Now that cleartext indexing is merged, let's add the ability to stash session keys!
Background ========== Encrypted e-mail messages are "hybrid" encryption. The message body is encrypted with an ephemeral session key, and then that session key is itself encrypted to the user's public key. If an MUA retains (or obtains) a copy of the session key for a given message, it can access the cleartext of that message without needing any access to the user's private key material. This offers possible wins in efficiency, usability, convenience *and* security, as the series hopefully makes clear. Decryption Policies =================== At the end of the series, there are four sensible policies defined for message decryption and stashing of session keys. There are only two i expect to see any widespread regular use: "auto", and "true". But hopefully the reasons for including the other two policies ("false" and "nostash") are made clear by the series itself. I'll replicate here the table this series adds to notmuch-config(1), in describing the available values for index.try_decrypt: +------------------------+-------+------+---------+------+ | | false | auto | nostash | true | +========================+=======+======+=========+======+ | Index cleartext using | | X | X | X | | stashed session keys | | | | | +------------------------+-------+------+---------+------+ | Index cleartext | | | X | X | | using secret keys | | | | | +------------------------+-------+------+---------+------+ | Stash session keys | | | | X | +------------------------+-------+------+---------+------+ | Delete stashed session | X | | | | | keys on reindex | | | | | +------------------------+-------+------+---------+------+ Please let me know what you think! I'd love feedback and critique. Happy hacking, --dkg _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch