From cee81868febcc77a3117a68099139f50804b48db Mon Sep 17 00:00:00 2001
From: Vasil Zlatanov <v@skozl.com>
Date: Tue, 9 Jul 2019 11:57:02 +0100
Subject: Update mutty crypto config to work with neomutt

---
 Mail/mutt/crypto.rc | 104 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 58 insertions(+), 46 deletions(-)

diff --git a/Mail/mutt/crypto.rc b/Mail/mutt/crypto.rc
index c6a0769..62501ae 100644
--- a/Mail/mutt/crypto.rc
+++ b/Mail/mutt/crypto.rc
@@ -1,46 +1,58 @@
-set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
-set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
-set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
-set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
-set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
-set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
-set pgp_encrypt_sign_command="pgpewrap gpg %?p?--passphrase-fd 0? -v --batch --quiet --output - --encrypt --sign %?a?-u %a? --armor     --always-trust -- -r %r -- %f"
-set pgp_import_command="gpg --no-verbose --import -v %f"
-set pgp_export_command="gpg --no-verbose --export --armor %r"
-set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"
-set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r" 
-set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r" 
-
-set pgp_use_gpg_agent = yes
-
-# specify the uid to use when encrypting/signing
-set pgp_sign_as=0xB54608CC
-
-# this set the number of seconds to keep in memory the passpharse used to encrypt/sign
-# the more the less secure it will be
-set pgp_timeout=60
-
-# it's a regexp used against the GPG output: if it matches some line of the output
-# then mutt considers the message a good signed one (ignoring the GPG exit code)
-set pgp_good_sign="^gpg: Good signature from"
-
-# mutt uses by default PGP/GPG to sign/encrypt messages
-# if you want to use S-mime instead set the smime_is_default variable to yes
-
-# automatically sign all outgoing messages
-#set crypt_autosign
-# sign only replies to signed messages
-#set crypt_replysign
-
-# automatically encrypt outgoing messages
-#set crypt_autoencrypt=yes
-# encrypt only replies to signed messages
-#set crypt_replyencrypt=yes
-# encrypt and sign replies to encrypted messages
-set crypt_replysignencrypted=yes
-
-# automatically verify the sign of a message when opened
-set crypt_verify_sig=yes
-
-# enable inline / traditional pgp support
-message-hook '!(~g|~G) ~b"^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"' "exec check-traditional-pgp"
+# Section A: Key Management
+
+set pgp_default_key="0xB54608CC"
+
+# Section B: Commands
+
+# decode application/pgp
+set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
+
+# Verify a signature
+set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
+
+# Decrypt an attachment
+set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
+
+# Create a PGP/MIME signed attachment
+set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
+
+# Create a application/pgp inline signed message.  This style is obsolete but still needed for Hushmail recipients and some MUAs.
+set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
+
+# Create an encrypted attachment (note that some users include the --always-trust option here)
+set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
+
+# Create an encrypted and signed attachment (note that some users include the --always-trust option here)
+set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
+
+# Import a key into the public key ring
+set pgp_import_command="gpg --no-verbose --import %f"
+
+# Export a key from the public key ring
+set pgp_export_command="gpg --no-verbose --armor --export %r"
+
+# Verify a key
+set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
+
+# Read in the public key ring
+set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
+
+# Read in the secret key ring
+set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
+
+# Fetch keys
+# set pgp_getkeys_command="pkspxycwrap %r"
+
+# pattern for good signature - may need to be adapted to locale!
+# OK, here's a version which uses gnupg's message catalog:
+# set pgp_good_sign="^gpgv?: Good signature from"
+# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
+#
+# Output pattern to indicate a valid signature using --status-fd messages
+set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
+
+# Output pattern to verify a decryption occurred
+# This is now deprecated by pgp_check_gpg_decrypt_status_fd:
+# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
+set pgp_check_gpg_decrypt_status_fd
+
-- 
cgit v1.2.3