/src/neomutt/ncrypt/config.c
Line | Count | Source |
1 | | /** |
2 | | * @file |
3 | | * Config used by libncrypt |
4 | | * |
5 | | * @authors |
6 | | * Copyright (C) 2020 Richard Russon <rich@flatcap.org> |
7 | | * |
8 | | * @copyright |
9 | | * This program is free software: you can redistribute it and/or modify it under |
10 | | * the terms of the GNU General Public License as published by the Free Software |
11 | | * Foundation, either version 2 of the License, or (at your option) any later |
12 | | * version. |
13 | | * |
14 | | * This program is distributed in the hope that it will be useful, but WITHOUT |
15 | | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
16 | | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
17 | | * details. |
18 | | * |
19 | | * You should have received a copy of the GNU General Public License along with |
20 | | * this program. If not, see <http://www.gnu.org/licenses/>. |
21 | | */ |
22 | | |
23 | | /** |
24 | | * @page crypt_config Config used by libncrypt |
25 | | * |
26 | | * Config used by libncrypt |
27 | | */ |
28 | | |
29 | | #include "config.h" |
30 | | #include <stddef.h> |
31 | | #include <stdbool.h> |
32 | | #include "mutt/lib.h" |
33 | | #include "config/lib.h" |
34 | | |
35 | | /** |
36 | | * SortKeyMethods - Sort methods for encryption keys |
37 | | */ |
38 | | static const struct Mapping SortKeyMethods[] = { |
39 | | // clang-format off |
40 | | { "address", SORT_ADDRESS }, |
41 | | { "date", SORT_DATE }, |
42 | | { "keyid", SORT_KEYID }, |
43 | | { "trust", SORT_TRUST }, |
44 | | { NULL, 0 }, |
45 | | // clang-format on |
46 | | }; |
47 | | |
48 | | /** |
49 | | * NcryptVars - Config definitions for the encryption library |
50 | | */ |
51 | | static struct ConfigDef NcryptVars[] = { |
52 | | // clang-format off |
53 | | { "crypt_confirm_hook", DT_BOOL, true, 0, NULL, |
54 | | "Prompt the user to confirm keys before use" |
55 | | }, |
56 | | { "crypt_opportunistic_encrypt", DT_BOOL, false, 0, NULL, |
57 | | "Enable encryption when the recipient's key is available" |
58 | | }, |
59 | | { "crypt_opportunistic_encrypt_strong_keys", DT_BOOL, false, 0, NULL, |
60 | | "Enable encryption only when strong a key is available" |
61 | | }, |
62 | | { "crypt_protected_headers_read", DT_BOOL, true, 0, NULL, |
63 | | "Display protected headers (Memory Hole) in the pager" |
64 | | }, |
65 | | { "crypt_protected_headers_subject", DT_STRING, IP "...", 0, NULL, |
66 | | "Use this as the subject for encrypted emails" |
67 | | }, |
68 | | { "crypt_protected_headers_write", DT_BOOL, false, 0, NULL, |
69 | | "Generate protected header (Memory Hole) for signed and encrypted emails" |
70 | | }, |
71 | | { "crypt_timestamp", DT_BOOL, true, 0, NULL, |
72 | | "Add a timestamp to PGP or SMIME output to prevent spoofing" |
73 | | }, |
74 | | { "envelope_from_address", DT_ADDRESS, 0, 0, NULL, |
75 | | "Manually set the sender for outgoing messages" |
76 | | }, |
77 | | { "pgp_auto_inline", DT_BOOL, false, 0, NULL, |
78 | | "Use old-style inline PGP messages (not recommended)" |
79 | | }, |
80 | | { "pgp_default_key", DT_STRING, 0, 0, NULL, |
81 | | "Default key to use for PGP operations" |
82 | | }, |
83 | | { "pgp_entry_format", DT_STRING|DT_NOT_EMPTY, IP "%4n %t%f %4l/0x%k %-4a %2c %u", 0, NULL, |
84 | | "printf-like format string for the PGP key selection menu" |
85 | | }, |
86 | | { "pgp_ignore_subkeys", DT_BOOL, true, 0, NULL, |
87 | | "Only use the principal PGP key" |
