diff options
-rw-r--r-- | compose.c | 2 | ||||
-rw-r--r-- | crypt-gpgme.c | 11 | ||||
-rw-r--r-- | crypt.c | 4 | ||||
-rw-r--r-- | doc/manual.xml.head | 6 | ||||
-rw-r--r-- | globals.h | 4 | ||||
-rw-r--r-- | init.h | 71 | ||||
-rw-r--r-- | pgpinvoke.c | 34 | ||||
-rw-r--r-- | postpone.c | 2 | ||||
-rw-r--r-- | send.c | 12 | ||||
-rw-r--r-- | sendlib.c | 4 | ||||
-rw-r--r-- | smime.c | 42 |
11 files changed, 106 insertions, 86 deletions
@@ -253,7 +253,7 @@ static void redraw_crypt_lines (HEADER *msg) SETCOLOR (MT_COLOR_COMPOSE_HEADER); printw ("%*s", HeaderPadding[HDR_CRYPTINFO], _(Prompts[HDR_CRYPTINFO])); NORMAL_COLOR; - printw ("%s", SmimeDefaultKey ? SmimeDefaultKey : _("<default>")); + printw ("%s", SmimeSignAs ? SmimeSignAs : _("<default>")); } if ((WithCrypto & APPLICATION_SMIME) diff --git a/crypt-gpgme.c b/crypt-gpgme.c index 7283e109..87a11e8f 100644 --- a/crypt-gpgme.c +++ b/crypt-gpgme.c @@ -703,11 +703,16 @@ static gpgme_key_t *create_recipient_set (const char *keylist, /* Make sure that the correct signer is set. Returns 0 on success. */ static int set_signer (gpgme_ctx_t ctx, int for_smime) { - char *signid = for_smime ? SmimeDefaultKey: PgpSignAs; + char *signid; gpgme_error_t err; gpgme_ctx_t listctx; gpgme_key_t key, key2; + if (for_smime) + signid = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey; + else + signid = (PgpSignAs && *PgpSignAs) ? PgpSignAs : PgpDefaultKey; + if (!signid || !*signid) return 0; @@ -4840,8 +4845,8 @@ static int gpgme_send_menu (HEADER *msg, int is_smime) { snprintf (input_signas, sizeof (input_signas), "0x%s", crypt_fpr_or_lkeyid (p)); - mutt_str_replace (is_smime? &SmimeDefaultKey : &PgpSignAs, input_signas); - crypt_free_key (&p); + mutt_str_replace (is_smime? &SmimeSignAs : &PgpSignAs, input_signas); + crypt_free_key (&p); msg->security |= SIGN; } @@ -832,7 +832,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode) } unset_option (OPTPGPCHECKTRUST); if (option (OPTPGPSELFENCRYPT)) - self_encrypt = PgpSelfEncryptAs; + self_encrypt = PgpDefaultKey; } if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) @@ -843,7 +843,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode) return (-1); } if (option (OPTSMIMESELFENCRYPT)) - self_encrypt = SmimeSelfEncryptAs; + self_encrypt = SmimeDefaultKey; } } diff --git a/doc/manual.xml.head b/doc/manual.xml.head index 51d646b7..2a17ca69 100644 --- a/doc/manual.xml.head +++ b/doc/manual.xml.head @@ -1476,11 +1476,11 @@ be encrypted using the selected public keys when sent out. </para> <para> -To ensure you can view encrypted message you have sent, you +To ensure you can view encrypted messages you have sent, you may wish to set <link linkend="pgp-self-encrypt">$pgp_self_encrypt</link> -and <link linkend="pgp-self-encrypt-as">$pgp_self_encrypt_as</link> for PGP, or +and <link linkend="pgp-default-key">$pgp_default_key</link> for PGP, or <link linkend="smime-self-encrypt">$smime_self_encrypt</link> -and <link linkend="smime-self-encrypt-as">$smime_self_encrypt_as</link> for S/MIME. +and <link linkend="smime-default-key">$smime_default_key</link> for S/MIME. </para> <para> @@ -251,6 +251,7 @@ WHERE LIST *UserHeader INITVAL (0); /*-- formerly in pgp.h --*/ WHERE REGEXP PgpGoodSign; WHERE REGEXP PgpDecryptionOkay; +WHERE char *PgpDefaultKey; WHERE char *PgpSignAs; WHERE short PgpTimeout; WHERE char *PgpEntryFormat; @@ -267,10 +268,10 @@ WHERE char *PgpVerifyKeyCommand; WHERE char *PgpListSecringCommand; WHERE char *PgpListPubringCommand; WHERE char *PgpGetkeysCommand; -WHERE