+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-ask-cert-label"></a>3.240. smime_ask_cert_label</h3></div></div></div><div class="literallayout"><p>Type: boolean<br />
+Default: yes</p></div><p>
+This flag controls whether you want to be asked to enter a label
+for a certificate about to be added to the database or not. It is
+<span class="emphasis"><em>set</em></span> by default.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-ca-location"></a>3.241. smime_ca_location</h3></div></div></div><div class="literallayout"><p>Type: path<br />
+Default: (empty)</p></div><p>
+This variable contains the name of either a directory, or a file which
+contains trusted certificates for use with OpenSSL.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-certificates"></a>3.242. smime_certificates</h3></div></div></div><div class="literallayout"><p>Type: path<br />
+Default: (empty)</p></div><p>
+Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
+storage and retrieval of keys by itself. This is very basic right
+now, and keys and certificates are stored in two different
+directories, both named as the hash-value retrieved from
+OpenSSL. There is an index file which contains mailbox-address
+keyid pairs, and which can be manually edited. This option points to
+the location of the certificates.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-decrypt-command"></a>3.243. smime_decrypt_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This format string specifies a command which is used to decrypt
+<code class="literal">application/x-pkcs7-mime</code> attachments.
+</p><p>
+The OpenSSL command formats have their own set of <code class="literal">printf(3)</code>-like sequences
+similar to PGP's:
+
+</p><div class="informaltable"><table border="1"><colgroup><col /><col /></colgroup><tbody><tr><td>%f </td><td>Expands to the name of a file containing a message.
+</td></tr><tr><td>%s </td><td>Expands to the name of a file containing the signature part
+ of a <code class="literal">multipart/signed</code> attachment when verifying it.
+</td></tr><tr><td>%k </td><td>The key-pair specified with <a class="link" href="reference.html#smime-default-key" title="3.245. smime_default_key">$smime_default_key</a>
+</td></tr><tr><td>%c </td><td>One or more certificate IDs.
+</td></tr><tr><td>%a </td><td>The algorithm used for encryption.
+</td></tr><tr><td>%C </td><td>CA location: Depending on whether <a class="link" href="reference.html#smime-ca-location" title="3.241. smime_ca_location">$smime_ca_location</a>
+ points to a directory or file, this expands to
+ “<span class="quote">-CApath <a class="link" href="reference.html#smime-ca-location" title="3.241. smime_ca_location">$smime_ca_location</a></span>” or “<span class="quote">-CAfile <a class="link" href="reference.html#smime-ca-location" title="3.241. smime_ca_location">$smime_ca_location</a></span>”.
+</td></tr></tbody></table></div><p>
+For examples on how to configure these formats, see the <code class="literal">smime.rc</code> in
+the <code class="literal">samples/</code> subdirectory which has been installed on your system
+alongside the documentation.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-decrypt-use-default-key"></a>3.244. smime_decrypt_use_default_key</h3></div></div></div><div class="literallayout"><p>Type: boolean<br />
+Default: yes</p></div><p>
+If <span class="emphasis"><em>set</em></span> (default) this tells mutt to use the default key for decryption. Otherwise,
+if managing multiple certificate-key-pairs, mutt will try to use the mailbox-address
+to determine the key to use. It will ask you to supply a key, if it can't find one.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-default-key"></a>3.245. smime_default_key</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This is the default key-pair to use for signing. This must be set to the
+keyid (the hash-value that OpenSSL generates) to work properly
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-encrypt-command"></a>3.246. smime_encrypt_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to create encrypted S/MIME messages.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-encrypt-with"></a>3.247. smime_encrypt_with</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This sets the algorithm that should be used for encryption.
+Valid choices are “<span class="quote">des</span>”, “<span class="quote">des3</span>”, “<span class="quote">rc2-40</span>”, “<span class="quote">rc2-64</span>”, “<span class="quote">rc2-128</span>”.
+If <span class="emphasis"><em>unset</em></span>, “<span class="quote">3des</span>” (TripleDES) is used.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-get-cert-command"></a>3.248. smime_get_cert_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to extract X509 certificates from a PKCS7 structure.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-get-cert-email-command"></a>3.249. smime_get_cert_email_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to extract the mail address(es) used for storing
+X509 certificates, and for verification purposes (to check whether the
+certificate was issued for the sender's mailbox).
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-get-signer-cert-command"></a>3.250. smime_get_signer_cert_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to extract only the signers X509 certificate from a S/MIME
+signature, so that the certificate's owner may get compared to the
+email's “<span class="quote">From:</span>” field.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-import-cert-command"></a>3.251. smime_import_cert_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to import a certificate via smime_keys.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-is-default"></a>3.252. smime_is_default</h3></div></div></div><div class="literallayout"><p>Type: boolean<br />
+Default: no</p></div><p>
+The default behaviour of mutt is to use PGP on all auto-sign/encryption
+operations. To override and to use OpenSSL instead this must be <span class="emphasis"><em>set</em></span>.
+However, this has no effect while replying, since mutt will automatically
+select the same application that was used to sign/encrypt the original
+message. (Note that this variable can be overridden by unsetting <a class="link" href="reference.html#crypt-autosmime" title="3.39. crypt_autosmime">$crypt_autosmime</a>.)
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-keys"></a>3.253. smime_keys</h3></div></div></div><div class="literallayout"><p>Type: path<br />
+Default: (empty)</p></div><p>
+Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
+storage and retrieval of keys/certs by itself. This is very basic right now,
+and stores keys and certificates in two different directories, both
+named as the hash-value retrieved from OpenSSL. There is an index file
+which contains mailbox-address keyid pair, and which can be manually
+edited. This option points to the location of the private keys.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-pk7out-command"></a>3.254. smime_pk7out_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to extract PKCS7 structures of S/MIME signatures,
+in order to extract the public X509 certificate(s).
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-sign-command"></a>3.255. smime_sign_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to created S/MIME signatures of type
+<code class="literal">multipart/signed</code>, which can be read by all mail clients.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-sign-opaque-command"></a>3.256. smime_sign_opaque_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to created S/MIME signatures of type
+<code class="literal">application/x-pkcs7-signature</code>, which can only be handled by mail
+clients supporting the S/MIME extension.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-timeout"></a>3.257. smime_timeout</h3></div></div></div><div class="literallayout"><p>Type: number<br />
+Default: 300</p></div><p>
+The number of seconds after which a cached passphrase will expire if
+not used.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-verify-command"></a>3.258. smime_verify_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to verify S/MIME signatures of type <code class="literal">multipart/signed</code>.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smime-verify-opaque-command"></a>3.259. smime_verify_opaque_command</h3></div></div></div><div class="literallayout"><p>Type: string<br />
+Default: (empty)</p></div><p>
+This command is used to verify S/MIME signatures of type
+<code class="literal">application/x-pkcs7-mime</code>.
+</p><p>
+This is a format string, see the <a class="link" href="reference.html#smime-decrypt-command" title="3.243. smime_decrypt_command">$smime_decrypt_command</a> command for
+possible <code class="literal">printf(3)</code>-like sequences.
+(S/MIME only)
+</p></div><div class="sect2" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="smtp-authenticators"></a>3.260. smtp_authenticators</h3></div></div></div><div class="literallayout"><p>Type: string<br />