From 2c51035979c527a79ee90a619e77be5c9a3cc796 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Mon, 29 May 2017 11:48:42 -0700 Subject: [PATCH] Add self-encrypt options for PGP and S/MIME. Add $pgp_self_encrypt, $pgp_self_encrypt_as, $smime_self_encrypt, $smime_self_encrypt_as. $pgp_sign_as and $smime_default_key are inappropriate to use, as they specify signing key/certs. In some cases, this is a different value than the encryption key/cert. --- globals.h | 2 ++ init.h | 29 +++++++++++++++++++++++++++++ ncrypt/crypt.c | 13 +++++++++++++ options.h | 2 ++ 4 files changed, 46 insertions(+) diff --git a/globals.h b/globals.h index 39147b00a..8a737593e 100644 --- a/globals.h +++ b/globals.h @@ -303,6 +303,7 @@ WHERE char *PgpVerifyKeyCommand; WHERE char *PgpListSecringCommand; WHERE char *PgpListPubringCommand; WHERE char *PgpGetkeysCommand; +WHERE char *PgpSelfEncryptAs; /* -- formerly in smime.h -- */ WHERE char *SmimeDefaultKey; @@ -323,6 +324,7 @@ WHERE char *SmimePk7outCommand; WHERE char *SmimeGetCertCommand; WHERE char *SmimeImportCertCommand; WHERE char *SmimeGetCertEmailCommand; +WHERE char *SmimeSelfEncryptAs; #ifdef USE_NOTMUCH WHERE int NotmuchOpenTimeout; diff --git a/init.h b/init.h index ba8b7d4ef..07742dece 100644 --- a/init.h +++ b/init.h @@ -2448,6 +2448,20 @@ struct Option MuttVars[] = { ** removed, while the inner \fCmultipart/signed\fP part is retained. ** (PGP only) */ + { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 }, + /* + ** .pp + ** When \fIset\fP, PGP encrypted messages will also be encrypted + ** using the key in $$pgp_self_encrypt_as. + ** (PGP only) + */ + { "pgp_self_encrypt_as", DT_STR, R_NONE, UL &PgpSelfEncryptAs, 0 }, + /* + ** .pp + ** This is an additional key used to encrypt messages when $$pgp_self_encrypt + ** is \fIset\fP. It should be in keyid or fingerprint form (e.g. 0x00112233). + ** (PGP only) + */ { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 }, /* ** .pp @@ -3542,6 +3556,21 @@ struct Option MuttVars[] = { ** possible \fCprintf(3)\fP-like sequences. ** (S/MIME only) */ + { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 }, + /* + ** .pp + ** When \fIset\fP, S/MIME encrypted messages will also be encrypted + ** using the certificate in $$smime_self_encrypt_as. + ** (S/MIME only) + */ + { "smime_self_encrypt_as", DT_STR, R_NONE, UL &SmimeSelfEncryptAs, 0 }, + /* + ** .pp + ** This is an additional certificate used to encrypt messages when + ** $$smime_self_encrypt is \fIset\fP. It should be the + ** hash-value that OpenSSL generates. + ** (S/MIME only) + */ { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0 }, /* ** .pp diff --git a/ncrypt/crypt.c b/ncrypt/crypt.c index daa4f4717..0b5aa8368 100644 --- a/ncrypt/crypt.c +++ b/ncrypt/crypt.c @@ -781,6 +781,8 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode) { struct Address *adrlist = NULL, *last = NULL; const char *fqdn = mutt_fqdn(1); + char *self_encrypt = NULL; + size_t keylist_size; /* Do a quick check to make sure that we can find all of the encryption * keys if the user has requested this service. @@ -812,6 +814,8 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode) return -1; } unset_option(OPTPGPCHECKTRUST); + if (option(OPTPGPSELFENCRYPT)) + self_encrypt = PgpSelfEncryptAs; } if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) { @@ -820,9 +824,18 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode) rfc822_free_address(&adrlist); return -1; } + if (option(OPTSMIMESELFENCRYPT)) + self_encrypt = SmimeSelfEncryptAs; } } + if (!oppenc_mode && self_encrypt && *self_encrypt) + { + keylist_size = mutt_strlen(*keylist); + safe_realloc(keylist, keylist_size + mutt_strlen(self_encrypt) + 2); + sprintf(*keylist + keylist_size, " %s", self_encrypt); + } + rfc822_free_address(&adrlist); return 0; diff --git a/options.h b/options.h index bf4e769db..3977be152 100644 --- a/options.h +++ b/options.h @@ -208,6 +208,7 @@ enum OPTCRYPTREPLYSIGNENCRYPTED, OPTCRYPTTIMESTAMP, OPTSMIMEISDEFAULT, + OPTSMIMESELFENCRYPT, OPTASKCERTLABEL, OPTSDEFAULTDECRYPTKEY, OPTPGPIGNORESUB, @@ -215,6 +216,7 @@ enum OPTPGPLONGIDS, OPTPGPAUTODEC, OPTPGPRETAINABLESIG, + OPTPGPSELFENCRYPT, OPTPGPSTRICTENC, OPTFORWDECRYPT, OPTPGPSHOWUNUSABLE, -- 2.40.0