Inline PGP encrypted messages are clearly worse than PGP/MIME structured encrypted messages. There are no standards for how they are formed, and they don't offer any structured metadata about how to interpret the bytestream produced by decrypting them.
However, some other MUAs and end-user workflows may make creation of inline PGP encrypted messages the only available option for message encryption, and when Notmuch encounters such a message, it should make a reasonable best-effort to render the cleartext to the user. Due to ambiguities in interpretation of signatures on inline messages (e.g. which parts of the message were actually signed? what character encoding should the bytestream be interpreted as), we continue to ignore inline-signed messages entirely, and we do not look at the validity of any signatures that might be found when decrypting inline PGP encrypted messages. We make use here of GMime's optimization function for detecting the presence of inline PGP encrypted content, which is only found in GMime 3.0 or later. This series is currently based n top of the "notmuch show --decrypt=stash" series, which it needs to be able to apply cleanly. If that series proves controversial, i could rebase this patch manually against some earlier commit. If you have applied this series, and you know you have some inline PGP messages already in your message store, you can try to retroactively reindex them with something like: notmuch reindex --decrypt=true BEGIN-PGP-MESSAGE and not tag:encrypted I welcome review and feedback about this series. --dkg _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch