[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

classic Classic list List threaded Threaded
21 messages Options
12
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

[PATCH] emacs: use new show --decrypt=stash feature in emacs UI

This just changes the show --decrypt flag to "stash" in the emacs UI,
so that session keys will be stashed in the database when viewing
encrypted messages that have not previously been decrypted.  As
always, this will only happen if the notmuch-crypto-process-mime
customization variable is set to "true".
---
 emacs/notmuch-lib.el   | 2 +-
 emacs/notmuch-query.el | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-lib.el b/emacs/notmuch-lib.el
index a7e02710..94ddef52 100644
--- a/emacs/notmuch-lib.el
+++ b/emacs/notmuch-lib.el
@@ -593,7 +593,7 @@ the given type."
        (set-buffer-multibyte nil))
      (let ((args `("show" "--format=raw"
    ,(format "--part=%s" (plist-get part :id))
-   ,@(when process-crypto '("--decrypt=true"))
+   ,@(when process-crypto '("--decrypt=stash"))
    ,(notmuch-id-to-query (plist-get msg :id))))
    (coding-system-for-read
     (if binaryp 'no-conversion
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..8c38eb02 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,7 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
- (setq args (append args '("--decrypt=true"))))
+        (setq args (append args '("--decrypt=stash"))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
--
2.17.1

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

Jeez I don't know how I manged to send three copies of this to the list.
Apologies for the spam.  At least only one of them needs to be reviewed!

jamie.
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

In reply to this post by Jameson Graef Rollins
On Mon 2018-06-11 16:09:00 -0700, Jameson Graef Rollins wrote:
> This just changes the show --decrypt flag to "stash" in the emacs UI,
> so that session keys will be stashed in the database when viewing
> encrypted messages that have not previously been decrypted.  As
> always, this will only happen if the notmuch-crypto-process-mime
> customization variable is set to "true".


I'm not convinced that this is the right approach.  In particular,
sending "--decrypt=stash" requires that the notmuch database is opened
read/write, which isn't always desirable.

(it'd be nice to be able to use notmuch-emacs to browse a notmuch
archive without locking the notmuch db or even needing read/write access
to the database)

perhaps we need a third setting for notmuch-crypto-process-mime besides
nil and t instead?

    --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
> archive without locking the notmuch db or even needing read/write access
> to the database)

to be clear, it's not just about wanting to be able to avoid write
access during "notmuch show" -- there are other use cases i'd like us to
be able to support, including the ability to keep some messages'
cleartext indexed, while leaving some of them un-indexed (keeping their
contents secret from anyone who doesn't have the user's secret keys).

This proposed change removes that possibility, so i think it needs more
nuance.

     --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

On Tue, Jun 12 2018, Daniel Kahn Gillmor <[hidden email]> wrote:

> On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
>> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
>> archive without locking the notmuch db or even needing read/write access
>> to the database)
>
> to be clear, it's not just about wanting to be able to avoid write
> access during "notmuch show" -- there are other use cases i'd like us to
> be able to support, including the ability to keep some messages'
> cleartext indexed, while leaving some of them un-indexed (keeping their
> contents secret from anyone who doesn't have the user's secret keys).
>
> This proposed change removes that possibility, so i think it needs more
> nuance.
This patch works for all the use cases I personally care about, so I
would like a configuration that is this simple.

The use case you're arguing for, which I believe is the ability to
choose on a per-message basis whether you want to stash or not, would
have to not use the show stash functionality at all.

What if notmuch-crypto-process-mime just accepted the same values that
show --decrypt does, with the same meanings, e.g.:

┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
│                                     │ false │ auto │ true │ stash │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
│already known                        │       │      │      │       │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Use secret keys to show cleartext    │       │      │ X    │ X     │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Stash any  newly  recovered  session │       │      │      │ X     │
│keys, reindexing message if found    │       │      │      │       │
└─────────────────────────────────────┴───────┴──────┴──────┴───────┘

notmuch-crypto-process-mime is really only relevant for show anyway, so
I think this makes sense.

Users who want to chose to stash on a per-message basis would then need
to set notmuch-crypto-process-mime=true, and then do reindex
--decrypt=true if they want to stash.

jamie.

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (847 bytes) Download Attachment
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

On Tue 2018-06-12 23:07:33 -0700, Jameson Graef Rollins wrote:

> What if notmuch-crypto-process-mime just accepted the same values that
> show --decrypt does, with the same meanings, e.g.:
>
> ┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
> │                                     │ false │ auto │ true │ stash │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
> │already known                        │       │      │      │       │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Use secret keys to show cleartext    │       │      │ X    │ X     │
> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
> │Stash any  newly  recovered  session │       │      │      │ X     │
> │keys, reindexing message if found    │       │      │      │       │
> └─────────────────────────────────────┴───────┴──────┴──────┴───────┘
>
> notmuch-crypto-process-mime is really only relevant for show anyway, so
> I think this makes sense.

