# Section A: Key Management

set pgp_default_key="0xB54608CC"

# Section B: Commands

# decode application/pgp
set pgp_decode_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"

# Verify a signature
set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"

# Decrypt an attachment
set pgp_decrypt_command="gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"

# Create a PGP/MIME signed attachment
set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"

# Create a application/pgp inline signed message.  This style is obsolete but still needed for Hushmail recipients and some MUAs.
set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"

# Create an encrypted attachment (note that some users include the --always-trust option here)
set pgp_encrypt_only_command="/usr/lib/neomutt/pgpewrap gpg --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"

# Create an encrypted and signed attachment (note that some users include the --always-trust option here)
set pgp_encrypt_sign_command="/usr/lib/neomutt/pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"

# Import a key into the public key ring
set pgp_import_command="gpg --no-verbose --import %f"

# Export a key from the public key ring
set pgp_export_command="gpg --no-verbose --armor --export %r"

# Verify a key
set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"

# Read in the public key ring
set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"

# Read in the secret key ring
set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"

# Fetch keys
# set pgp_getkeys_command="pkspxycwrap %r"

# pattern for good signature - may need to be adapted to locale!
# OK, here's a version which uses gnupg's message catalog:
# set pgp_good_sign="^gpgv?: Good signature from"
# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
#
# Output pattern to indicate a valid signature using --status-fd messages
set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"

# Output pattern to verify a decryption occurred
# This is now deprecated by pgp_check_gpg_decrypt_status_fd:
# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
set pgp_check_gpg_decrypt_status_fd