From: Kevin McCarthy Date: Thu, 11 Jan 2018 21:24:30 +0000 (-0800) Subject: Create pgp and s/mime default and sign_as key vars. (see #3983) X-Git-Tag: mutt-1-10-rel~88 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=db252e61ca2e41215ef9714e37b4340cd6eebe38;p=mutt Create pgp and s/mime default and sign_as key vars. (see #3983) The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration variables have created a somewhat messier situation for users. Many of them now have to specify their keys across multiple configuration variables. (Trac) Ticket #3983 had a reasonable request: "if my encrypt and signing keys are the same, why can't I just specify my key once in my .muttrc?" The problem currently is that $smime_default_key and $pgp_sign_as are both used to specify signing keys, and are set by the "sign (a)s" security menu choice. So we can't store encryption keys there because some users have separate sign-only capability keys. Create $pgp_default_key to store the default encryption key. Change signing to use $pgp_default_key, unless overridden by $pgp_sign_as. The pgp "sign (a)s" will continue setting $pgp_sign_as. Create $smime_sign_as. Change signing to use $smime_default_key unless overridden by $smime_sign_as. Change s/mime "sign (a)s" menu to set $smime_sign_as instead. Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use $(pgp/smime)_default_key by default. Mark $(pgp/smime)_self_encrypt_as deprecated. They are now aliases for the $(pgp/smime)_default_key config vars. Change $(pgp/smime)_self_encrypt default to set. The intent is that most users now need only set $(pgp/smime)_default_key. If they have a sign-only key, or have separate signing and encryption keys, they can put that in $(pgp/smime)_sign_as. This also enables to default self_encrypt on and solve a very common request. Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing me towards a solution. --- diff --git a/compose.c b/compose.c index dc909c7b..6ca9c5a1 100644 --- a/compose.c +++ b/compose.c @@ -253,7 +253,7 @@ static void redraw_crypt_lines (HEADER *msg) SETCOLOR (MT_COLOR_COMPOSE_HEADER); printw ("%*s", HeaderPadding[HDR_CRYPTINFO], _(Prompts[HDR_CRYPTINFO])); NORMAL_COLOR; - printw ("%s", SmimeDefaultKey ? SmimeDefaultKey : _("")); + printw ("%s", SmimeSignAs ? SmimeSignAs : _("")); } if ((WithCrypto & APPLICATION_SMIME) diff --git a/crypt-gpgme.c b/crypt-gpgme.c index 7283e109..87a11e8f 100644 --- a/crypt-gpgme.c +++ b/crypt-gpgme.c @@ -703,11 +703,16 @@ static gpgme_key_t *create_recipient_set (const char *keylist, /* Make sure that the correct signer is set. Returns 0 on success. */ static int set_signer (gpgme_ctx_t ctx, int for_smime) { - char *signid = for_smime ? SmimeDefaultKey: PgpSignAs; + char *signid; gpgme_error_t err; gpgme_ctx_t listctx; gpgme_key_t key, key2; + if (for_smime) + signid = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey; + else + signid = (PgpSignAs && *PgpSignAs) ? PgpSignAs : PgpDefaultKey; + if (!signid || !*signid) return 0; @@ -4840,8 +4845,8 @@ static int gpgme_send_menu (HEADER *msg, int is_smime) { snprintf (input_signas, sizeof (input_signas), "0x%s", crypt_fpr_or_lkeyid (p)); - mutt_str_replace (is_smime? &SmimeDefaultKey : &PgpSignAs, input_signas); - crypt_free_key (&p); + mutt_str_replace (is_smime? &SmimeSignAs : &PgpSignAs, input_signas); + crypt_free_key (&p); msg->security |= SIGN; } diff --git a/crypt.c b/crypt.c index 19a585d0..ab82ab92 100644 --- a/crypt.c +++ b/crypt.c @@ -832,7 +832,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode) } unset_option (OPTPGPCHECKTRUST); if (option (OPTPGPSELFENCRYPT)) - self_encrypt = PgpSelfEncryptAs; + self_encrypt = PgpDefaultKey; } if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) @@ -843,7 +843,7 @@ int crypt_get_keys (HEADER *msg, char **keylist, int oppenc_mode) return (-1); } if (option (OPTSMIMESELFENCRYPT)) - self_encrypt = SmimeSelfEncryptAs; + self_encrypt = SmimeDefaultKey; } } diff --git