I agree, i think this makes sense.  so these text strings could be
mapped straight through.

in addition to the strings, for the sake of supporting more native
elisp-y style, if notmuch-crypto-process-mime is set to nil it should
probably map to "false", and if it is set to t, it should probably map
to "true".

wdyt?

        --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

Daniel Kahn Gillmor <[hidden email]> writes:

> On Tue 2018-06-12 23:07:33 -0700, Jameson Graef Rollins wrote:
>> What if notmuch-crypto-process-mime just accepted the same values that
>> show --decrypt does, with the same meanings, e.g.:
>>
>> ┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
>> │                                     │ false │ auto │ true │ stash │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
>> │already known                        │       │      │      │       │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Use secret keys to show cleartext    │       │      │ X    │ X     │
>> ├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
>> │Stash any  newly  recovered  session │       │      │      │ X     │
>> │keys, reindexing message if found    │       │      │      │       │
>> └─────────────────────────────────────┴───────┴──────┴──────┴───────┘
>>
>> notmuch-crypto-process-mime is really only relevant for show anyway, so
>> I think this makes sense.
>
> I agree, i think this makes sense.  so these text strings could be
> mapped straight through.
>

What about using symbols and some kind of case? less efficient but
better error checking

d
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

On Wed 2018-06-13 13:25:54 -0300, David Bremner wrote:
> What about using symbols and some kind of case? less efficient but
> better error checking

symbols would also make for a more brittle interaction between future
versions of the notmuch cli and notmuch-emacs, but i agree that the
error checking would probably be worth it (it's not hard to update the
list of symbols if a new option gets added to "show --decrypt".

also, it looks like notmuch-mua-reply reasons about
notmuch-show-process-crypto to create the --decrypt= arg for "notmuch
reply".  "notmuch reply" doesn't have --decrypt=stash (and i don't think
there's any sensible workflow that would warrant puting it there) so
some reasoning needs to be done there.  symbols would make that a more
sensible approach.

         --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

On Wed, Jun 13 2018, Daniel Kahn Gillmor <[hidden email]> wrote:

> On Wed 2018-06-13 13:25:54 -0300, David Bremner wrote:
>> What about using symbols and some kind of case? less efficient but
>> better error checking
>
> symbols would also make for a more brittle interaction between future
> versions of the notmuch cli and notmuch-emacs, but i agree that the
> error checking would probably be worth it (it's not hard to update the
> list of symbols if a new option gets added to "show --decrypt".
>
> also, it looks like notmuch-mua-reply reasons about
> notmuch-show-process-crypto to create the --decrypt= arg for "notmuch
> reply".  "notmuch reply" doesn't have --decrypt=stash (and i don't think
> there's any sensible workflow that would warrant puting it there) so
> some reasoning needs to be done there.  symbols would make that a more
> sensible approach.
I'm not sure exactly what you mean by "symbols", but I'm working on
something that will turn notmuch-crypto-process-mime into a choice
custom with constant values.  A separate derived value will be used to
provide the correct bool to notmuch-show-process-crypto.

I'll provide another iteration that we can discuss.

jamie.

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (847 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

In reply to this post by Daniel Kahn Gillmor
Introduce notmuch-crypto-store-session-keys customization variable to
control stashing of session keys.  If non-nil any session keys
recovered during decryption will be stored in the database.

This is just a switch to have --decrypt= use "stash" instead of
"true".
---
This seems like the simplest approach, to just add a new variable to
control session key stashing.  Much simpler that reworking the meaning
of notmuch-crypto-process-mime.

 emacs/notmuch-crypto.el | 10 ++++++++++
 emacs/notmuch-query.el  |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el
index fc2b5301..e1943f53 100644
--- a/emacs/notmuch-crypto.el
+++ b/emacs/notmuch-crypto.el
@@ -43,6 +43,16 @@ mode."
   :package-version '(notmuch . "0.25")
   :group 'notmuch-crypto)
 
+(defcustom notmuch-crypto-store-session-keys nil
+  "Should session keys from decrypted messages be stored in database?
+
+If this variable is non-nil session keys recovered from decrypted
+messages will be stored in the database.  See notmuch-show(1) for
+more information."
+  :type 'boolean
+  :package-version '(notmuch . "0.28")
+  :group 'notmuch-crypto)
+
 (defface notmuch-crypto-part-header
   '((((class color)
       (background dark))
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..3e6bc8b1 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,9 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
- (setq args (append args '("--decrypt=true"))))
+        (if notmuch-crypto-store-session-keys
+            (setq args (append args '("--decrypt=stash")))
+          (setq args (append args '("--decrypt=true")))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
--
2.17.1

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

thanks for working on this, Jamie!

