Create pgp and s/mime default and sign_as key vars. (see #3983)

The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration
variables have created a somewhat messier situation for users.  Many
of them now have to specify their keys across multiple configuration
variables.

(Trac) Ticket #3983 had a reasonable request: "if my encrypt and
signing keys are the same, why can't I just specify my key once in my
.muttrc?"

The problem currently is that $smime_default_key and $pgp_sign_as are
both used to specify signing keys, and are set by the "sign (a)s"
security menu choice.  So we can't store encryption keys there because
some users have separate sign-only capability keys.

Create $pgp_default_key to store the default encryption key.  Change
signing to use $pgp_default_key, unless overridden by $pgp_sign_as.
The pgp "sign (a)s" will continue setting $pgp_sign_as.

Create $smime_sign_as.  Change signing to use $smime_default_key
unless overridden by $smime_sign_as.  Change s/mime "sign (a)s" menu
to set $smime_sign_as instead.

Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use
$(pgp/smime)_default_key by default.

Mark $(pgp/smime)_self_encrypt_as deprecated.  They are now aliases
for the $(pgp/smime)_default_key config vars.

Change $(pgp/smime)_self_encrypt default to set.

The intent is that most users now need only set
$(pgp/smime)_default_key.  If they have a sign-only key, or have
separate signing and encryption keys, they can put that in
$(pgp/smime)_sign_as.  This also enables to default self_encrypt on
and solve a very common request.

Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing
me towards a solution.

diff --git a/compose.c b/compose.c
index dc909c7b88f8a347312b297cea4321da1cbd6970..6ca9c5a12b5eeac577d14da13a9499d77ad10131 100644 (file)
--- a/compose.c
+++ b/compose.c
@@ -253,7 +253,7 @@ static void redraw_crypt_lines (HEADER *msg)
     SETCOLOR (MT_COLOR_COMPOSE_HEADER);
     printw ("%*s", HeaderPadding[HDR_CRYPTINFO], _(Prompts[HDR_CRYPTINFO]));
     NORMAL_COLOR;
-    printw ("%s", SmimeDefaultKey ? SmimeDefaultKey : _("<default>"));
+    printw ("%s", SmimeSignAs ? SmimeSignAs : _("<default>"));
   }
 
   if ((WithCrypto & APPLICATION_SMIME)

diff --git a/crypt-gpgme.c b/crypt-gpgme.c
index 7283e1095e3d636ceaa6d121e797cdd89db05dda..87a11e8fee3708ba25ea5ced3ad9717972b1c9db 100644 (file)
--- a/crypt-gpgme.c
+++ b/crypt-gpgme.c
@@ -703,11 +703,16 @@ static gpgme_key_t *create_recipient_set (const char *keylist,
 /* Make sure that the correct signer is set. Returns 0 on success. */
 static int set_signer (gpgme_ctx_t ctx, int for_smime)
 {
-  char *signid = for_smime ? SmimeDefaultKey: PgpSignAs;
+  char *signid;
   gpgme_error_t err;
   gpgme_ctx_t listctx;
   gpgme_key_t key, key2;
 
+  if (for_smime)
+    signid = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey;
+  else
+    signid = (PgpSignAs && *PgpSignAs) ? PgpSignAs : PgpDefaultKey;
+
   if (!signid || !*signid)
     return 0;
 
@@ -4840,8 +4845,8 @@ static int gpgme_send_menu (HEADER *msg, int is_smime)
       {
         snprintf (input_signas, sizeof (input_signas), "0x%s",
             crypt_fpr_or_lkeyid (p));
-        mutt_str_replace (is_smime? &SmimeDefaultKey : &PgpSignAs, input_signas);
-        crypt_free_key (&p); 
+        mutt_str_replace (is_smime? &SmimeSignAs : &PgpSignAs, input_signas);
+        crypt_free_key (&p);
 
         msg->security |= SIGN;
       }

diff --git a/crypt.c b/crypt.c
index 19a585d06544bf6582d9fb9f8013a69e64fe69dd..ab82ab9296cb2aa44458dc20dd7ca759a7598306 100644 (file)
--- a/crypt.c
+++ b/crypt.c
@@ -832,7 +832,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode)
        }
        unset_option (OPTPGPCHECKTRUST);
        if (option (OPTPGPSELFENCRYPT))
-         self_encrypt = PgpSelfEncryptAs;
+         self_encrypt = PgpDefaultKey;
      }
      if ((WithCrypto & APPLICATION_SMIME)
          && (msg->security & APPLICATION_SMIME))
@@ -843,7 +843,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode)
            return (-1);
        }
        if (option (OPTSMIMESELFENCRYPT))
-         self_encrypt = SmimeSelfEncryptAs;
+         self_encrypt = SmimeDefaultKey;
      }
   }
 

