Re: [gentoo-user] NeoMutt and GnuPG

[Floyd Anderson]

Hi Roger,
On Wed, 31 Jan 2018 15:01:39 +1300
"Roger J. H. Welsh" <rjhwe...@gmail.com> wrote:
Hi Lucas,

Here is my muttrc on github:
https://github.com/lramage94/dotfiles/blob/master/.mutt/muttrc
It looks like you are using gpgme, I personally have not set this up for
my neomutt, instead I use a gpg.rc file from the samples provided.

For example;
bzcat /usr/share/doc/neomutt-*/samples/gpg.rc.bz2 > ~/.mutt/gpg.rc
echo "source ~/.mutt/gpg.rc" >> ~/.mutt/muttrc

I would not do that. The topic itself is complex enough and sourcing of 
14 ! long and cryptic command lines doesn’t make it better. Also note 
that gpg.rc defines the deprecated ‘pgp_clearsign_command’ variable.

BTW. as we‘re talking about NeoMutt here, I use:

${XDG_CONFIG_HOME:-${HOME}/.}${XDG_CONFIG_HOME:+/}neomutt/neomuttrc

so I can run a parallel Mutt installation when things get broken.

Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no ‘crypt’, 
‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the ebuild and 
especially the comments. This way I only need to set one ! variable to 
get the stuff working:

set crypt_use_gpgme = yes


To be sure you may also set:

# ensure deprecated options are disabled or disarmed
set pgp_autoinline              = no
set pgp_clearsign_command       = ''
set pgp_mime_auto               = ask-yes
set pgp_replyinline             = no


And if one like:

# semi-automated encrypted reply to encrypted messages
# Notes:
#    - this can always be disabled by PGP-menu ('p')
#    - crypt_autoencrypt or crypt_replyencrypt (if set) disables 
crypt_opportunistic_encrypt
set crypt_opportunistic_encrypt = yes
set crypt_autoencrypt           = no
set crypt_replyencrypt          = no

# whether or not display unusable (revoked, expired, disabled) keys
set pgp_show_unusable           = yes
set crypt_timestamp             = no


With more than one mail address I suggest:
send2-hook  .                         'set pgp_sign_as = ""'
send2-hook  '~f "1st@example\.net$"'  'set pgp_sign_as = 
"0x0123456789ABCDEF0123456789ABCDEF01234567"'
send2-hook  '~f "2nd@example\.net$"'  'set pgp_sign_as = 
"0xABCDEF0123456789ABCDEF0123456789ABCDEF01"'


On my neomutt, when I press "v" to view attachments, all I can
see is text/plain. I think my neomutt does something automatic to
decrypt the messages.


Indeed, viewing attachments encrypted would break many functions 
otherwise, e.g. piping, printing, saving.

My source docs I used when setting my gpg up with mutt were:
https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
http://codesorcery.net/old/mutt/mutt-gnupg-howto


In the meantime NeoMutt != Mutt, so not to forget to mention
<https://www.neomutt.org/guide/>. ;-)


--
Regards,
floyd