char *PgpSelfEncryptAs; /*-- formerly in smime.h --*/ WHERE char *SmimeDefaultKey; +WHERE char *SmimeSignAs; WHERE short SmimeTimeout; WHERE char *SmimeCertificates; WHERE char *SmimeKeys; @@ -288,7 +289,6 @@ WHERE char *SmimePk7outCommand; WHERE char *SmimeGetCertCommand; WHERE char *SmimeImportCertCommand; WHERE char *SmimeGetCertEmailCommand; -WHERE char *SmimeSelfEncryptAs; @@ -1925,7 +1925,8 @@ struct option_t MuttVars[] = { ** .dt %f .dd Expands to the name of a file containing a message. ** .dt %s .dd Expands to the name of a file containing the signature part ** . of a \fCmultipart/signed\fP attachment when verifying it. - ** .dt %a .dd The value of $$pgp_sign_as. + ** .dt %a .dd The value of $$pgp_sign_as if set, otherwise the value + ** of $$pgp_default_key. ** .dt %r .dd One or more key IDs (or fingerprints if available). ** .de ** .pp @@ -1955,6 +1956,19 @@ struct option_t MuttVars[] = { ** (e.g. simply signed and ascii armored text). ** (PGP only) */ + { "pgp_self_encrypt_as", DT_SYN, R_NONE, UL "pgp_default_key", 0 }, + { "pgp_default_key", DT_STR, R_NONE, UL &PgpDefaultKey, 0 }, + /* + ** .pp + ** This is the default key-pair to use for PGP operations. It will be + ** used for encryption (see $$postpone_encrypt and $$pgp_self_encrypt). + ** .pp + ** It will also be used for signing unless $$pgp_sign_as is set. + ** .pp + ** The (now deprecated) \fIpgp_self_encrypt_as\fP is an alias for this + ** variable, and should no longer be used. + ** (PGP only) + */ { "pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, 0}, /* ** .pp @@ -2135,19 +2149,11 @@ struct option_t MuttVars[] = { ** removed, while the inner \fCmultipart/signed\fP part is retained. ** (PGP only) */ - { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 }, + { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 1 }, /* ** .pp ** When \fIset\fP, PGP encrypted messages will also be encrypted - ** using the key in $$pgp_self_encrypt_as. - ** (PGP only) - */ - { "pgp_self_encrypt_as", DT_STR, R_NONE, UL &PgpSelfEncryptAs, 0 }, - /* - ** .pp - ** This is an additional key used to encrypt messages when $$pgp_self_encrypt - ** is \fIset\fP. It is also used to specify the key for $$postpone_encrypt. - ** It should be in keyid or fingerprint form (e.g. 0x00112233). + ** using the key in $$pgp_default_key. ** (PGP only) */ { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 }, @@ -2161,9 +2167,10 @@ struct option_t MuttVars[] = { { "pgp_sign_as", DT_STR, R_NONE, UL &PgpSignAs, 0 }, /* ** .pp - ** If you have more than one key pair, this option allows you to specify - ** which of your private keys to use. It is recommended that you use the - ** keyid form to specify your key (e.g. \fC0x00112233\fP). + ** If you have a different key pair to use for signing, you should + ** set this to the signing key. Most people will only need to set + ** $$pgp_default_key. It is recommended that you use the keyid form + ** to specify your key (e.g. \fC0x00112233\fP). ** (PGP only) */ { "pgp_sign_command", DT_STR, R_NONE, UL &PgpSignCommand, 0}, @@ -2370,7 +2377,7 @@ struct option_t MuttVars[] = { ** .pp ** When \fIset\fP, postponed messages that are marked for encryption will be ** self-encrypted. Mutt will first try to encrypt using the value specified - ** in $$pgp_self_encrypt_as or $$smime_self_encrypt_as. If those are not + ** in $$pgp_default_key or $$smime_default_key. If those are not ** set, it will try the deprecated $$postpone_encrypt_as. ** (Crypto only) */ @@ -2378,7 +2385,7 @@ struct