diff --git a/doc/manual.xml.head b/doc/manual.xml.head
index 51d646b783bdc1ce5c3604340c30a7ca5de5068e..2a17ca69d16850a411cfb4db959dc3e7859bfb51 100644 (file)
--- a/doc/manual.xml.head
+++ b/doc/manual.xml.head
@@ -1476,11 +1476,11 @@ be encrypted using the selected public keys when sent out.
 </para>
 
 <para>
-To ensure you can view encrypted message you have sent, you
+To ensure you can view encrypted messages you have sent, you
 may wish to set <link linkend="pgp-self-encrypt">$pgp_self_encrypt</link>
-and <link linkend="pgp-self-encrypt-as">$pgp_self_encrypt_as</link> for PGP, or
+and <link linkend="pgp-default-key">$pgp_default_key</link> for PGP, or
 <link linkend="smime-self-encrypt">$smime_self_encrypt</link>
-and <link linkend="smime-self-encrypt-as">$smime_self_encrypt_as</link> for S/MIME.
+and <link linkend="smime-default-key">$smime_default_key</link> for S/MIME.
 </para>
 
 <para>

diff --git a/globals.h b/globals.h
index 61b9515740fbf79c255ff231bf7837e31a599bb9..14f3729557bcedce5b70b84f2a848c4bdf84d906 100644 (file)
--- a/globals.h
+++ b/globals.h
@@ -251,6 +251,7 @@ WHERE LIST *UserHeader INITVAL (0);
 /*-- formerly in pgp.h --*/
 WHERE REGEXP PgpGoodSign;
 WHERE REGEXP PgpDecryptionOkay;
+WHERE char *PgpDefaultKey;
 WHERE char *PgpSignAs;
 WHERE short PgpTimeout;
 WHERE char *PgpEntryFormat;
@@ -267,10 +268,10 @@ WHERE char *PgpVerifyKeyCommand;
 WHERE char *PgpListSecringCommand;
 WHERE char *PgpListPubringCommand;
 WHERE char *PgpGetkeysCommand;
-WHERE char *PgpSelfEncryptAs;
 
 /*-- formerly in smime.h --*/
 WHERE char *SmimeDefaultKey;
+WHERE char *SmimeSignAs;
 WHERE short SmimeTimeout;
 WHERE char *SmimeCertificates;
 WHERE char *SmimeKeys;
@@ -288,7 +289,6 @@ WHERE char *SmimePk7outCommand;
 WHERE char *SmimeGetCertCommand;
 WHERE char *SmimeImportCertCommand;
 WHERE char *SmimeGetCertEmailCommand;
-WHERE char *SmimeSelfEncryptAs;
 
 
 