88 | | }, |
89 | | { "pgp_long_ids", DT_BOOL, true, 0, NULL, |
90 | | "Display long PGP key IDs to the user" |
91 | | }, |
92 | | { "pgp_mime_auto", DT_QUAD, MUTT_ASKYES, 0, NULL, |
93 | | "Prompt the user to use MIME if inline PGP fails" |
94 | | }, |
95 | | { "pgp_retainable_sigs", DT_BOOL, false, 0, NULL, |
96 | | "Create nested multipart/signed or encrypted messages" |
97 | | }, |
98 | | { "pgp_self_encrypt", DT_BOOL, true, 0, NULL, |
99 | | "Encrypted messages will also be encrypted to $pgp_default_key too" |
100 | | }, |
101 | | { "pgp_show_unusable", DT_BOOL, true, 0, NULL, |
102 | | "Show non-usable keys in the key selection" |
103 | | }, |
104 | | { "pgp_sign_as", DT_STRING, 0, 0, NULL, |
105 | | "Use this alternative key for signing messages" |
106 | | }, |
107 | | { "pgp_sort_keys", DT_SORT|DT_SORT_REVERSE, SORT_ADDRESS, IP SortKeyMethods, NULL, |
108 | | "Sort order for PGP keys" |
109 | | }, |
110 | | { "pgp_strict_enc", DT_BOOL, true, 0, NULL, |
111 | | "Encode PGP signed messages with quoted-printable (don't unset)" |
112 | | }, |
113 | | { "smime_default_key", DT_STRING, 0, 0, NULL, |
114 | | "Default key for SMIME operations" |
115 | | }, |
116 | | { "smime_encrypt_with", DT_STRING, IP "aes256", 0, NULL, |
117 | | "Algorithm for encryption" |
118 | | }, |
119 | | { "smime_self_encrypt", DT_BOOL, true, 0, NULL, |
120 | | "Encrypted messages will also be encrypt to $smime_default_key too" |
121 | | }, |
122 | | { "smime_sign_as", DT_STRING, 0, 0, NULL, |
123 | | "Use this alternative key for signing messages" |
124 | | }, |
125 | | { "smime_is_default", DT_BOOL, false, 0, NULL, |
126 | | "Use SMIME rather than PGP by default" |
127 | | }, |
128 | | { "pgp_auto_decode", DT_BOOL, false, 0, NULL, |
129 | | "Automatically decrypt PGP messages" |
130 | | }, |
131 | | { "crypt_verify_sig", DT_QUAD, MUTT_YES, 0, NULL, |
132 | | "Verify PGP or SMIME signatures" |
133 | | }, |
134 | | { "crypt_protected_headers_save", DT_BOOL, false, 0, NULL, |
135 | | "Save the cleartext Subject with the headers" |
136 | | }, |
137 | | |
138 | | { "crypt_confirmhook", DT_SYNONYM, IP "crypt_confirm_hook", IP "2021-02-11" }, |
139 | | { "pgp_autoinline", DT_SYNONYM, IP "pgp_auto_inline", IP "2021-02-11" }, |
140 | | { "pgp_create_traditional", DT_SYNONYM, IP "pgp_auto_inline", IP "2004-04-12" }, |
141 | | { "pgp_self_encrypt_as", DT_SYNONYM, IP "pgp_default_key", IP "2018-01-11" }, |
142 | | { "pgp_verify_sig", DT_SYNONYM, IP "crypt_verify_sig", IP "2002-01-24" }, |
143 | | { "smime_self_encrypt_as", DT_SYNONYM, IP "smime_default_key", IP "2018-01-11" }, |
144 | | |
145 | | { "pgp_encrypt_self", DT_DEPRECATED|DT_QUAD, 0, IP "2019-09-09" }, |
146 | | { "smime_encrypt_self", DT_DEPRECATED|DT_QUAD, 0, IP "2019-09-09" }, |
147 | | |
148 | | { NULL }, |
149 | | // clang-format on |
150 | | }; |
151 | | |
152 | | #if defined(CRYPT_BACKEND_GPGME) |
153 | | /** |
154 | | * NcryptVarsGpgme - GPGME Config definitions for the encryption library |
155 | | */ |
156 | | static struct ConfigDef NcryptVarsGpgme[] = { |
157 | | // clang-format off |
158 | | { "crypt_use_gpgme", DT_BOOL, true, 0, NULL, |
159 | | "Use GPGME crypto backend" |
160 | | }, |
161 | | { "crypt_use_pka", DT_BOOL, false, 0, NULL, |
162 | | "Use GPGME to use PKA (lookup PGP keys using DNS)" |
163 | | }, |
164 | | { NULL }, |
165 | | // clang-format on |
166 | | }; |
167 | | #endif |
168 | | |
169 | | #if defined(CRYPT_BACKEND_CLASSIC_PGP) |
170 | | /** |
