Stashed session keys

classic Classic list List threaded Threaded
47 messages Options
123
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys

Daniel Kahn Gillmor <[hidden email]> writes:

> +        DO NOT USE ``index.try_decrypt=true`` or ``index-only``
> +        without considering the security of your index.

is index-only a typo there?

As a future improvement it would be nice to reduce some of the
documentation cut and paste for common options, perhaps with include
files? As long as the solution isn't worse than the problem of course.

> +test_expect_equal \
> +    "$output" \
> +    "$expected"
> +
> +
> +
> +

Is there some reason for all those blank lines?

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file()

In reply to this post by Daniel Kahn Gillmor
Daniel Kahn Gillmor <[hidden email]> writes:

> @@ -454,10 +487,19 @@ class Database(object):
>                :attr:`STATUS`.READ_ONLY_DATABASE
>                        Database was opened in read-only mode so no message can
>                        be added.
> +

looks like a random blank line

>          """
>          self._assert_db_is_initialized()
>          msg_p = NotmuchMessageP()
> -        status = self._index_file(self._db, _str(filename), c_void_p(None), byref(msg_p))
> +        indexopts = c_void_p(None)
> +        if try_decrypt is not None:
> +            indexopts = self._get_default_indexopts(self._db)
> +            self._indexopts_set_try_decrypt(indexopts, try_decrypt)
> +
> +        status = self._index_file(self._db, _str(filename), indexopts, byref(msg_p))
> +
> +        if indexopts:
> +            self._indexopts_destroy(indexopts)
>  
>          if not status in [STATUS.SUCCESS, STATUS.DUPLICATE_MESSAGE_ID]:
>              raise NotmuchError(status)
> diff --git a/bindings/python/notmuch/globals.py b/bindings/python/notmuch/globals.py
> index b1eec2cf..71426c84 100644
> --- a/bindings/python/notmuch/globals.py
> +++ b/bindings/python/notmuch/globals.py
> @@ -88,3 +88,8 @@ NotmuchDirectoryP = POINTER(NotmuchDirectoryS)
>  class NotmuchFilenamesS(Structure):
>      pass
>  NotmuchFilenamesP = POINTER(NotmuchFilenamesS)
> +
> +
> +class NotmuchIndexoptsS(Structure):
> +    pass
> +NotmuchIndexoptsP = POINTER(NotmuchIndexoptsS)
> --
> 2.14.2

I think this new bindings functionality needs a test.
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: Stashed session keys

In reply to this post by Ruben Pollan
Hi meskio--

On Wed 2017-11-15 23:41:28 +0100, meskio wrote:
> Nice feature. I'm using it and it works fine. I notice some speed up, improving
> the painfulness of reading long encrypted threads in alot. And I like to don't
> be able to have around my old private keys.

cool, i'm glad it's working for you!

> I implemented some support for it in alot (using the patch I just sent adding
> notmuch_message_get_property to the python binding):
> https://github.com/meskio/alot/tree/session-key

very nice :)

     --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default

In reply to this post by David Bremner-2
On Thu 2017-11-16 08:40:41 -0400, David Bremner wrote:

> Daniel Kahn Gillmor <[hidden email]> writes:
>
>> The new "auto" decryption policy is not only good for "notmuch show"
>> and "notmuch reindex".  It's also useful for indexing messages --
>> there's no good reason to not try to go ahead and index the cleartext
>> of a message that we have a stashed session key for.
>
> I'm confused here. You talk about indexing other than reindex, but the
> only tests that change are reindex? Is this meant to change "notmuch
> new" behaviour?

the "auto" policy won't change the behavior of notmuch upon seeing a new
message (new, insert) from "false" -- all it does differently from
"false" is try to use session keys when they are available (and there's
no way for them to be available on a never-before-seen message).

   --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true

In reply to this post by David Bremner-2
On Thu 2017-11-16 08:53:14 -0400, David Bremner wrote:
> I'd be happier if we didn't further entrench the text format in the test
> suite. How hard would it be to use json output (+maybe python?) here?

json output seems clunkier to me, and i don't think it's necessary for
the purposes of these tests.  Using python here isn't possible without
updating the python bindings to accomodate decryption policy, which
doesn't come until later in the series.

so i'd prefer to leave it as-is, but i wouldn't object if someone wanted
to propose a good patch to these tests that uses json.

          --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file()

In reply to this post by David Bremner-2
On Thu 2017-11-16 09:06:09 -0400, David Bremner wrote:
> I think this new bindings functionality needs a test.

agreed, the python bindings do need to be added to the test suite (this
is also true in the newer version of the series).

I'm happy to add those tests as a condition of getting the python
bindings merged, but i hope they won't block the review and merge of the
rest of the series :)

      --dkg
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true

In reply to this post by Daniel Kahn Gillmor
Daniel Kahn Gillmor <[hidden email]> writes:

> On Thu 2017-11-16 08:53:14 -0400, David Bremner wrote:
>> I'd be happier if we didn't further entrench the text format in the test
>> suite. How hard would it be to use json output (+maybe python?) here?
>
> json output seems clunkier to me, and i don't think it's necessary for
> the purposes of these tests.  Using python here isn't possible without
> updating the python bindings to accomodate decryption policy, which
> doesn't come until later in the series.
>
> so i'd prefer to leave it as-is, but i wouldn't object if someone wanted
> to propose a good patch to these tests that uses json.
>
>           --dkg

At some point I had the idea that we should get rid of the text output
format.  Looking at e.g. notmuch-show.c the stuff related to text output
is not as ad hoc as I remember, so maybe I should just give up on that
idea.

d
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
123