diff options
| author | Matthew Lemon <y@yulqen.org> | 2023-10-01 08:58:16 +0100 |
|---|---|---|
| committer | Matthew Lemon <y@yulqen.org> | 2023-10-01 08:58:16 +0100 |
| commit | 7cfb0fe76f83784a0f617fceb0cb5fa27c152b6a (patch) | |
| tree | 7552d5782dad93dfcf63464bbdb3c820044d69d7 | |
| parent | 09fc9c22f1b16ded2b6f6414d1cc83bf2dd44218 (diff) | |
Adds GPG config to neomutt
| -rw-r--r-- | mutt/gpg.rc | 106 |
1 files changed, 84 insertions, 22 deletions
diff --git a/mutt/gpg.rc b/mutt/gpg.rc index 39c351b..404f8b6 100644 --- a/mutt/gpg.rc +++ b/mutt/gpg.rc @@ -1,31 +1,93 @@ -# Use GPGME -# from https://seniormars.github.io/posts/neomutt/ -# Use my key for signing and encrypting -set pgp_default_key = 19014642A9FCD633B886B8F59C9841C3EF4E0B8E +# -*-muttrc-*- +# +# Command formats for gpg. +# +# This version uses gpg-2comp from +# http://70t.de/download/gpg-2comp.tar.gz +# +# %p The empty string when no passphrase is needed, +# the string "PGPPASSFD=0" if one is needed. +# +# This is mostly used in conditional % sequences. +# +# %f Most PGP commands operate on a single file or a file +# containing a message. %f expands to this file's name. +# +# %s When verifying signatures, there is another temporary file +# containing the detached signature. %s expands to this +# file's name. +# +# %a In "signing" contexts, this expands to the value of the +# configuration variable $pgp_sign_as. You probably need to +# use this within a conditional % sequence. +# +# %r In many contexts, neomutt passes key IDs to pgp. %r expands to +# a list of key IDs. -# Use GPGME +# Note that we explicitly set the comment armor header since GnuPG, when used +# in some localiaztion environments, generates 8bit data in that header, thereby +# breaking PGP/MIME. + +# Enable GPGME for encyption set crypt_use_gpgme = yes - -# Automatically sign all out-going email set crypt_autosign = yes -# Sign replies to signed emails -set crypt_replysign = yes +# default key +set pgp_default_key = "19014642A9FCD633B886B8F59C9841C3EF4E0B8E" + +# decode application/pgp +set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" + +# verify a pgp/mime signature +set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" + +# decrypt a pgp/mime attachment +set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" + +# create a pgp/mime signed attachment +# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" +set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" + +# create a application/pgp signed (old-style) message +# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" +set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" + +# create a pgp/mime encrypted attachment +# set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" +set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" + +# create a pgp/mime encrypted and signed attachment +# set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" +set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" + +# import a key into the public key ring +set pgp_import_command="gpg --no-verbose --import %f" + +# export a key from the public key ring +set pgp_export_command="gpg --no-verbose --export --armor %r" + +# verify a key +set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" + +# read in the public key ring +set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r" + +# read in the secret key ring +set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r" + +# fetch keys +# set pgp_getkeys_command="pkspxycwrap %r" + +# pattern for good signature - may need to be adapted to locale! -# Encrypt replies to encrypted emails -set crypt_replyencrypt = yes +# set pgp_good_sign="^gpgv?: Good signature from " -# Encrypt and sign replies to encrypted and signed email -set crypt_replysignencrypted = yes +# OK, here's a version which uses gnupg's message catalog: +# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" -# Attempt to verify signatures automatically -set crypt_verify_sig = yes +# This version uses --status-fd messages +set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" -# Attempt to encrypt automatically, if possible -# I would recommend setting this to no -# And this will cause your emails to be marked as spam -# as they can't decrypt your emails LMAO -set crypt_opportunistic_encrypt = no +# pattern to verify a decryption occurred +set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY" -# So you can view encrypted emails automatically -auto_view application/pgp-encrypted |