditional % sequence. +# +# %r In many contexts, neomutt passes key IDs to pgp. %r expands to +# a list of key IDs. + +# Section A: Key Management + +# The default key for encryption (used by $pgp_self_encrypt and +# $postpone_encrypt). +# +# It will also be used for signing unless $pgp_sign_as is set to a +# key. +# +# Unless your key does not have encryption capability, uncomment this +# line and replace the keyid with your own. +# +# set pgp_default_key="0x12345678" + +# If you have a separate signing key, or your key _only_ has signing +# capability, uncomment this line and replace the keyid with your +# signing keyid. +# +# set pgp_sign_as="0x87654321" + + +# Section B: Commands + +# Note that we explicitly set the comment armor header since GnuPG, when used +# in some localiaztion environments, generates 8bit data in that header, thereby +# breaking PGP/MIME. + +# decode application/pgp +# +set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f" + +# Verify a signature +# +set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" + +# Decrypt an attachment +# +set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f" + +# Create a PGP/MIME signed attachment +# +# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" +# +set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f" + +# Create a application/pgp inline signed message. This style is obsolete but still needed for Hushmail recipients and some MUAs. +# +# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" +# +set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f" + +# Create an encrypted attachment (note that some users include the --always-trust option here) +# +# set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" +# +set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f" + +# Create an encrypted and signed attachment (note that some users include the --always-trust option here) +# +# set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" +# +set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f" + +# Import a key into the public key ring +# +set pgp_import_command="gpg --no-verbose --import %f" + +# Export a key from the public key ring +# +set pgp_export_command="gpg --no-verbose --armor --export %r" + +# Verify a key +# +set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" + +# Read in the public key ring +# +set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r" + +# Read in the secret key ring +# +set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r" + +# Fetch keys +# set pgp_getkeys_command="pkspxycwrap %r" + +# pattern for good signature - may need to be adapted to locale! +# OK, here's a version which uses gnupg's message catalog: +# set pgp_good_sign="^gpgv?: Good signature from" +# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" +# +# Output pattern to indicate a valid signature using --status-fd messages +set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" + +# Output pattern to verify a decryption occurred +# This is now deprecated by pgp_check_gpg_decrypt_status_fd: +# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY" +set pgp_check_gpg_decrypt_status_fd diff --git a/mutt/muttrc b/mutt/muttrc index 2eb41e6..813ceb9 100644 --- a/mutt/muttrc +++ b/mutt/muttrc @@ -91,7 +91,7 @@ set crypt_verify_sig = yes # verify signatures set pgp_long_ids = yes # use 64 bit key IDs set pgp_mime_auto = no # don't fallback to inline mime set pgp_use_gpg_agent = yes # don't ask for passwords -source /usr/share/doc/neomutt/samples/gpg.rc +source gpg group -group nosign -rx .*@bitbucket.org group -group nosign -rx jira@.*atlassian.net