Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys
Daniel Kahn Gillmor writes: > On Tue 2017-11-14 09:13:52 -0400, David Bremner wrote: >> Daniel Kahn Gillmor writes: >> >>> If you've got a notmuch dump that includes stashed session keys for >>> every decrypted message, and you've got your message archive, you >>> should be able to get back to the same index that you had before. >> >> Out of curiousity, have you given any thought to what happens when >> someone sends a message with the same message-id but a different >> session-key? it seems like the user can potentially lose access to the >> encrypted message. > > yep! I even have that case in my own mailbox due to messages i've sent > to schleuder encrypted mailing lists to which i'm also subscribed. > > It works fine. notmuch stashes both session keys against the message-id > (you can have multiple properties with the same name as long as they > have different values). And upon decryption, it tries each session-key > in succession. This is a little bit sloppy (maybe it would be less > sloppy to associate each message key with each version of the message > somehow?), but it's significantly simpler and basically unnoticeable > compared to the speedup gains provided by the rest of the series. > > --dkg Great! d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys
On Tue 2017-11-14 09:13:52 -0400, David Bremner wrote: > Daniel Kahn Gillmor writes: > >> If you've got a notmuch dump that includes stashed session keys for >> every decrypted message, and you've got your message archive, you >> should be able to get back to the same index that you had before. > > Out of curiousity, have you given any thought to what happens when > someone sends a message with the same message-id but a different > session-key? it seems like the user can potentially lose access to the > encrypted message. yep! I even have that case in my own mailbox due to messages i've sent to schleuder encrypted mailing lists to which i'm also subscribed. It works fine. notmuch stashes both session keys against the message-id (you can have multiple properties with the same name as long as they have different values). And upon decryption, it tries each session-key in succession. This is a little bit sloppy (maybe it would be less sloppy to associate each message key with each version of the message somehow?), but it's significantly simpler and basically unnoticeable compared to the speedup gains provided by the rest of the series. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys
Daniel Kahn Gillmor writes: > If you've got a notmuch dump that includes stashed session keys for > every decrypted message, and you've got your message archive, you > should be able to get back to the same index that you had before. > Out of curiousity, have you given any thought to what happens when someone sends a message with the same message-id but a different session-key? it seems like the user can potentially lose access to the encrypted message. ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys
If you've got a notmuch dump that includes stashed session keys for every decrypted message, and you've got your message archive, you should be able to get back to the same index that you had before. Here we add a simple test that give some flavor of how that works. --- test/T357-index-decryption.sh | 31 +++ 1 file changed, 31 insertions(+) diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh index 22e716c6..11ea2074 100755 --- a/test/T357-index-decryption.sh +++ b/test/T357-index-decryption.sh @@ -156,6 +156,37 @@ test_expect_equal \ "$output" \ "$expected" +add_email_corpus crypto + +test_begin_subtest "indexing message fails when secret key not available" +notmuch reindex --try-decrypt id:simple-encryp...@crypto.notmuchmail.org +output=$(notmuch dump ) +expected='#notmuch-dump batch-tag:3 config,properties,tags ++encrypted +inbox +unread -- id:simple-encryp...@crypto.notmuchmail.org +#= simple-encryp...@crypto.notmuchmail.org index.decryption=failure' +test_expect_equal \ +"$output" \ +"$expected" + +test_begin_subtest "cannot find cleartext index" +output=$(notmuch search sekrit) +expected='' +test_expect_equal \ +"$output" \ +"$expected" + +test_begin_subtest "cleartext index recovery on reindexing with stashed session keys" +notmuch restore