171 | | * NcryptVarsPgp - PGP Config definitions for the encryption library |
172 | | */ |
173 | | static struct ConfigDef NcryptVarsPgp[] = { |
174 | | // clang-format off |
175 | | { "pgp_check_exit", DT_BOOL, true, 0, NULL, |
176 | | "Check the exit code of PGP subprocess" |
177 | | }, |
178 | | { "pgp_check_gpg_decrypt_status_fd", DT_BOOL, true, 0, NULL, |
179 | | "File descriptor used for status info" |
180 | | }, |
181 | | { "pgp_clear_sign_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
182 | | "(pgp) External command to inline-sign a message" |
183 | | }, |
184 | | { "pgp_decode_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
185 | | "(pgp) External command to decode a PGP attachment" |
186 | | }, |
187 | | { "pgp_decrypt_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
188 | | "(pgp) External command to decrypt a PGP message" |
189 | | }, |
190 | | { "pgp_decryption_okay", DT_REGEX, 0, 0, NULL, |
191 | | "Text indicating a successful decryption" |
192 | | }, |
193 | | { "pgp_encrypt_only_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
194 | | "(pgp) External command to encrypt, but not sign a message" |
195 | | }, |
196 | | { "pgp_encrypt_sign_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
197 | | "(pgp) External command to encrypt and sign a message" |
198 | | }, |
199 | | { "pgp_export_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
200 | | "(pgp) External command to export a public key from the user's keyring" |
201 | | }, |
202 | | { "pgp_get_keys_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
203 | | "(pgp) External command to download a key for an email address" |
204 | | }, |
205 | | { "pgp_good_sign", DT_REGEX, 0, 0, NULL, |
206 | | "Text indicating a good signature" |
207 | | }, |
208 | | { "pgp_import_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
209 | | "(pgp) External command to import a key into the user's keyring" |
210 | | }, |
211 | | { "pgp_list_pubring_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
212 | | "(pgp) External command to list the public keys in a user's keyring" |
213 | | }, |
214 | | { "pgp_list_secring_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
215 | | "(pgp) External command to list the private keys in a user's keyring" |
216 | | }, |
217 | | { "pgp_sign_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
218 | | "(pgp) External command to create a detached PGP signature" |
219 | | }, |
220 | | { "pgp_timeout", DT_LONG|DT_NOT_NEGATIVE, 300, 0, NULL, |
221 | | "Time in seconds to cache a passphrase" |
222 | | }, |
223 | | { "pgp_use_gpg_agent", DT_BOOL, true, 0, NULL, |
224 | | "Use a PGP agent for caching passwords" |
225 | | }, |
226 | | { "pgp_verify_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
227 | | "(pgp) External command to verify PGP signatures" |
228 | | }, |
229 | | { "pgp_verify_key_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
230 | | "(pgp) External command to verify key information" |
231 | | }, |
232 | | { "pgp_clearsign_command", DT_SYNONYM, IP "pgp_clear_sign_command", IP "2021-02-11" }, |
233 | | { "pgp_getkeys_command", DT_SYNONYM, IP "pgp_get_keys_command", IP "2021-02-11" }, |
234 | | { NULL }, |
235 | | // clang-format on |
236 | | }; |
237 | | #endif |
238 | | |
239 | | #if defined(CRYPT_BACKEND_CLASSIC_SMIME) |
240 | | /** |
241 | | * NcryptVarsSmime - SMIME Config definitions for the encryption library |
242 | | */ |
243 | | static struct ConfigDef NcryptVarsSmime[] = { |