diff --git a/init.h b/init.h
index fa4e620a050886c6a34a63d137a9854e6d056352..1f38d4ab234244fe3b5a2f0eda8f796f62629021 100644 (file)
--- a/init.h
+++ b/init.h
@@ -1925,7 +1925,8 @@ struct option_t MuttVars[] = {
   ** .dt %f .dd Expands to the name of a file containing a message.
   ** .dt %s .dd Expands to the name of a file containing the signature part
   ** .          of a \fCmultipart/signed\fP attachment when verifying it.
-  ** .dt %a .dd The value of $$pgp_sign_as.
+  ** .dt %a .dd The value of $$pgp_sign_as if set, otherwise the value
+  **            of $$pgp_default_key.
   ** .dt %r .dd One or more key IDs (or fingerprints if available).
   ** .de
   ** .pp
@@ -1955,6 +1956,19 @@ struct option_t MuttVars[] = {
   ** (e.g. simply signed and ascii armored text).
   ** (PGP only)
   */
+  { "pgp_self_encrypt_as",     DT_SYN,  R_NONE, UL "pgp_default_key", 0 },
+  { "pgp_default_key",         DT_STR,  R_NONE, UL &PgpDefaultKey, 0 },
+  /*
+  ** .pp
+  ** This is the default key-pair to use for PGP operations.  It will be
+  ** used for encryption (see $$postpone_encrypt and $$pgp_self_encrypt).
+  ** .pp
+  ** It will also be used for signing unless $$pgp_sign_as is set.
+  ** .pp
+  ** The (now deprecated) \fIpgp_self_encrypt_as\fP is an alias for this
+  ** variable, and should no longer be used.
+  ** (PGP only)
+  */
   { "pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, 0},
   /*
   ** .pp
@@ -2135,19 +2149,11 @@ struct option_t MuttVars[] = {
   ** removed, while the inner \fCmultipart/signed\fP part is retained.
   ** (PGP only)
   */
-  { "pgp_self_encrypt",    DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 },
+  { "pgp_self_encrypt",    DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 1 },
   /*
   ** .pp
   ** When \fIset\fP, PGP encrypted messages will also be encrypted
-  ** using the key in $$pgp_self_encrypt_as.
-  ** (PGP only)
-  */
-  { "pgp_self_encrypt_as", DT_STR,  R_NONE, UL &PgpSelfEncryptAs, 0 },
-  /*
-  ** .pp
-  ** This is an additional key used to encrypt messages when $$pgp_self_encrypt
-  ** is \fIset\fP.  It is also used to specify the key for $$postpone_encrypt.
-  ** It should be in keyid or fingerprint form (e.g. 0x00112233).
+  ** using the key in $$pgp_default_key.
   ** (PGP only)
   */
   { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 },
@@ -2161,9 +2167,10 @@ struct option_t MuttVars[] = {
   { "pgp_sign_as",     DT_STR,  R_NONE, UL &PgpSignAs, 0 },
   /*
   ** .pp
-  ** If you have more than one key pair, this option allows you to specify
-  ** which of your private keys to use.  It is recommended that you use the
-  ** keyid form to specify your key (e.g. \fC0x00112233\fP).
+  ** If you have a different key pair to use for signing, you should
+  ** set this to the signing key.  Most people will only need to set
+  ** $$pgp_default_key.  It is recommended that you use the keyid form
+  ** to specify your key (e.g. \fC0x00112233\fP).
   ** (PGP only)
   */
   { "pgp_sign_command",                DT_STR, R_NONE, UL &PgpSignCommand, 0},
@@ -2370,7 +2377,7 @@ struct option_t MuttVars[] = {
   ** .pp
   ** When \fIset\fP, postponed messages that are marked for encryption will be
   ** self-encrypted.  Mutt will first try to encrypt using the value specified
-  ** in $$pgp_self_encrypt_as or $$smime_self_encrypt_as.  If those are not
+  ** in $$pgp_default_key or $$smime_default_key.  If those are not
   ** set, it will try the deprecated $$postpone_encrypt_as.
   ** (Crypto only)
   */
@@ -2378,7 +2385,7 @@ struct option_t MuttVars[] = {
   /*
   ** .pp
   ** This is a deprecated fall-back variable for $$postpone_encrypt.
-  ** Please use $$pgp_self_encrypt_as or $$smime_self_encrypt_as.
+  ** Please use $$pgp_default_key or $$smime_default_key.
   ** (Crypto only)
   */
 #ifdef USE_SOCKET
@@ -3093,12 +3100,23 @@ struct option_t MuttVars[] = {
   ** to determine the key to use. It will ask you to supply a key, if it can't find one.
   ** (S/MIME only)
   */
-  { "smime_sign_as",                   DT_SYN,  R_NONE, UL "smime_default_key", 0 },
+  { "smime_self_encrypt_as",   DT_SYN,  R_NONE, UL "smime_default_key", 0 },
   { "smime_default_key",               DT_STR,  R_NONE, UL &SmimeDefaultKey, 0 },
   /*
   ** .pp
-  ** This is the default key-pair to use for signing. This must be set to the
-  ** keyid (the hash-value that OpenSSL generates) to work properly
+  ** This is the default key-pair to use for S/MIME operations, and must be
+  ** set to the keyid (the hash-value that OpenSSL generates) to work properly.
+  ** .pp
+  ** It will be used for encryption (see $$postpone_encrypt and
+  ** $$smime_self_encrypt).
+  ** .pp
+  ** It will be used for decryption unless $$smime_decrypt_use_default_key
+  ** is \fIunset\fP.
+  ** .pp
+  ** It will also be used for signing unless $$smime_sign_as is set.
+  ** .pp
+  ** The (now deprecated) \fIsmime_self_encrypt_as\fP is an alias for this
+  ** variable, and should no longer be used.
   ** (S/MIME only)
   */
   { "smime_encrypt_command",   DT_STR, R_NONE, UL &SmimeEncryptCommand, 0},
@@ -3188,20 +3206,18 @@ struct option_t MuttVars[] = {
   ** possible \fCprintf(3)\fP-like sequences.
   ** (S/MIME only)
   */
-  { "smime_self_encrypt",    DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 },
+  { "smime_self_encrypt",    DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 1 },
   /*
   ** .pp
   ** When \fIset\fP, S/MIME encrypted messages will also be encrypted
-  ** using the certificate in $$smime_self_encrypt_as.
+  ** using the certificate in $$smime_default_key.
   ** (S/MIME only)
   */
-  { "smime_self_encrypt_as", DT_STR,  R_NONE, UL &SmimeSelfEncryptAs, 0 },
+  { "smime_sign_as",   DT_STR,  R_NONE, UL &SmimeSignAs, 0 },
   /*
   ** .pp
-  ** This is an additional certificate used to encrypt messages when
-  ** $$smime_self_encrypt is \fIset\fP.  It is also used to specify the
-  ** certificate for $$postpone_encrypt.  It should be the hash-value that
-  ** OpenSSL generates.
+  ** If you have a separate key to use for signing, you should set this
+  ** to the signing key. Most people will only need to set $$smime_default_key.
   ** (S/MIME only)
   */
   { "smime_sign_command",      DT_STR, R_NONE, UL &SmimeSignCommand, 0},
@@ -3211,7 +3227,8 @@ struct option_t MuttVars[] = {
   ** \fCmultipart/signed\fP, which can be read by all mail clients.
   ** .pp
   ** This is a format string, see the $$smime_decrypt_command command for
-  ** possible \fCprintf(3)\fP-like sequences.
+  ** possible \fCprintf(3)\fP-like sequences.  NOTE: %c and %k will default
+  ** to $$smime_sign_as if set, otherwise $$smime_default_key.
   ** (S/MIME only)
   */
   { "smime_sign_digest_alg",   DT_STR,  R_NONE, UL &SmimeDigestAlg, UL "sha256" },

