mutt: Set up GPG signing by default

mutt/.mutt/gpgrc

@@ -0,0 +1,116 @@
+# vim: syntax=muttrc
+#
+# -*-muttrc-*-
+#
+# Command formats for gpg.
+#
+# Some of the older commented-out versions of the commands use gpg-2comp from:
+#   http://70t.de/download/gpg-2comp.tar.gz
+#
+# %p    The empty string when no passphrase is needed,
+#       the string "PGPPASSFD=0" if one is needed.
+#
+#       This is mostly used in conditional % sequences.
+#
+# %f    Most PGP commands operate on a single file or a file
+#       containing a message.  %f expands to this file's name.
+#
+# %s    When verifying signatures, there is another temporary file
+#       containing the detached signature.  %s expands to this
+#       file's name.
+#
+# %a    In "signing" contexts, this expands to the value of the
+#       configuration variable $pgp_sign_as, if set, otherwise
+#       $pgp_default_key.  You probably need to
+#       use this within a conditional % sequence.
+#
+# %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
+#       a list of key IDs.
+
+
+# Section A: Key Management
+
+# The default key for encryption (used by $pgp_self_encrypt and
+# $postpone_encrypt).
+#
+# It will also be used for signing unless $pgp_sign_as is set to a
+# key.
+#
+# Unless your key does not have encryption capability, uncomment this
+# line and replace the keyid with your own.
+#
+# set pgp_default_key="0x12345678"
+
+# If you have a separate signing key, or your key _only_ has signing
+# capability, uncomment this line and replace the keyid with your
+# signing keyid.
+#
+# set pgp_sign_as="0x87654321"
+
+
+# Section B: Commands
+
+# Note that we explicitly set the comment armor header since GnuPG, when used
+# in some localiaztion environments, generates 8bit data in that header, thereby
+# breaking PGP/MIME.
+
+# decode application/pgp
+set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
+
+# verify a pgp/mime signature
+set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
+
+# decrypt a pgp/mime attachment
+set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
+
+# create a pgp/mime signed attachment
+# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
+set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
+
+# create a application/pgp signed (old-style) message
+# set pgp_clearsign_command="gpg-2comp --comment '' --no-verbose --batch --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
+set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f"
+
+# create a pgp/mime encrypted attachment
+# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
+set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
+
+# create a pgp/mime encrypted and signed attachment
+# set pgp_encrypt_sign_command="pgpewrap gpg-2comp %?p?--passphrase-fd 0? -v --batch --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
+set pgp_encrypt_sign_command="pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
+
+# import a key into the public key ring
+set pgp_import_command="gpg --no-verbose --import %f"
+
+# export a key from the public key ring
+set pgp_export_command="gpg --no-verbose --export --armor %r"
+
+# verify a key
+set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r"
+
+# read in the public key ring
+# note: the second --with-fingerprint adds fingerprints to subkeys
+set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
+
+# read in the secret key ring
+# note: the second --with-fingerprint adds fingerprints to subkeys
+set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
+
+# fetch keys
+# set pgp_getkeys_command="pkspxycwrap %r"
+
+# pattern for good signature - may need to be adapted to locale!
+
+# set pgp_good_sign="^gpgv?: Good signature from "
+
+# OK, here's a version which uses gnupg's message catalog:
+# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
+
+# This version uses --status-fd messages
+set pgp_good_sign="^\\[GNUPG:\\] GOODSIG"
+
+# pattern to verify a decryption occurred
+# This is now deprecated by pgp_check_gpg_decrypt_status_fd:
+# set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
+set pgp_check_gpg_decrypt_status_fd
+

mutt/.mutt/muttrc

@@ -5,6 +5,7 @@ set folder      = ~/Mail
 set spoolfile   = +/fastmail/Inbox
 set header_cache=~/Mail/mutt_cache/ # a much faster opening of mailboxes...
 
+source ~/.mutt/gpgrc
 source ~/.mutt/accounts/fastmail
 source ~/.mutt/accounts/sanchayan
 source ~/.mutt/accounts/asymptotic
@@ -124,3 +125,13 @@ mailboxes = +sanchayan/FreedesktopGitlab
 mailboxes = +sanchayan/pulseaudio
 mailboxes = +sanchayan/Sent
 mailboxes = +sanchayan/Spam
+
+# GPG signing options
+set crypt_autosign              = "no"
+set crypt_replyencrypt          = "yes"
+set crypt_replysign             = "yes"
+set crypt_replysignencrypted    = "yes"
+set crypt_opportunistic_encrypt = "no"
+set postpone_encrypt            = "no"
+set pgp_use_gpg_agent           = "yes"
+set pgp_default_key             = "6F6A0609C12038F3"