[Pkg-gnupg-maint] Pinentry/GnuPG Agent for Mutt

Jonathan Wiltshire jmw at debian.org
Tue Aug 26 19:05:40 UTC 2014 

Discussed at the BoF in Portland. The question was how to get Mutt to use
an agent instead of showing its own password prompt when
signing/decrypting.

Attaching my Mutt config. The agent needs to be suitably configured and
running, that's an excercise for the reader. The timeout can be set with
"default-cache" in .gnupg/gpg-agent.conf. 

-- 
Jonathan Wiltshire                                      jmw at debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

-------------- next part --------------
pinentry-program /usr/bin/pinentry
no-grab
default-cache-ttl 1800
enable-ssh-support
-------------- next part --------------
# -*-muttrc-*-
#
# Command formats for gpg.
#
# This version uses gpg-2comp from
#   http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz
#
# $Id: gpg.rc,v 3.1 2002/03/26 22:23:58 roessler Exp $
#
# %p    The empty string when no passphrase is needed,
#       the string "PGPPASSFD=0" if one is needed.
#
#       This is mostly used in conditional % sequences.
#
# %f    Most PGP commands operate on a single file or a file
#       containing a message.  %f expands to this file's name.
#
# %s    When verifying signatures, there is another temporary file
#       containing the detached signature.  %s expands to this
#       file's name.
#
# %a    In "signing" contexts, this expands to the value of the
#       configuration variable $pgp_sign_as.  You probably need to
#       use this within a conditional % sequence.
#
# %r    In many contexts, mutt passes key IDs to pgp.  %r expands to
#       a list of key IDs.

set pgp_use_gpg_agent
 
# Note that we explicitly set the comment armor header since GnuPG, when used
# in some localiaztion environments, generates 8bit data in that header, thereby# breaking PGP/MIME.
 
# decode application/pgp
set pgp_decode_command="/usr/bin/gpg  --charset utf-8 --no-verbose --quiet  --batch  --output - %f"
 
# verify a pgp/mime signature
set pgp_verify_command="/usr/bin/gpg   --list-options show-keyring --no-verbose --quiet  --batch  --output - --verify %s %f"
 
# decrypt a pgp/mime attachment
set pgp_decrypt_command="/usr/bin/gpg   --no-verbose --quiet --batch  --output - %f"
 
# create a pgp/mime signed attachment
set pgp_sign_command="/usr/bin/gpg    --no-verbose --batch --quiet   --output - --armor --detach-sign --textmode %?a?-u %a? %f"
 
# create a application/pgp signed (old-style) message
set pgp_clearsign_command="/usr/bin/gpg   --charset utf-8 --no-verbose --batch --quiet   --output - --armor --textmode --clearsign %?a?-u %a? %f"
 
# create a pgp/mime encrypted attachment
set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap /usr/bin/gpg  --charset utf-8    --batch --quiet  --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f"
 
# create a pgp/mime encrypted and signed attachment
# set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg-2comp  -v --batch  --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap /usr/bin/gpg  --charset utf-8 --batch --quiet  --no-verbose  --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
 
# import a key into the public key ring
set pgp_import_command="/usr/bin/gpg  --no-verbose --import -v %f"
 
# export a key from the public key ring
set pgp_export_command="/usr/bin/gpg   --no-verbose --export --armor %r"
 
# verify a key
set pgp_verify_key_command="/usr/bin/gpg --verbose --batch  --fingerprint --check-sigs %r"
 
# read in the public key ring
set pgp_list_pubring_command="/usr/bin/gpg   --no-verbose --batch --quiet   --with-colons --list-keys %r"
 
# read in the secret key ring
set pgp_list_secring_command="/usr/bin/gpg   --no-verbose --batch --quiet   --with-colons --list-secret-keys %r"
 
# fetch keys
# set pgp_getkeys_command="pkspxycwrap %r"
 
# read in the public key ring
set pgp_list_pubring_command="/usr/bin/gpg   --no-verbose --batch --quiet   --with-colons --list-keys %r"
 
# read in the secret key ring
set pgp_list_secring_command="/usr/bin/gpg   --no-verbose --batch --quiet   --with-colons --list-secret-keys %r"
 
# fetch keys
# set pgp_getkeys_command="pkspxycwrap %r"
 
# pattern for good signature - may need to be adapted to locale!
 
# set pgp_good_sign="^gpg: Good signature from"
 
# OK, here's a version which uses gnupg's message catalog:
set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
 
set pgp_sign_as=0xDEADBEEF
set pgp_verify_sig=yes
set pgp_create_traditional=no

More information about the Pkg-gnupg-maint mailing list