option_t MuttVars[] = { /* ** .pp ** This is a deprecated fall-back variable for $$postpone_encrypt. - ** Please use $$pgp_self_encrypt_as or $$smime_self_encrypt_as. + ** Please use $$pgp_default_key or $$smime_default_key. ** (Crypto only) */ #ifdef USE_SOCKET @@ -3093,12 +3100,23 @@ struct option_t MuttVars[] = { ** to determine the key to use. It will ask you to supply a key, if it can't find one. ** (S/MIME only) */ - { "smime_sign_as", DT_SYN, R_NONE, UL "smime_default_key", 0 }, + { "smime_self_encrypt_as", DT_SYN, R_NONE, UL "smime_default_key", 0 }, { "smime_default_key", DT_STR, R_NONE, UL &SmimeDefaultKey, 0 }, /* ** .pp - ** This is the default key-pair to use for signing. This must be set to the - ** keyid (the hash-value that OpenSSL generates) to work properly + ** This is the default key-pair to use for S/MIME operations, and must be + ** set to the keyid (the hash-value that OpenSSL generates) to work properly. + ** .pp + ** It will be used for encryption (see $$postpone_encrypt and + ** $$smime_self_encrypt). + ** .pp + ** It will be used for decryption unless $$smime_decrypt_use_default_key + ** is \fIunset\fP. + ** .pp + ** It will also be used for signing unless $$smime_sign_as is set. + ** .pp + ** The (now deprecated) \fIsmime_self_encrypt_as\fP is an alias for this + ** variable, and should no longer be used. ** (S/MIME only) */ { "smime_encrypt_command", DT_STR, R_NONE, UL &SmimeEncryptCommand, 0}, @@ -3188,20 +3206,18 @@ struct option_t MuttVars[] = { ** possible \fCprintf(3)\fP-like sequences. ** (S/MIME only) */ - { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 }, + { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 1 }, /* ** .pp ** When \fIset\fP, S/MIME encrypted messages will also be encrypted - ** using the certificate in $$smime_self_encrypt_as. + ** using the certificate in $$smime_default_key. ** (S/MIME only) */ - { "smime_self_encrypt_as", DT_STR, R_NONE, UL &SmimeSelfEncryptAs, 0 }, + { "smime_sign_as", DT_STR, R_NONE, UL &SmimeSignAs, 0 }, /* ** .pp - ** This is an additional certificate used to encrypt messages when - ** $$smime_self_encrypt is \fIset\fP. It is also used to specify the - ** certificate for $$postpone_encrypt. It should be the hash-value that - ** OpenSSL generates. + ** If you have a separate key to use for signing, you should set this + ** to the signing key. Most people will only need to set $$smime_default_key. ** (S/MIME only) */ { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0}, @@ -3211,7 +3227,8 @@ struct option_t MuttVars[] = { ** \fCmultipart/signed\fP, which can be read by all mail clients. ** .pp ** This is a format string, see the $$smime_decrypt_command command for - ** possible \fCprintf(3)\fP-like sequences. + ** possible \fCprintf(3)\fP-like sequences. NOTE: %c and %k will default + ** to $$smime_sign_as if set, otherwise $$smime_default_key. ** (S/MIME only) */ { "smime_sign_digest_alg", DT_STR, R_NONE, UL &SmimeDigestAlg, UL "sha256" }, diff --git a/pgpinvoke.c b/pgpinvoke.c index ee766282..aa0efef5 100644 --- a/pgpinvoke.c +++ b/pgpinvoke.c @@ -164,7 +164,6 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, short need_passphrase, const char *fname, const char *sig_fname, - const char *signas, const char *ids, const char *format) { @@ -179,7 +178,10 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, cctx.need_passphrase = need_passphrase; cctx.fname = fname; cctx.sig_fname = sig_fname; - cctx.signas = signas; + if (PgpSignAs && *PgpSignAs) + cctx.signas = PgpSignAs; + else + cctx.signas = PgpDefaultKey; cctx.ids = ids; mutt_pgp_command (cmd, sizeof (cmd), &cctx, format); @@ -196,13 +198,12 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, * */ - pid_t pgp_invoke_decode (FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd, int pgpoutfd, int pgperrfd, const char *fname, short need_passphrase) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - need_passphrase, fname, NULL, PgpSignAs, NULL, + need_passphrase, fname, NULL, NULL, PgpDecodeCommand); } @@ -211,7 +212,7 @@ pid_t pgp_invoke_verify (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname, const char *sig_fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, fname, sig_fname, PgpSignAs, NULL, PgpVerifyCommand); + 0, fname, sig_fname, NULL, PgpVerifyCommand); } pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, @@ -219,7 +220,7 @@ pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, PgpDecryptCommand); + 1, fname, NULL, NULL, PgpDecryptCommand); } pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr, @@ -227,7 +228,7 @@ pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, PgpSignCommand); + 1, fname, NULL, NULL, PgpSignCommand); } @@ -237,11 +238,11 @@ pid_t pgp_invoke_encrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, { if (sign) return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, uids, + 1, fname, NULL, uids, PgpEncryptSignCommand); else return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, fname, NULL, PgpSignAs, uids, + 0, fname, NULL, uids, PgpEncryptOnlyCommand); } @@ -251,11 +252,11 @@ pid_t pgp_invoke_traditional (FILE **pgpin, FILE **pgpout, FILE **pgperr, { if (flags & ENCRYPT) return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - flags & SIGN ? 1 : 0, fname, NULL, PgpSignAs, uids, + flags & SIGN ? 1 : 0, fname, NULL, uids, flags & SIGN ? PgpEncryptSignCommand : PgpEncryptOnlyCommand); else return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, + 1, fname, NULL, NULL, PgpClearSignCommand); } @@ -270,7 +271,10 @@ void pgp_invoke_import (const char *fname) mutt_quote_filename (_fname, sizeof (_fname), fname); cctx.fname = _fname; - cctx.signas = PgpSignAs; + if (PgpSignAs && *PgpSignAs) + cctx.signas = PgpSignAs; + else + cctx.signas = PgpDefaultKey; mutt_pgp_command (cmd, sizeof (cmd), &cctx, PgpImportCommand); mutt_system (cmd); @@ -321,7 +325,7 @@ pid_t pgp_invoke_export (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *uids) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, PgpExportCommand); } @@ -330,7 +334,7 @@ pid_t pgp_invoke_verify_key (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *uids) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, PgpVerifyKeyCommand); } @@ -352,7 +356,7 @@ pid_t pgp_invoke_list_keys (FILE **pgpin, FILE **pgpout, FILE **pgperr, } return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, keyring == PGP_SECRING ? PgpListSecringCommand : PgpListPubringCommand); } @@ -531,7 +531,7 @@ int mutt_parse_crypt_hdr (const char *p, int set_empty_signas, int crypt_app) if ((WithCrypto & APPLICATION_SMIME) && (crypt_app == APPLICATION_SMIME) && (flags & SIGN) && (set_empty_signas || *sign_as)) - mutt_str_replace (&SmimeDefaultKey, sign_as); + mutt_str_replace (&SmimeSignAs, sign_as); return flags; } @@ -1158,7 +1158,7 @@ ci_send_message (int flags, /* send mode */ char *pgpkeylist = NULL; /* save current value of "pgp_sign_as" and "smime_default_key" */ char *pgp_signas = NULL; - char *smime_default_key = NULL; + char *smime_signas = NULL; char *tag = NULL, *err = NULL; char *ctype; @@ -1183,7 +1183,7 @@ ci_send_message (int flags, /* send mode */ if (WithCrypto & APPLICATION_PGP) pgp_signas = safe_strdup(PgpSignAs); if (WithCrypto & APPLICATION_SMIME) - smime_default_key = safe_strdup(SmimeDefaultKey); + smime_signas = safe_strdup(SmimeSignAs); } /* Delay expansion of aliases until absolutely necessary--shouldn't @@ -1629,9 +1629,9 @@ main_loop: char *encrypt_as = NULL; if ((WithCrypto & APPLICATION_PGP) && (msg->security & APPLICATION_PGP)) - encrypt_as = PgpSelfEncryptAs; + encrypt_as = PgpDefaultKey; else if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) - encrypt_as = SmimeSelfEncryptAs; + encrypt_as = SmimeDefaultKey; if (!(encrypt_as && *encrypt_as)) encrypt_as = PostponeEncryptAs; @@ -1958,8 +1958,8 @@ cleanup: } if (WithCrypto & APPLICATION_SMIME) { - FREE (&SmimeDefaultKey); - SmimeDefaultKey = smime_default_key; + FREE (&SmimeSignAs); + SmimeSignAs = smime_signas; } } @@ -2863,8 +2863,8 @@ int mutt_write_fcc (const char *path, HEADER *hdr, const char *msgid, int post, fputc ('O', msg->fp); if (hdr->security & SIGN) { fputc ('S', msg->fp); - if (SmimeDefaultKey && *SmimeDefaultKey) - fprintf (msg->fp, "<%s>", SmimeDefaultKey); + if (SmimeSignAs && *SmimeSignAs) + fprintf (msg->fp, "<%s>", SmimeSignAs); } if (hdr->security & INLINE) fputc ('I', msg->fp); @@ -1527,11 +1527,13 @@ BODY *smime_sign_message (BODY *a ) int err = 0; int empty = 0; pid_t thepid; - smime_key_t *default_key; + char *signas; + smime_key_t *signas_key; char *intermediates; char *micalg; - if (!SmimeDefaultKey) + signas = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey; + if (!signas || !*signas) { mutt_error _("Can't sign: No key specified. Use Sign As."); return NULL; @@ -1563,22 +1565,22 @@ BODY *smime_sign_message (BODY *a ) snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", - NONULL(SmimeKeys), SmimeDefaultKey); + NONULL(SmimeKeys), signas); snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", - NONULL(SmimeCertificates), SmimeDefaultKey); + NONULL(SmimeCertificates), signas); - default_key = smime_get_key_by_hash (SmimeDefaultKey, 1); - if ((! default_key) || - (! mutt_strcmp ("?", default_key->issuer))) - intermediates = SmimeDefaultKey; /* so openssl won't complain in any case */ + signas_key = smime_get_key_by_hash (signas, 1); + if ((! signas_key) || + (! mutt_strcmp ("?", signas_key->issuer))) + intermediates = signas; /* so openssl won't complain in any case */ else - intermediates = default_key->issuer; + intermediates = signas_key->issuer; snprintf (SmimeIntermediateToUse, sizeof (SmimeIntermediateToUse), "%s/%s", NONULL(SmimeCertificates), intermediates); - smime_free_key (&default_key); + smime_free_key (&signas_key); @@ -2216,19 +2218,11 @@ int smime_send_menu (HEADER *msg) break; case 's': /* (s)ign */ + msg->security &= ~ENCRYPT; + msg->security |= SIGN; + break; + case 'S': /* (s)ign in oppenc mode */ - if(!SmimeDefaultKey) - { - if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0))) - { - mutt_str_replace (&SmimeDefaultKey, key->hash); - smime_free_key (&key); - } - else - break; - } - if (choices[choice - 1] == 's') - msg->security &= ~ENCRYPT; msg->security |= SIGN; break; @@ -2236,9 +2230,9 @@ int smime_send_menu (HEADER *msg) if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0))) { - mutt_str_replace (&SmimeDefaultKey, key->hash); + mutt_str_replace (&SmimeSignAs, key->hash); smime_free_key (&key); - + msg->security |= SIGN; /* probably need a different passphrase */ |