On Sun 2018-06-17 17:31:38 -0700, Jameson Graef Rollins wrote:

> Introduce notmuch-crypto-store-session-keys customization variable to
> control stashing of session keys.  If non-nil any session keys
> recovered during decryption will be stored in the database.
>
> This is just a switch to have --decrypt= use "stash" instead of
> "true".
> ---
> This seems like the simplest approach, to just add a new variable to
> control session key stashing.  Much simpler that reworking the meaning
> of notmuch-crypto-process-mime.
This looks like it would work, but calling it
notmuch-crypto-store-session-keys is a bit confusing, because based on
the name it looks like it would apply to many places (e.g. during
message sending, should a session key be stored when the outbound
message is fcc'ed?), but based on the implementation it only matters
during "show".

Should its name be notmuch-show-store-session-keys instead?

also, i think the description of the variable setting should be clearer
about its scope, and about the implications of setting it to non-nil
(e.g. needing read/write access to the notmuch db to view all messages)

      --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

On Mon, Jun 18 2018, Daniel Kahn Gillmor <[hidden email]> wrote:
> This looks like it would work, but calling it
> notmuch-crypto-store-session-keys is a bit confusing, because based on
> the name it looks like it would apply to many places (e.g. during
> message sending, should a session key be stored when the outbound
> message is fcc'ed?), but based on the implementation it only matters
> during "show".
>
> Should its name be notmuch-show-store-session-keys instead?

I feel like it should be under the notmuch-crypto customization group,
not notmuch-show.  notmuch-crypto-show-store-session-keys ?

> also, i think the description of the variable setting should be clearer
> about its scope, and about the implications of setting it to non-nil
> (e.g. needing read/write access to the notmuch db to view all messages)

I will clarify the docs once we decide on variable name.

jamie.

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (847 bytes) Download Attachment
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

On Mon 2018-06-18 15:49:45 -0700, Jameson Graef Rollins wrote:
> On Mon, Jun 18 2018, Daniel Kahn Gillmor <[hidden email]> wrote:
>
>> Should its name be notmuch-show-store-session-keys instead?
>
> I feel like it should be under the notmuch-crypto customization group,
> not notmuch-show.  notmuch-crypto-show-store-session-keys ?

how about:

    notmuch-crypto-store-session-keys-on-show

?

        --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

On Mon, Jun 18 2018, Daniel Kahn Gillmor <[hidden email]> wrote:
> how about:
>
>     notmuch-crypto-store-session-keys-on-show

Works for me.
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

In reply to this post by Jameson Graef Rollins
Jameson Graef Rollins <[hidden email]> writes:

> On Mon, Jun 18 2018, Daniel Kahn Gillmor <[hidden email]> wrote:
>> This looks like it would work, but calling it
>> notmuch-crypto-store-session-keys is a bit confusing, because based on
>> the name it looks like it would apply to many places (e.g. during
>> message sending, should a session key be stored when the outbound
>> message is fcc'ed?), but based on the implementation it only matters
>> during "show".
>>
>> Should its name be notmuch-show-store-session-keys instead?
>
> I feel like it should be under the notmuch-crypto customization group,
> not notmuch-show.  notmuch-crypto-show-store-session-keys ?
>

I'm fine with whatever you and dkg decide for a name, but note that the
customization group is independent from the name; you just choose
whatever group you want in the defcustom.

d
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

On Tue, Jun 19 2018, David Bremner <[hidden email]> wrote:
> I'm fine with whatever you and dkg decide for a name, but note that the
> customization group is independent from the name; you just choose
> whatever group you want in the defcustom.

Oh, I didn't realize that.  I thought they were linked.  In that case
I'll go with:

notmuch-show-store-session-keys

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (847 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

In reply to this post by Jameson Graef Rollins
Introduce notmuch-crypto-store-session-keys customization variable to
control stashing of session keys.  If non-nil any session keys
recovered during decryption will be stored in the database.