diff --git a/pgpinvoke.c b/pgpinvoke.c
index ee766282a6287d5c5adfbaf136c742f762d80768..aa0efef515221ef154e0b8070dbfa34e1db2e927 100644 (file)
--- a/pgpinvoke.c
+++ b/pgpinvoke.c
@@ -164,7 +164,6 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                         short need_passphrase,
                         const char *fname,
                         const char *sig_fname,
-                        const char *signas,
                         const char *ids,
                         const char *format)
 {
@@ -179,7 +178,10 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr,
   cctx.need_passphrase = need_passphrase;
   cctx.fname          = fname;
   cctx.sig_fname       = sig_fname;
-  cctx.signas         = signas;
+  if (PgpSignAs && *PgpSignAs)
+    cctx.signas               = PgpSignAs;
+  else
+    cctx.signas               = PgpDefaultKey;
   cctx.ids            = ids;
   
   mutt_pgp_command (cmd, sizeof (cmd), &cctx, format);
@@ -196,13 +198,12 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr,
  *
  */
 
-
 pid_t pgp_invoke_decode (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                         int pgpinfd, int pgpoutfd, int pgperrfd, 
                         const char *fname, short need_passphrase)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    need_passphrase, fname, NULL, PgpSignAs, NULL, 
+                    need_passphrase, fname, NULL, NULL,
                     PgpDecodeCommand);
 }
 
@@ -211,7 +212,7 @@ pid_t pgp_invoke_verify (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                         const char *fname, const char *sig_fname)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    0, fname, sig_fname, PgpSignAs, NULL, PgpVerifyCommand);
+                    0, fname, sig_fname, NULL, PgpVerifyCommand);
 }
 
 pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr,
@@ -219,7 +220,7 @@ pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                          const char *fname)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    1, fname, NULL, PgpSignAs, NULL, PgpDecryptCommand);
+                    1, fname, NULL, NULL, PgpDecryptCommand);
 }
 
 pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr,
@@ -227,7 +228,7 @@ pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                       const char *fname)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    1, fname, NULL, PgpSignAs, NULL, PgpSignCommand);
+                    1, fname, NULL, NULL, PgpSignCommand);
 }
 
 
@@ -237,11 +238,11 @@ pid_t pgp_invoke_encrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr,
 {
   if (sign)
     return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                      1, fname, NULL, PgpSignAs, uids, 
+                      1, fname, NULL, uids,
                       PgpEncryptSignCommand);
   else
     return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                      0, fname, NULL, PgpSignAs, uids,
+                      0, fname, NULL, uids,
                       PgpEncryptOnlyCommand);
 }
 