a/doc/manual.xml.head b/doc/manual.xml.head index 51d646b7..2a17ca69 100644 --- a/doc/manual.xml.head +++ b/doc/manual.xml.head @@ -1476,11 +1476,11 @@ be encrypted using the selected public keys when sent out. -To ensure you can view encrypted message you have sent, you +To ensure you can view encrypted messages you have sent, you may wish to set $pgp_self_encrypt -and $pgp_self_encrypt_as for PGP, or +and $pgp_default_key for PGP, or $smime_self_encrypt -and $smime_self_encrypt_as for S/MIME. +and $smime_default_key for S/MIME. diff --git a/globals.h b/globals.h index 61b95157..14f37295 100644 --- a/globals.h +++ b/globals.h @@ -251,6 +251,7 @@ WHERE LIST *UserHeader INITVAL (0); /*-- formerly in pgp.h --*/ WHERE REGEXP PgpGoodSign; WHERE REGEXP PgpDecryptionOkay; +WHERE char *PgpDefaultKey; WHERE char *PgpSignAs; WHERE short PgpTimeout; WHERE char *PgpEntryFormat; @@ -267,10 +268,10 @@ WHERE char *PgpVerifyKeyCommand; WHERE char *PgpListSecringCommand; WHERE char *PgpListPubringCommand; WHERE char *PgpGetkeysCommand; -WHERE char *PgpSelfEncryptAs; /*-- formerly in smime.h --*/ WHERE char *SmimeDefaultKey; +WHERE char *SmimeSignAs; WHERE short SmimeTimeout; WHERE char *SmimeCertificates; WHERE char *SmimeKeys; @@ -288,7 +289,6 @@ WHERE char *SmimePk7outCommand; WHERE char *SmimeGetCertCommand; WHERE char *SmimeImportCertCommand; WHERE char *SmimeGetCertEmailCommand; -WHERE char *SmimeSelfEncryptAs; diff --git a/init.h b/init.h index fa4e620a..1f38d4ab 100644 --- a/init.h +++ b/init.h @@ -1925,7 +1925,8 @@ struct option_t MuttVars[] = { ** .dt %f .dd Expands to the name of a file containing a message. ** .dt %s .dd Expands to the name of a file containing the signature part ** . of a \fCmultipart/signed\fP attachment when verifying it. - ** .dt %a .dd The value of $$pgp_sign_as. + ** .dt %a .dd The value of $$pgp_sign_as if set, otherwise the value + ** of $$pgp_default_key. ** .dt %r .dd One or more key IDs (or fingerprints if available). ** .de ** .pp @@ -1955,6 +1956,19 @@ struct option_t MuttVars[] = { ** (e.g. simply signed and ascii armored text). ** (PGP only) */ + { "pgp_self_encrypt_as", DT_SYN, R_NONE, UL "pgp_default_key", 0 }, + { "pgp_default_key", DT_STR, R_NONE, UL &PgpDefaultKey, 0 }, + /* + ** .pp + ** This is the default key-pair to use for PGP operations. It will be + ** used for encryption (see $$postpone_encrypt and $$pgp_self_encrypt). + ** .pp + ** It will also be used for signing unless $$pgp_sign_as is set. + ** .pp + ** The (now deprecated) \fIpgp_self_encrypt_as\fP is an alias for this + ** variable, and should no longer be used. + ** (PGP only) + */ { "pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, 0}, /* ** .pp @@ -2135,19 +2149,11 @@ struct option_t MuttVars[] = { ** removed, while the inner \fCmultipart/signed\fP part is retained. ** (PGP only) */ - { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 }, + { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 1 }, /* ** .pp ** When \fIset\fP, PGP encrypted messages will also be encrypted - ** using the key in $$pgp_self_encrypt_as. - ** (PGP only) - */ - { "pgp_self_encrypt_as", DT_STR, R_NONE, UL &PgpSelfEncryptAs, 0 }, - /* - ** .pp - ** This is an additional key used to encrypt messages when $$pgp_self_encrypt - ** is \fIset\fP. It is also used to specify the key for $$postpone_encrypt. - ** It should be in keyid or fingerprint form (e.g. 0x00112233). + ** using the key in $$pgp_default_key. ** (PGP only) */ { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 }, @@ -2161,9 +2167,10 @@ struct option_t MuttVars[] = { { "pgp_sign_as", DT_STR, R_NONE, UL &PgpSignAs, 0 }, /* ** .pp - ** If you have more than one key pair, this option allows you to specify - ** which of your private keys to use. It is recommended that you use the - ** keyid form to specify your key (e.g. \fC0x00112233\fP). + ** If you have a different key pair to use for signing, you should + ** set this to the signing key. Most people will only need to set + ** $$pgp_default_key. It is recommended that you use the keyid form + ** to specify your key (e.g. \fC0x00112233\fP). ** (PGP only) */ { "pgp_sign_command", DT_STR, R_NONE, UL &PgpSignCommand, 0}, @@ -2370,7 +2377,7 @@ struct option_t MuttVars[] = { ** .pp ** When \fIset\fP, postponed messages that are marked for encryption will be ** self-encrypted. Mutt will first try to encrypt using the value specified - ** in $$pgp_self_encrypt_as or $$smime_self_encrypt_as. If those are not + ** in $$pgp_default_key or $$smime_default_key. If those are not ** set, it will try the deprecated $$postpone_encrypt_as. ** (Crypto only) */ @@ -2378,7 +2385,7 @@ struct option_t MuttVars[] = { /* ** .pp ** This is a deprecated fall-back variable for $$postpone_encrypt. - ** Please use $$pgp_self_encrypt_as or $$smime_self_encrypt_as. + ** Please use $$pgp_default_key or $$smime_default_key. ** (Crypto only) */ #ifdef USE_SOCKET @@ -3093,12 +3100,23 @@ struct option_t MuttVars[] = { ** to determine the key to use. It will ask you to supply a key, if it can't find one. ** (S/MIME only) */ - { "smime_sign_as", DT_SYN, R_NONE, UL "smime_default_key", 0 }, + { "smime_self_encrypt_as", DT_SYN, R_NONE, UL "smime_default_key", 0 }, { "smime_default_key", DT_STR, R_NONE, UL &SmimeDefaultKey, 0 }, /* ** .pp - ** This is the default key-pair to use for signing. This must be set to the - ** keyid (the hash-value that OpenSSL generates) to work properly + ** This is the default key-pair to use for S/MIME operations, and must be + ** set to the keyid (the hash-value that OpenSSL generates) to work properly. + ** .pp + ** It will be used for encryption (see $$postpone_encrypt and + ** $$smime_self_encrypt). + ** .pp + ** It will be used for decryption unless $$smime_decrypt_use_default_key + ** is \fIunset\fP. + ** .pp + ** It will also be used for signing unless $$smime_sign_as is set. + ** .pp + ** The (now deprecated) \fIsmime_self_encrypt_as\fP is an alias for this + ** variable, and should no longer be used. ** (S/MIME only) */ { "smime_encrypt_command", DT_STR, R_NONE, UL &SmimeEncryptCommand, 0}, @@ -3188,20 +3206,18 @@ struct option_t MuttVars[] = { ** possible \fCprintf(3)\fP-like sequences. ** (S/MIME only) */ - { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 }, + { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 1 }, /* ** .pp ** When \fIset\fP, S/MIME encrypted messages will also be encrypted - ** using the certificate in $$smime_self_encrypt_as. + ** using the certificate in $$smime_default_key. ** (S/MIME only) */ - { "smime_self_encrypt_as", DT_STR, R_NONE, UL &SmimeSelfEncryptAs, 0 }, + { "smime_sign_as", DT_STR, R_NONE, UL &SmimeSignAs, 0 }, /* ** .pp - ** This is an additional certificate used to encrypt messages when - ** $$smime_self_encrypt is \fIset\fP. It is also used to specify the - ** certificate for $$postpone_encrypt. It should be the hash-value that - ** OpenSSL generates. + ** If you have a separate key to use for signing, you should set this + ** to the signing key. Most people will only need to set $$smime_default_key. ** (S/MIME only) */ { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0}, @@ -3211,7 +3227,8 @@ struct option_t MuttVars[] = { ** \fCmultipart/signed\fP, which can be read by all mail clients. ** .pp ** This is a format string, see the $$smime_decrypt_command command for - ** possible \fCprintf(3)\fP-like sequences. + ** possible \fCprintf(3)\fP-like sequences. NOTE: %c and %k will default + ** to $$smime_sign_as if set, otherwise $$smime_default_key. ** (S/MIME only) */ { "smime_sign_digest_alg", DT_STR, R_NONE, UL &SmimeDigestAlg, UL "sha256" }, diff --git a/pgpinvoke.c b/pgpinvoke.c index ee766282..aa0efef5 100644 --- a/pgpinvoke.c +++ b/pgpinvoke.c @@ -164,7 +164,6 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, short need_passphrase, const char *fname, const char *sig_fname, - const char *signas, const char *ids, const