/Muttrc.d/smime.rc

 1# -*-muttrc-*-
 2## The following options are only available if you have
 3## compiled in S/MIME support
 4
 5# If you compiled mutt with support for both PGP and S/MIME, PGP
 6# will be the default method unless the following option is set
 7#set smime_is_default
 8
 9# Uncoment this if you don't want to set labels for certificates you add.
10# unset smime_ask_cert_label
11
12# Passphrase expiration
13#set smime_timeout=300
14
15# Global crypto options -- these affect PGP operations as well.
16#set crypt_autosign = yes
17#set crypt_replyencrypt = yes
18#set crypt_replysign = yes
19#set crypt_replysignencrypted = yes
20#set crypt_verify_sig = yes
21
22# Section A: Key Management.
23
24# The (default) keyfile for signing/decrypting.  Uncomment the following
25# line and replace the keyid with your own.
26#set smime_default_key="12345678.0"
27
28# Uncommen to make mutt ask what key to use when trying to decrypt a message.
29# It will use the default key above (if that was set) else.
30# unset smime_decrypt_use_default_key
31
32# Path to a file or directory with trusted certificates
33#set smime_ca_location="~/.smime/ca-bundle.crt"
34set smime_ca_location=`for f in $HOME/.smime/ca-certificates.crt $HOME/.smime/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ; do if [ -e $f ] ; then echo $f ; exit ; fi ; done`
35
36# Path to where all known certificates go. (must exist!)
37set smime_certificates="~/.smime/certificates"
38
39# Path to where all private keys go. (must exist!)
40set smime_keys="~/.smime/keys"
41
42# These are used to extract a certificate from a message.
43# First generate a PKCS#7 structure from the message.
44set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"
45
46# Extract the included certificate(s) from a PKCS#7 structure.
47set smime_get_cert_command="openssl pkcs7 -print_certs -in %f"
48
49# Extract the signer's certificate only from a S/MIME signature (sender verification)
50set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify -signer %c -out /dev/null"
51
52# This is used to get the email address the certificate was issued to.
53set smime_get_cert_email_command="openssl x509 -in  %f -noout -email"
54
55# Add a certificate to the database using smime_keys.
56set smime_import_cert_command="smime_keys add_cert %f"
57
58
59
60# Sction B: Outgoing messages
61
62# Algorithm to use for encryption.
63# valid choices are rc2-40, rc2-64, rc2-128, des, des3
64set smime_encrypt_with="des3"
65
66# Encrypt a message. Input file is a MIME entity.
67set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"
68
69# Sign.
70set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -certfile %i -outform DER"
71
72
73
74#Section C: Incoming messages
75
76# Decrypt a message. Output is a MIME entity.
77set smime_decrypt_command="openssl smime -decrypt  -passin stdin -inform DER -in %f -inkey %k -recip %c"
78
79# Verify a signature of type multipart/signed
80set smime_verify_command="openssl smime -verify -inform DER -in %s %C -content %f"
81
82# Verify a signature of type application/x-pkcs7-mime
83set smime_verify_opaque_command="\
84openssl smime -verify -inform DER -in %s %C || \
85openssl smime -verify -inform DER -in %s -noverify 2>/dev/null"
86
87
88
89# Section D: Alternatives
90
91# Sign.  If you wish to NOT include the certificate your CA used in signing
92# your public key, use this command instead.
93# set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -outform DER"
94#
95# In order to verify the signature only and skip checking the certificate  chain:
96#
97# set smime_verify_command="openssl smime -verify -inform DER -in %s -content %f -noverify"
98# set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s -noverify"
99#