@@ -251,11 +252,11 @@ pid_t pgp_invoke_traditional (FILE **pgpin, FILE **pgpout, FILE **pgperr,
 {
   if (flags & ENCRYPT)
     return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                      flags & SIGN ? 1 : 0, fname, NULL, PgpSignAs, uids, 
+                      flags & SIGN ? 1 : 0, fname, NULL, uids,
                       flags & SIGN ? PgpEncryptSignCommand : PgpEncryptOnlyCommand);
   else
     return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                      1, fname, NULL, PgpSignAs, NULL,
+                      1, fname, NULL, NULL,
                       PgpClearSignCommand);
 }
 
@@ -270,7 +271,10 @@ void pgp_invoke_import (const char *fname)
   
   mutt_quote_filename (_fname, sizeof (_fname), fname);
   cctx.fname = _fname;
-  cctx.signas = PgpSignAs;
+  if (PgpSignAs && *PgpSignAs)
+    cctx.signas               = PgpSignAs;
+  else
+    cctx.signas               = PgpDefaultKey;
   
   mutt_pgp_command (cmd, sizeof (cmd), &cctx, PgpImportCommand);
   mutt_system (cmd);
@@ -321,7 +325,7 @@ pid_t pgp_invoke_export (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                         const char *uids)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    0, NULL, NULL, PgpSignAs, uids,
+                    0, NULL, NULL, uids,
                     PgpExportCommand);
 }
 
@@ -330,7 +334,7 @@ pid_t pgp_invoke_verify_key (FILE **pgpin, FILE **pgpout, FILE **pgperr,
                             const char *uids)
 {
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    0, NULL, NULL, PgpSignAs, uids,
+                    0, NULL, NULL, uids,
                     PgpVerifyKeyCommand);
 }
 
@@ -352,7 +356,7 @@ pid_t pgp_invoke_list_keys (FILE **pgpin, FILE **pgpout, FILE **pgperr,
   }
 
   return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    0, NULL, NULL, PgpSignAs, uids,
+                    0, NULL, NULL, uids,
                     keyring == PGP_SECRING ? PgpListSecringCommand :
                     PgpListPubringCommand);
 }

diff --git a/postpone.c b/postpone.c
index e28a87591533672fcbe9487ce3cc3ed0533fa714..91dec27866fb3d2551aae9dad5b76becf8a36f43 100644 (file)
--- a/postpone.c
+++ b/postpone.c
@@ -531,7 +531,7 @@ int mutt_parse_crypt_hdr (const char *p, int set_empty_signas, int crypt_app)
   if ((WithCrypto & APPLICATION_SMIME) && (crypt_app == APPLICATION_SMIME)
       && (flags & SIGN)
       && (set_empty_signas || *sign_as))
-    mutt_str_replace (&SmimeDefaultKey, sign_as);
+    mutt_str_replace (&SmimeSignAs, sign_as);
 
   return flags;
 }

diff --git a/send.c b/send.c
index bcd54095521800fc4e2ebfbee799c6228b803d5d..7554217e1bd86910e003e6198163bb2afe85de6d 100644 (file)
--- a/send.c
+++ b/send.c
@@ -1158,7 +1158,7 @@ ci_send_message (int flags,               /* send mode */
   char *pgpkeylist = NULL;
   /* save current value of "pgp_sign_as"  and "smime_default_key" */
   char *pgp_signas = NULL;
-  char *smime_default_key = NULL;
+  char *smime_signas = NULL;
   char *tag = NULL, *err = NULL;
   char *ctype;
 
@@ -1183,7 +1183,7 @@ ci_send_message (int flags,               /* send mode */
     if (WithCrypto & APPLICATION_PGP)
       pgp_signas = safe_strdup(PgpSignAs);
     if (WithCrypto & APPLICATION_SMIME)
-      smime_default_key = safe_strdup(SmimeDefaultKey);
+      smime_signas = safe_strdup(SmimeSignAs);
   }
 
   /* Delay expansion of aliases until absolutely necessary--shouldn't
@@ -1629,9 +1629,9 @@ main_loop:
         char *encrypt_as = NULL;
 
         if ((WithCrypto & APPLICATION_PGP) && (msg->security & APPLICATION_PGP))
-          encrypt_as = PgpSelfEncryptAs;
+          encrypt_as = PgpDefaultKey;
         else if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME))
-          encrypt_as = SmimeSelfEncryptAs;
+          encrypt_as = SmimeDefaultKey;
         if (!(encrypt_as && *encrypt_as))
           encrypt_as = PostponeEncryptAs;
 
