/Muttrc.d/smime.rc

http://github.com/brinkman83/bashrc · Windows Resource-Definition Script · 99 lines · 68 code · 31 blank · 0 comment · 0 complexity · 99a4bd2832ab014e6e8ae67f48de048c MD5 · raw file

  1. # -*-muttrc-*-
  2. ## The following options are only available if you have
  3. ## compiled in S/MIME support
  4. # If you compiled mutt with support for both PGP and S/MIME, PGP
  5. # will be the default method unless the following option is set
  6. #set smime_is_default
  7. # Uncoment this if you don't want to set labels for certificates you add.
  8. # unset smime_ask_cert_label
  9. # Passphrase expiration
  10. #set smime_timeout=300
  11. # Global crypto options -- these affect PGP operations as well.
  12. #set crypt_autosign = yes
  13. #set crypt_replyencrypt = yes
  14. #set crypt_replysign = yes
  15. #set crypt_replysignencrypted = yes
  16. #set crypt_verify_sig = yes
  17. # Section A: Key Management.
  18. # The (default) keyfile for signing/decrypting. Uncomment the following
  19. # line and replace the keyid with your own.
  20. #set smime_default_key="12345678.0"
  21. # Uncommen to make mutt ask what key to use when trying to decrypt a message.
  22. # It will use the default key above (if that was set) else.
  23. # unset smime_decrypt_use_default_key
  24. # Path to a file or directory with trusted certificates
  25. #set smime_ca_location="~/.smime/ca-bundle.crt"
  26. set smime_ca_location=`for f in $HOME/.smime/ca-certificates.crt $HOME/.smime/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ; do if [ -e $f ] ; then echo $f ; exit ; fi ; done`
  27. # Path to where all known certificates go. (must exist!)
  28. set smime_certificates="~/.smime/certificates"
  29. # Path to where all private keys go. (must exist!)
  30. set smime_keys="~/.smime/keys"
  31. # These are used to extract a certificate from a message.
  32. # First generate a PKCS#7 structure from the message.
  33. set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"
  34. # Extract the included certificate(s) from a PKCS#7 structure.
  35. set smime_get_cert_command="openssl pkcs7 -print_certs -in %f"
  36. # Extract the signer's certificate only from a S/MIME signature (sender verification)
  37. set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify -signer %c -out /dev/null"
  38. # This is used to get the email address the certificate was issued to.
  39. set smime_get_cert_email_command="openssl x509 -in %f -noout -email"
  40. # Add a certificate to the database using smime_keys.
  41. set smime_import_cert_command="smime_keys add_cert %f"
  42. # Sction B: Outgoing messages
  43. # Algorithm to use for encryption.
  44. # valid choices are rc2-40, rc2-64, rc2-128, des, des3
  45. set smime_encrypt_with="des3"
  46. # Encrypt a message. Input file is a MIME entity.
  47. set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"
  48. # Sign.
  49. set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -certfile %i -outform DER"
  50. #Section C: Incoming messages
  51. # Decrypt a message. Output is a MIME entity.
  52. set smime_decrypt_command="openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c"
  53. # Verify a signature of type multipart/signed
  54. set smime_verify_command="openssl smime -verify -inform DER -in %s %C -content %f"
  55. # Verify a signature of type application/x-pkcs7-mime
  56. set smime_verify_opaque_command="\
  57. openssl smime -verify -inform DER -in %s %C || \
  58. openssl smime -verify -inform DER -in %s -noverify 2>/dev/null"
  59. # Section D: Alternatives
  60. # Sign. If you wish to NOT include the certificate your CA used in signing
  61. # your public key, use this command instead.
  62. # set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin -in %f -outform DER"
  63. #
  64. # In order to verify the signature only and skip checking the certificate chain:
  65. #
  66. # set smime_verify_command="openssl smime -verify -inform DER -in %s -content %f -noverify"
  67. # set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s -noverify"
  68. #