This is just a switch to have --decrypt= use "stash" instead of
"true".
---
 emacs/notmuch-crypto.el | 15 +++++++++++++++
 emacs/notmuch-query.el  |  4 +++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el
index fc2b5301..26ce19b4 100644
--- a/emacs/notmuch-crypto.el
+++ b/emacs/notmuch-crypto.el
@@ -43,6 +43,21 @@ mode."
   :package-version '(notmuch . "0.25")
   :group 'notmuch-crypto)
 
+(defcustom notmuch-show-stash-session-keys nil
+  "Should session keys be stashed when decrypting messages for display?
+
+If this variable is non-nil session keys recovered while
+decrypting messages for display will be stored in the database.
+See description of --decrypt option in notmuch-show(1) for more
+information.
+
+NOTE: Stashing encryption session keys requires opening the
+notmuch database in read/write mode, which is not normally done
+when retrieving messages for display."
+  :type 'boolean
+  :package-version '(notmuch . "0.28")
+  :group 'notmuch-crypto)
+
 (defface notmuch-crypto-part-header
   '((((class color)
       (background dark))
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..e53c9489 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,9 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
- (setq args (append args '("--decrypt=true"))))
+        (if notmuch-show-stash-session-keys
+            (setq args (append args '("--decrypt=stash")))
+          (setq args (append args '("--decrypt=true")))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
--
2.17.1

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

In reply to this post by Jameson Graef Rollins
Introduce notmuch-show-store-session-keys customization variable to
control stashing of session keys.  If non-nil any session keys
recovered during decryption will be stored in the database.

This is just a switch to have --decrypt= use "stash" instead of
"true".
---
Gah forgot to update the commit message.  Sorry.

 emacs/notmuch-crypto.el | 15 +++++++++++++++
 emacs/notmuch-query.el  |  4 +++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el
index fc2b5301..26ce19b4 100644
--- a/emacs/notmuch-crypto.el
+++ b/emacs/notmuch-crypto.el
@@ -43,6 +43,21 @@ mode."
   :package-version '(notmuch . "0.25")
   :group 'notmuch-crypto)
 
+(defcustom notmuch-show-stash-session-keys nil
+  "Should session keys be stashed when decrypting messages for display?
+
+If this variable is non-nil session keys recovered while
+decrypting messages for display will be stored in the database.
+See description of --decrypt option in notmuch-show(1) for more
+information.
+
+NOTE: Stashing encryption session keys requires opening the
+notmuch database in read/write mode, which is not normally done
+when retrieving messages for display."
+  :type 'boolean
+  :package-version '(notmuch . "0.28")
+  :group 'notmuch-crypto)
+
 (defface notmuch-crypto-part-header
   '((((class color)
       (background dark))
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..e53c9489 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,9 @@ is a possibly empty forest of replies.
 "
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
- (setq args (append args '("--decrypt=true"))))
+        (if notmuch-show-stash-session-keys
+            (setq args (append args '("--decrypt=stash")))
+          (setq args (append args '("--decrypt=true")))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))
 
--
2.17.1

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

This is looking good to me, thanks!

two more bits of nit-pickery below:

On Tue 2018-06-19 08:20:12 -0700, Jameson Graef Rollins wrote:
> +(defcustom notmuch-show-stash-session-keys nil
> +  "Should session keys be stashed when decrypting messages for display?
> +
> +If this variable is non-nil session keys recovered while
> +decrypting messages for display will be stored in the database.
> +See description of --decrypt option in notmuch-show(1) for more
> +information.

do we want to include a warning here about the security of the index?
setting this value to true not only stashes the session keys, but it
also indexes the cleartext.  at the moment we're not directing people to
the same kind of warnings ("Be aware that the index… DO NOT USE …
without considering the security of your index.") that are present
already in notmuch-reindex(1) and notmuch-new(1) and notmuch-insert(1).
Perhaps notmuch-show(1) needs the same boilerplate warning, and we could
replicate some short version of it here too?

> +NOTE: Stashing encryption session keys requires opening the
> +notmuch database in read/write mode, which is not normally done

i'd say "not otherwise done" instead of "not normally done", since we
don't want to claim that people who use this feature aren't "normal" :)

      --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment
Jameson Graef Rollins Jameson Graef Rollins
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

In reply to this post by Jameson Graef Rollins
On Tue, Jun 19 2018, Jameson Graef Rollins <[hidden email]> wrote:
> Introduce notmuch-show-store-session-keys customization variable to
> control stashing of session keys.  If non-nil any session keys
> recovered during decryption will be stored in the database.
>
> This is just a switch to have --decrypt= use "stash" instead of
> "true".
> ---
> Gah forgot to update the commit message.  Sorry.

Sorry, this is the one to use, since I messed up the commit message on
the first.  So sorry for all the screw ups.

jamie.
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
12