diff options
| author | Tom Ryder <tom@sanctum.geek.nz> | 2020-05-19 22:11:52 +1200 |
|---|---|---|
| committer | Tom Ryder <tom@sanctum.geek.nz> | 2020-05-19 22:13:52 +1200 |
| commit | 9f3407f48d642e32ca60b66802d3468bedbc88fc (patch) | |
| tree | abd607d6b25df4c1921e75fc0a094cabae5d6acb /mutt | |
| parent | Merge branch 'release/v9.3.0' into develop (diff) | |
| download | dotfiles-9f3407f48d642e32ca60b66802d3468bedbc88fc.tar.gz dotfiles-9f3407f48d642e32ca60b66802d3468bedbc88fc.zip | |
Update Mutt config; self and opportunistic encrypt
Install the GPG_KEYID export, built using whatever the value of the
GPG_KEYID macro is (renamed from KEY)
Diffstat (limited to 'mutt')
| -rw-r--r-- | mutt/muttrc | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/mutt/muttrc b/mutt/muttrc index 528127fe..bd244f8a 100644 --- a/mutt/muttrc +++ b/mutt/muttrc @@ -26,13 +26,51 @@ set beep_new # unset confirmappend -# Use the GPGME library for PGP. Sign replies to messages that are themselves -# signed or encrypted. +# Use the GPGME library for PGP; sign replies to messages that are themselves +# signed (whether encrypted or not), and encrypt when we have a key for every +# recipient (opportunistic). # set crypt_use_gpgme +set crypt_opportunistic_encrypt set crypt_replysign set crypt_replysignencrypted +# Use a default key for self-encrypting both sent and draft messages so that +# they're protected but legible. This defaults to the GPG_KEYID environment +# variable, so be careful to set that lest you send useless OpenPGP headers! +# My kingdom for muttrc(5) conditionals... +# +set pgp_default_key = $GPG_KEYID +set pgp_self_encrypt +set postpone_encrypt + +# Always include OpenPGP header with the selected default key, regardless of +# whether the message is protected or not: +# +# <https://datatracker.ietf.org/doc/draft-josefsson-openpgp-mailnews-header/> +# +# This RFC has expired and doesn't seem to have seen widespread adoption, but +# it seems that Thunderbird's Enigmail extension is still sending key IDs with +# it, and it doesn't do any harm. +# +my_hdr OpenPGP: id=$pgp_default_key\; \ +preference=signencrypt\; \ +url=https://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0x$pgp_default_key + +# Because I (personally) never want to encrypt mail without signing it, add in +# a hook for sending or changing a message that forces a signature if it's +# encrypted but not signed. This may not suit anyone else reading. +# +send-hook '~G !~g' 'push <pgp-menu>s' +send2-hook '~G !~g' 'push <pgp-menu>s' + +# Because of the order in which opportunistic encryption is applied, we queue +# up a no-op change by opening the PGP menu and then doing nothing (pressing +# Enter), to trigger send2-hooks to run and turn signatures on if opportunistic +# encryption happens to have decided to switch encryption on. +# +send-hook '!~G !~g' 'push <pgp-menu><enter>' + # Default to a subject format for forwarded messages that's more familiar to # most mail users, unless sending mail to a list where they're more likely to # appreciate the nicer default that uses square brackets and the author email |