120 lines
4.7 KiB
Text
120 lines
4.7 KiB
Text
# -*-muttrc-*-
|
|
#
|
|
# Command formats for gpg.
|
|
#
|
|
# Some of the older commented-out versions of the commands use gpg-2comp from:
|
|
# http://70t.de/download/gpg-2comp.tar.gz
|
|
#
|
|
# %p The empty string when no passphrase is needed,
|
|
# the string "PGPPASSFD=0" if one is needed.
|
|
#
|
|
# This is mostly used in conditional % sequences.
|
|
#
|
|
# %f Most PGP commands operate on a single file or a file
|
|
# containing a message. %f expands to this file's name.
|
|
#
|
|
# %s When verifying signatures, there is another temporary file
|
|
# containing the detached signature. %s expands to this
|
|
# file's name.
|
|
#
|
|
# %a In "signing" contexts, this expands to the value of the
|
|
# configuration variable $pgp_sign_as, if set, otherwise
|
|
# $pgp_default_key. You probably need to
|
|
# use this within a conditional % sequence.
|
|
#
|
|
# %r In many contexts, mutt passes key IDs to pgp. %r expands to
|
|
# a list of key IDs.
|
|
|
|
|
|
# Section A: Key Management
|
|
|
|
# The default key for encryption (used by $pgp_self_encrypt and
|
|
# $postpone_encrypt).
|
|
#
|
|
# It will also be used for signing unless $pgp_sign_as is set to a
|
|
# key.
|
|
#
|
|
# Unless your key does not have encryption capability, uncomment this
|
|
# line and replace the keyid with your own.
|
|
#
|
|
# set pgp_default_key="0x12345678"
|
|
|
|
# If you have a separate signing key, or your key _only_ has signing
|
|
# capability, uncomment this line and replace the keyid with your
|
|
# signing keyid.
|
|
#
|
|
# set pgp_sign_as="0x87654321"
|
|
|
|
|
|
# Section B: Commands
|
|
|
|
# Note that we explicitly set the comment armor header since GnuPG, when used
|
|
# in some localiaztion environments, generates 8bit data in that header, thereby
|
|
# breaking PGP/MIME.
|
|
|
|
# Note from the Debian mutt maintainers: starting from 1.7.0-2 GPGME is enabled
|
|
# by default. More info in NEWS.Debian.
|
|
# THe pgp_* commands are left here for people who disable gpgme in their
|
|
# ~/.muttrc
|
|
set crypt_use_gpgme=yes
|
|
|
|
# Note from the Debian mutt maintainers: the addition of
|
|
# "--pinentry-mode loopback" breaks gpgv1 compatiblity, if you need to use gpgv1
|
|
# remove that statement.
|
|
|
|
# decode application/pgp
|
|
set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? --no-verbose --quiet --batch --output - %f"
|
|
|
|
# verify a pgp/mime signature
|
|
set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
|
|
|
|
# decrypt a pgp/mime attachment
|
|
set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? --no-verbose --quiet --batch --output - %f"
|
|
|
|
# create a pgp/mime signed attachment
|
|
set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0 --pinentry-mode=loopback? --armor --detach-sign --textmode %?a?-u %a? %f"
|
|
|
|
# create a application/pgp signed (old-style) message
|
|
set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0 --pinentry-mode=loopback? --armor --textmode --clearsign %?a?-u %a? %f"
|
|
|
|
# create a pgp/mime encrypted attachment
|
|
set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
|
|
|
|
# create a pgp/mime encrypted and signed attachment
|
|
set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0 --pinentry-mode=loopback? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
|
|
|
|
# import a key into the public key ring
|
|
set pgp_import_command="gpg --no-verbose --import %f"
|
|
|
|
# export a key from the public key ring
|
|
set pgp_export_command="gpg --no-verbose --export --armor %r"
|
|
|
|
# verify a key
|
|
set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
|
|
|
|
# read in the public key ring
|
|
# note: the second --with-fingerprint adds fingerprints to subkeys
|
|
set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
|
|
|
|
# read in the secret key ring
|
|
# note: the second --with-fingerprint adds fingerprints to subkeys
|
|
set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
|
|
|
|
# fetch keys
|
|
# set pgp_getkeys_command="pkspxycwrap %r"
|
|
|
|
# pattern for good signature - may need to be adapted to locale!
|
|
|
|
# set pgp_good_sign="^gpgv?: Good signature from "
|
|
|
|
# OK, here's a version which uses gnupg's message catalog:
|
|
# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
|
|
|
|
# This version uses --status-fd messages
|
|
set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
|
|
|
|
# pattern to verify a decryption occurred
|
|
# This is now deprecated by pgp_check_gpg_decrypt_status_fd:
|
|
# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
|
|
set pgp_check_gpg_decrypt_status_fd
|
|
|