Add self-encrypt options for PGP and S/MIME.

Add $pgp_self_encrypt, $pgp_self_encrypt_as, $smime_self_encrypt,
$smime_self_encrypt_as.

$pgp_sign_as and $smime_default_key are inappropriate to use, as they
specify signing key/certs.  In some cases, this is a different value
than the encryption key/cert.

diff --git a/globals.h b/globals.h
index 39147b00a804c176dab38c6f8231aeef365698b6..8a737593e9d27953a010252b1b058a6c7b49c1f6 100644 (file)
--- a/globals.h
+++ b/globals.h
@@ -303,6 +303,7 @@ WHERE char *PgpVerifyKeyCommand;
 WHERE char *PgpListSecringCommand;
 WHERE char *PgpListPubringCommand;
 WHERE char *PgpGetkeysCommand;
+WHERE char *PgpSelfEncryptAs;
 
 /* -- formerly in smime.h -- */
 WHERE char *SmimeDefaultKey;
@@ -323,6 +324,7 @@ WHERE char *SmimePk7outCommand;
 WHERE char *SmimeGetCertCommand;
 WHERE char *SmimeImportCertCommand;
 WHERE char *SmimeGetCertEmailCommand;
+WHERE char *SmimeSelfEncryptAs;
 
 #ifdef USE_NOTMUCH
 WHERE int NotmuchOpenTimeout;

diff --git a/init.h b/init.h
index ba8b7d4efb39a3e54aaeefeda37d43108a0178b3..07742deceb981107fa95776037fe340e76a11915 100644 (file)
--- a/init.h
+++ b/init.h
@@ -2448,6 +2448,20 @@ struct Option MuttVars[] = {
   ** removed, while the inner \fCmultipart/signed\fP part is retained.
   ** (PGP only)
   */
+  { "pgp_self_encrypt",    DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 },
+  /*
+  ** .pp
+  ** When \fIset\fP, PGP encrypted messages will also be encrypted
+  ** using the key in $$pgp_self_encrypt_as.
+  ** (PGP only)
+  */
+  { "pgp_self_encrypt_as", DT_STR,  R_NONE, UL &PgpSelfEncryptAs, 0 },
+  /*
+  ** .pp
+  ** This is an additional key used to encrypt messages when $$pgp_self_encrypt
+  ** is \fIset\fP.  It should be in keyid or fingerprint form (e.g. 0x00112233).
+  ** (PGP only)
+  */
   { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 },
   /*
   ** .pp
@@ -3542,6 +3556,21 @@ struct Option MuttVars[] = {
   ** possible \fCprintf(3)\fP-like sequences.
   ** (S/MIME only)
   */
+  { "smime_self_encrypt",    DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 },
+  /*
+  ** .pp
+  ** When \fIset\fP, S/MIME encrypted messages will also be encrypted
+  ** using the certificate in $$smime_self_encrypt_as.
+  ** (S/MIME only)
+  */
+  { "smime_self_encrypt_as", DT_STR,  R_NONE, UL &SmimeSelfEncryptAs, 0 },
+  /*
+  ** .pp
+  ** This is an additional certificate used to encrypt messages when
+  ** $$smime_self_encrypt is \fIset\fP.  It should be the
+  ** hash-value that OpenSSL generates.
+  ** (S/MIME only)
+  */
   { "smime_sign_command",       DT_STR, R_NONE, UL &SmimeSignCommand, 0 },
   /*
   ** .pp

diff --git a/ncrypt/crypt.c b/ncrypt/crypt.c
index daa4f4717875e12b777304900277d931c1ae0036..0b5aa83682b65e2ff6fed73e5ccd6fb311e0ef54 100644 (file)
--- a/ncrypt/crypt.c
+++ b/ncrypt/crypt.c
@@ -781,6 +781,8 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode)
 {
   struct Address *adrlist = NULL, *last = NULL;
   const char *fqdn = mutt_fqdn(1);
+  char *self_encrypt = NULL;
+  size_t keylist_size;
 
   /* Do a quick check to make sure that we can find all of the encryption
    * keys if the user has requested this service.
@@ -812,6 +814,8 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode)
         return -1;
       }
       unset_option(OPTPGPCHECKTRUST);
+      if (option(OPTPGPSELFENCRYPT))
+        self_encrypt = PgpSelfEncryptAs;
     }
     if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME))
     {
@@ -820,9 +824,18 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode)
         rfc822_free_address(&adrlist);
         return -1;
       }
+      if (option(OPTSMIMESELFENCRYPT))
+        self_encrypt = SmimeSelfEncryptAs;
     }
   }
 
+  if (!oppenc_mode && self_encrypt && *self_encrypt)
+  {
+    keylist_size = mutt_strlen(*keylist);
+    safe_realloc(keylist, keylist_size + mutt_strlen(self_encrypt) + 2);
+    sprintf(*keylist + keylist_size, " %s", self_encrypt);
+  }
+
   rfc822_free_address(&adrlist);
 
   return 0;

diff --git a/options.h b/options.h
index bf4e769dbca6786cf5d6530b1be4617123e22fb1..3977be152e1695be4914b0a66c8be1ffae920ddc 100644 (file)
--- a/options.h
+++ b/options.h
@@ -208,6 +208,7 @@ enum
   OPTCRYPTREPLYSIGNENCRYPTED,
   OPTCRYPTTIMESTAMP,
   OPTSMIMEISDEFAULT,
+  OPTSMIMESELFENCRYPT,
   OPTASKCERTLABEL,
   OPTSDEFAULTDECRYPTKEY,
   OPTPGPIGNORESUB,
@@ -215,6 +216,7 @@ enum
   OPTPGPLONGIDS,
   OPTPGPAUTODEC,
   OPTPGPRETAINABLESIG,
+  OPTPGPSELFENCRYPT,
   OPTPGPSTRICTENC,
   OPTFORWDECRYPT,
   OPTPGPSHOWUNUSABLE,