244 | | // clang-format off |
245 | | { "smime_ask_cert_label", DT_BOOL, true, 0, NULL, |
246 | | "Prompt the user for a label for SMIME certificates" |
247 | | }, |
248 | | { "smime_ca_location", DT_PATH|DT_PATH_FILE, 0, 0, NULL, |
249 | | "File containing trusted certificates" |
250 | | }, |
251 | | { "smime_certificates", DT_PATH|DT_PATH_DIR, 0, 0, NULL, |
252 | | "File containing user's public certificates" |
253 | | }, |
254 | | { "smime_decrypt_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
255 | | "(smime) External command to decrypt an SMIME message" |
256 | | }, |
257 | | { "smime_decrypt_use_default_key", DT_BOOL, true, 0, NULL, |
258 | | "Use the default key for decryption" |
259 | | }, |
260 | | { "smime_encrypt_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
261 | | "(smime) External command to encrypt a message" |
262 | | }, |
263 | | { "smime_get_cert_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
264 | | "(smime) External command to extract a certificate from a message" |
265 | | }, |
266 | | { "smime_get_cert_email_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
267 | | "(smime) External command to get a certificate for an email" |
268 | | }, |
269 | | { "smime_get_signer_cert_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
270 | | "(smime) External command to extract a certificate from an email" |
271 | | }, |
272 | | { "smime_import_cert_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
273 | | "(smime) External command to import a certificate" |
274 | | }, |
275 | | { "smime_keys", DT_PATH|DT_PATH_DIR, 0, 0, NULL, |
276 | | "File containing user's private certificates" |
277 | | }, |
278 | | { "smime_pk7out_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
279 | | "(smime) External command to extract a public certificate" |
280 | | }, |
281 | | { "smime_sign_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
282 | | "(smime) External command to sign a message" |
283 | | }, |
284 | | { "smime_sign_digest_alg", DT_STRING, IP "sha256", 0, NULL, |
285 | | "Digest algorithm" |
286 | | }, |
287 | | { "smime_timeout", DT_NUMBER|DT_NOT_NEGATIVE, 300, 0, NULL, |
288 | | "Time in seconds to cache a passphrase" |
289 | | }, |
290 | | { "smime_verify_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
291 | | "(smime) External command to verify a signed message" |
292 | | }, |
293 | | { "smime_verify_opaque_command", DT_STRING|DT_COMMAND, 0, 0, NULL, |
294 | | "(smime) External command to verify a signature" |
295 | | }, |
296 | | { NULL }, |
297 | | // clang-format on |
298 | | }; |
299 | | #endif |
300 | | |
301 | | /** |
302 | | * config_init_ncrypt - Register ncrypt config variables - Implements ::module_init_config_t - @ingroup cfg_module_api |
303 | | */ |
304 | | bool config_init_ncrypt(struct ConfigSet *cs) |
305 | 9.94k | { |
306 | 9.94k | bool rc = cs_register_variables(cs, NcryptVars, DT_NO_FLAGS); |
307 | | |
308 | | #if defined(CRYPT_BACKEND_GPGME) |
309 | | rc |= cs_register_variables(cs, NcryptVarsGpgme, DT_NO_FLAGS); |
310 | | #endif |
311 | | |
312 | 9.94k | #if defined(CRYPT_BACKEND_CLASSIC_PGP) |
313 | 9.94k | rc |= cs_register_variables(cs, NcryptVarsPgp, DT_NO_FLAGS); |
314 | 9.94k | #endif |
315 | | |
316 | 9.94k | #if defined(CRYPT_BACKEND_CLASSIC_SMIME) |
317 | 9.94k | rc |= cs_register_variables(cs, NcryptVarsSmime, DT_NO_FLAGS); |
318 | 9.94k | #endif |
319 | | |
320 | 9.94k | return rc; |
321 | 9.94k | } |