@@ -1958,8 +1958,8 @@ cleanup:
     }
     if (WithCrypto & APPLICATION_SMIME)
     {
-      FREE (&SmimeDefaultKey);
-      SmimeDefaultKey = smime_default_key;
+      FREE (&SmimeSignAs);
+      SmimeSignAs = smime_signas;
     }
   }
    

diff --git a/sendlib.c b/sendlib.c
index 880b85468309bc1fe90b92f7577bd251a3889314..da1e505388480e095633387cc3d85cb7dbcc011d 100644 (file)
--- a/sendlib.c
+++ b/sendlib.c
@@ -2863,8 +2863,8 @@ int mutt_write_fcc (const char *path, HEADER *hdr, const char *msgid, int post,
       fputc ('O', msg->fp);
     if (hdr->security & SIGN) {
        fputc ('S', msg->fp);
-       if (SmimeDefaultKey && *SmimeDefaultKey)
-           fprintf (msg->fp, "<%s>", SmimeDefaultKey);
+       if (SmimeSignAs && *SmimeSignAs)
+           fprintf (msg->fp, "<%s>", SmimeSignAs);
     }
     if (hdr->security & INLINE)
       fputc ('I', msg->fp);

diff --git a/smime.c b/smime.c
index 0ba58a1fdc88206c18a181e4a6a9c8e44a2a8648..823fc73de097f50a9e271327fa27acb180dc34bd 100644 (file)
--- a/smime.c
+++ b/smime.c
@@ -1527,11 +1527,13 @@ BODY *smime_sign_message (BODY *a )
   int err = 0;
   int empty = 0;
   pid_t thepid;
-  smime_key_t *default_key;
+  char *signas;
+  smime_key_t *signas_key;
   char *intermediates;
   char *micalg;
 
-  if (!SmimeDefaultKey)
+  signas = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey;
+  if (!signas || !*signas)
   {
     mutt_error _("Can't sign: No key specified. Use Sign As.");
     return NULL;
@@ -1563,22 +1565,22 @@ BODY *smime_sign_message (BODY *a )
   
 
   snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", 
-          NONULL(SmimeKeys), SmimeDefaultKey);
+          NONULL(SmimeKeys), signas);
 
   snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s",
-          NONULL(SmimeCertificates), SmimeDefaultKey);
+          NONULL(SmimeCertificates), signas);
   
-  default_key = smime_get_key_by_hash (SmimeDefaultKey, 1);
-  if ((! default_key) ||
-      (! mutt_strcmp ("?", default_key->issuer)))
-    intermediates = SmimeDefaultKey; /* so openssl won't complain in any case */
+  signas_key = smime_get_key_by_hash (signas, 1);
+  if ((! signas_key) ||
+      (! mutt_strcmp ("?", signas_key->issuer)))
+    intermediates = signas; /* so openssl won't complain in any case */
   else
-    intermediates = default_key->issuer;
+    intermediates = signas_key->issuer;
 
   snprintf (SmimeIntermediateToUse, sizeof (SmimeIntermediateToUse), "%s/%s",
           NONULL(SmimeCertificates), intermediates);
 
-  smime_free_key (&default_key);
+  smime_free_key (&signas_key);
   
 
 
@@ -2216,19 +2218,11 @@ int smime_send_menu (HEADER *msg)
       break;
 
     case 's': /* (s)ign */
+      msg->security &= ~ENCRYPT;
+      msg->security |= SIGN;
+      break;
+
     case 'S': /* (s)ign in oppenc mode */
-      if(!SmimeDefaultKey)
-      {
-        if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0)))
-        {
-          mutt_str_replace (&SmimeDefaultKey, key->hash);
-          smime_free_key (&key);
-        }
-        else
-          break;
-      }
-      if (choices[choice - 1] == 's')
-        msg->security &= ~ENCRYPT;
       msg->security |= SIGN;
       break;
 
@@ -2236,9 +2230,9 @@ int smime_send_menu (HEADER *msg)
 
       if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0))) 
       {
-        mutt_str_replace (&SmimeDefaultKey, key->hash);
+        mutt_str_replace (&SmimeSignAs, key->hash);
         smime_free_key (&key);
-          
+
         msg->security |= SIGN;
 
         /* probably need a different passphrase */