You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

130 lines
5.1 KiB

  1. # -*-muttrc-*-
  2. #
  3. # Command formats for gpg.
  4. #
  5. # Version notes:
  6. #
  7. # GPG 2.1 introduces the option "--pinentry-mode", which requires
  8. # the "loopback" argument in instances where "--passphrase-fd" is
  9. # used.
  10. #
  11. # Some of the older commented-out versions of the commands use gpg-2comp from:
  12. # http://70t.de/download/gpg-2comp.tar.gz
  13. #
  14. # %p The empty string when no passphrase is needed,
  15. # the string "PGPPASSFD=0" if one is needed.
  16. #
  17. # This is mostly used in conditional % sequences.
  18. #
  19. # %f Most PGP commands operate on a single file or a file
  20. # containing a message. %f expands to this file's name.
  21. #
  22. # %s When verifying signatures, there is another temporary file
  23. # containing the detached signature. %s expands to this
  24. # file's name.
  25. #
  26. # %a In "signing" contexts, this expands to the value of the
  27. # configuration variable $pgp_sign_as, if set, otherwise
  28. # $pgp_default_key. You probably need to
  29. # use this within a conditional % sequence.
  30. #
  31. # %r In many contexts, neomutt passes key IDs to pgp. %r expands to
  32. # a list of key IDs.
  33. # Section A: Key Management
  34. # The default key for encryption (used by $pgp_self_encrypt and
  35. # $postpone_encrypt).
  36. #
  37. # It will also be used for signing unless $pgp_sign_as is set to a
  38. # key.
  39. #
  40. # Unless your key does not have encryption capability, uncomment this
  41. # line and replace the keyid with your own.
  42. #
  43. # set pgp_default_key="0x12345678"
  44. # If you have a separate signing key, or your key _only_ has signing
  45. # capability, uncomment this line and replace the keyid with your
  46. # signing keyid.
  47. #
  48. # set pgp_sign_as="0x87654321"
  49. # Section B: Commands
  50. # Note that we explicitly set the comment armor header since GnuPG, when used
  51. # in some localiaztion environments, generates 8bit data in that header, thereby
  52. # breaking PGP/MIME.
  53. # decode application/pgp
  54. #
  55. set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
  56. # Verify a signature
  57. #
  58. set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
  59. # Decrypt an attachment
  60. #
  61. set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
  62. # Create a PGP/MIME signed attachment
  63. #
  64. # set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
  65. #
  66. set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
  67. # Create a application/pgp inline signed message. This style is obsolete but still needed for Hushmail recipients and some MUAs.
  68. #
  69. # set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
  70. #
  71. set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
  72. # Create an encrypted attachment (note that some users include the --always-trust option here)
  73. #
  74. # set pgp_encrypt_only_command="/usr/local/libexec/neomutt/pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
  75. #
  76. set pgp_encrypt_only_command="/usr/local/libexec/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
  77. # Create an encrypted and signed attachment (note that some users include the --always-trust option here)
  78. #
  79. # set pgp_encrypt_sign_command="/usr/local/libexec/neomutt/pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
  80. #
  81. set pgp_encrypt_sign_command="/usr/local/libexec/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
  82. # Import a key into the public key ring
  83. #
  84. set pgp_import_command="gpg --no-verbose --import %f"
  85. # Export a key from the public key ring
  86. #
  87. set pgp_export_command="gpg --no-verbose --armor --export %r"
  88. # Verify a key
  89. #
  90. set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
  91. # Read in the public key ring
  92. #
  93. set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
  94. # Read in the secret key ring
  95. #
  96. set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
  97. # Fetch keys
  98. # set pgp_getkeys_command="pkspxycwrap %r"
  99. # pattern for good signature - may need to be adapted to locale!
  100. # OK, here's a version which uses gnupg's message catalog:
  101. # set pgp_good_sign="^gpgv?: Good signature from"
  102. # set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
  103. #
  104. # Output pattern to indicate a valid signature using --status-fd messages
  105. set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
  106. # Output pattern to verify a decryption occurred
  107. set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"