char *format) { @@ -179,7 +178,10 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, cctx.need_passphrase = need_passphrase; cctx.fname = fname; cctx.sig_fname = sig_fname; - cctx.signas = signas; + if (PgpSignAs && *PgpSignAs) + cctx.signas = PgpSignAs; + else + cctx.signas = PgpDefaultKey; cctx.ids = ids; mutt_pgp_command (cmd, sizeof (cmd), &cctx, format); @@ -196,13 +198,12 @@ static pid_t pgp_invoke (FILE **pgpin, FILE **pgpout, FILE **pgperr, * */ - pid_t pgp_invoke_decode (FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd, int pgpoutfd, int pgperrfd, const char *fname, short need_passphrase) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - need_passphrase, fname, NULL, PgpSignAs, NULL, + need_passphrase, fname, NULL, NULL, PgpDecodeCommand); } @@ -211,7 +212,7 @@ pid_t pgp_invoke_verify (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname, const char *sig_fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, fname, sig_fname, PgpSignAs, NULL, PgpVerifyCommand); + 0, fname, sig_fname, NULL, PgpVerifyCommand); } pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, @@ -219,7 +220,7 @@ pid_t pgp_invoke_decrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, PgpDecryptCommand); + 1, fname, NULL, NULL, PgpDecryptCommand); } pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr, @@ -227,7 +228,7 @@ pid_t pgp_invoke_sign (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *fname) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, PgpSignCommand); + 1, fname, NULL, NULL, PgpSignCommand); } @@ -237,11 +238,11 @@ pid_t pgp_invoke_encrypt (FILE **pgpin, FILE **pgpout, FILE **pgperr, { if (sign) return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, uids, + 1, fname, NULL, uids, PgpEncryptSignCommand); else return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, fname, NULL, PgpSignAs, uids, + 0, fname, NULL, uids, PgpEncryptOnlyCommand); } @@ -251,11 +252,11 @@ pid_t pgp_invoke_traditional (FILE **pgpin, FILE **pgpout, FILE **pgperr, { if (flags & ENCRYPT) return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - flags & SIGN ? 1 : 0, fname, NULL, PgpSignAs, uids, + flags & SIGN ? 1 : 0, fname, NULL, uids, flags & SIGN ? PgpEncryptSignCommand : PgpEncryptOnlyCommand); else return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 1, fname, NULL, PgpSignAs, NULL, + 1, fname, NULL, NULL, PgpClearSignCommand); } @@ -270,7 +271,10 @@ void pgp_invoke_import (const char *fname) mutt_quote_filename (_fname, sizeof (_fname), fname); cctx.fname = _fname; - cctx.signas = PgpSignAs; + if (PgpSignAs && *PgpSignAs) + cctx.signas = PgpSignAs; + else + cctx.signas = PgpDefaultKey; mutt_pgp_command (cmd, sizeof (cmd), &cctx, PgpImportCommand); mutt_system (cmd); @@ -321,7 +325,7 @@ pid_t pgp_invoke_export (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *uids) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, PgpExportCommand); } @@ -330,7 +334,7 @@ pid_t pgp_invoke_verify_key (FILE **pgpin, FILE **pgpout, FILE **pgperr, const char *uids) { return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, PgpVerifyKeyCommand); } @@ -352,7 +356,7 @@ pid_t pgp_invoke_list_keys (FILE **pgpin, FILE **pgpout, FILE **pgperr, } return pgp_invoke (pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, - 0, NULL, NULL, PgpSignAs, uids, + 0, NULL, NULL, uids, keyring == PGP_SECRING ? PgpListSecringCommand : PgpListPubringCommand); } diff --git a/postpone.c b/postpone.c index e28a8759..91dec278 100644 --- a/postpone.c +++ b/postpone.c @@ -531,7 +531,7 @@ int mutt_parse_crypt_hdr (const char *p, int set_empty_signas, int crypt_app) if ((WithCrypto & APPLICATION_SMIME) && (crypt_app == APPLICATION_SMIME) && (flags & SIGN) && (set_empty_signas || *sign_as)) - mutt_str_replace (&SmimeDefaultKey, sign_as); + mutt_str_replace (&SmimeSignAs, sign_as); return flags; } diff --git a/send.c b/send.c index bcd54095..7554217e 100644 --- a/send.c +++ b/send.c @@ -1158,7 +1158,7 @@ ci_send_message (int flags, /* send mode */ char *pgpkeylist = NULL; /* save current value of "pgp_sign_as" and "smime_default_key" */ char *pgp_signas = NULL; - char *smime_default_key = NULL; + char *smime_signas = NULL; char *tag = NULL, *err = NULL; char *ctype; @@ -1183,7 +1183,7 @@ ci_send_message (int flags, /* send mode */ if (WithCrypto & APPLICATION_PGP) pgp_signas = safe_strdup(PgpSignAs); if (WithCrypto & APPLICATION_SMIME) - smime_default_key = safe_strdup(SmimeDefaultKey); + smime_signas = safe_strdup(SmimeSignAs); } /* Delay expansion of aliases until absolutely necessary--shouldn't @@ -1629,9 +1629,9 @@ main_loop: char *encrypt_as = NULL; if ((WithCrypto & APPLICATION_PGP) && (msg->security & APPLICATION_PGP)) - encrypt_as = PgpSelfEncryptAs; + encrypt_as = PgpDefaultKey; else if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) - encrypt_as = SmimeSelfEncryptAs; + encrypt_as = SmimeDefaultKey; if (!(encrypt_as && *encrypt_as)) encrypt_as = PostponeEncryptAs; @@ -1958,8 +1958,8 @@ cleanup: } if (WithCrypto & APPLICATION_SMIME) { - FREE (&SmimeDefaultKey); - SmimeDefaultKey = smime_default_key; + FREE (&SmimeSignAs); + SmimeSignAs = smime_signas; } } diff --git a/sendlib.c b/sendlib.c index 880b8546..da1e5053 100644 --- a/sendlib.c +++ b/sendlib.c @@ -2863,8 +2863,8 @@ int mutt_write_fcc (const char *path, HEADER *hdr, const char *msgid, int post, fputc ('O', msg->fp); if (hdr->security & SIGN) { fputc ('S', msg->fp); - if (SmimeDefaultKey && *SmimeDefaultKey) - fprintf (msg->fp, "<%s>", SmimeDefaultKey); + if (SmimeSignAs && *SmimeSignAs) + fprintf (msg->fp, "<%s>", SmimeSignAs); } if (hdr->security & INLINE) fputc ('I', msg->fp); diff --git a/smime.c b/smime.c index 0ba58a1f..823fc73d 100644 --- a/smime.c +++ b/smime.c @@ -1527,11 +1527,13 @@ BODY *smime_sign_message (BODY *a ) int err = 0; int empty = 0; pid_t thepid; - smime_key_t *default_key; + char *signas; + smime_key_t *signas_key; char *intermediates; char *micalg; - if (!SmimeDefaultKey) + signas = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey; + if (!signas || !*signas) { mutt_error _("Can't sign: No key specified. Use Sign As."); return NULL; @@ -1563,22 +1565,22 @@ BODY *smime_sign_message (BODY *a ) snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", - NONULL(SmimeKeys), SmimeDefaultKey); + NONULL(SmimeKeys), signas); snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", - NONULL(SmimeCertificates), SmimeDefaultKey); + NONULL(SmimeCertificates), signas); - default_key = smime_get_key_by_hash (SmimeDefaultKey, 1); - if ((! default_key) || - (! mutt_strcmp ("?", default_key->issuer))) - intermediates = SmimeDefaultKey; /* so openssl won't complain in any case */ + signas_key = smime_get_key_by_hash (signas, 1); + if ((! signas_key) || + (! mutt_strcmp ("?", signas_key->issuer))) + intermediates = signas; /* so openssl won't complain in any case */ else - intermediates = default_key->issuer; + intermediates = signas_key->issuer; snprintf (SmimeIntermediateToUse, sizeof (SmimeIntermediateToUse), "%s/%s", NONULL(SmimeCertificates), intermediates); - smime_free_key (&default_key); + smime_free_key (&signas_key); @@ -2216,19 +2218,11 @@ int smime_send_menu (HEADER *msg) break; case 's': /* (s)ign */ + msg->security &= ~ENCRYPT; + msg->security |= SIGN; + break; + case 'S': /* (s)ign in oppenc mode */ - if(!SmimeDefaultKey) - { - if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0))) - { - mutt_str_replace (&SmimeDefaultKey, key->hash); - smime_free_key (&key); - } - else - break; - } - if (choices[choice - 1] == 's') - msg->security &= ~ENCRYPT; msg->security |= SIGN; break; @@ -2236,9 +2230,9 @@ int smime_send_menu (HEADER *msg) if ((key = smime_ask_for_key (_("Sign as: "), KEYFLAG_CANSIGN, 0))) { - mutt_str_replace (&SmimeDefaultKey, key->hash); + mutt_str_replace (&SmimeSignAs, key->hash); smime_free_key (&key); - + msg->security |= SIGN; /* probably need a different passphrase */