Gnus: Store message in PGP-decrypted form

Gnus: Store message in PGP-decrypted form

[Marvin ‘quintus’ Gülker]

Dear List,

until recently I was using mutt for handling my e-mail. In my desire to
move as much of my daily workflow into Emacs as possible, I am currently
investigating whether Gnus suits my needs. So far, it is pretty nice. I
however often have PGP-encrypted conversations, and those are impossible
to properly search. Thus, on my local machine I store these messages in
unencrypted form. Because my hard drive is encrypted, I deem the
security risk arising here to be bearable for me.

mutt has a nice functionality named `decrypt-save'¹. This function
replaces the PGP-encrypted MIME part with its unencrypted content, thus
storing the message unencrypted on disk. This is exactly what I want.
How do I achieve that with Gnus?

Thank you for any hints in advance.

  -quintus

¹ http://mutt.org/doc/manual/#index-map

-- 
Blog: https://mg.guelker.eu

Re: Gnus: Store message in PGP-decrypted form

[Jamie Beardslee]

[-- Attachment #1: Type: text/plain, Size: 1387 bytes --]

It's not exactly what you want, but `epa-decrypt-region' usually works
for my needs.  In any case, here's a little function to decrypt some
saved mail.

(defun decrypt-saved-message (file &optional save)
  "Decrypt a plaintext mail FILE.
With prefix arg SAVE, save the decrypted contents."
  (interactive "F\nP")
  (require 'epa-mail)
  (let ((buffer (get-buffer-create
		 (format "%s *decrypted*"
			 (file-name-nondirectory file)))))
    (pop-to-buffer buffer)
    (insert-file-contents file)
    (while (re-search-forward "-----BEGIN PGP MESSAGE-----$" nil t)
      (setq armor-start (match-beginning 0)
	    armor-end (re-search-forward "^-----END PGP MESSAGE-----$"
					 nil t))
      (unless armor-end
	(error "Encryption armor beginning has no matching end"))
      (goto-char armor-start)
      (let* ((context (epg-make-context 'OpenPGP))
	     (decrypted (epg-decrypt-string
			 context
			 (buffer-substring armor-start armor-end))))
	(delete-region armor-start armor-end)
	(insert decrypted)))
    (when (or save (y-or-n-p "Save mail in decrypted form?"))
      (write-file file))))

It can be used interactively, or if you want to decrypt a bunch of saved
mails you can call it from lisp with a second argument:

(dolist (f '("~/mail1" "~/mail2" ...))
  (decrypt-saved-message f t))

Surely this can be hacked a bit to make gnus decrypt the mail before
saving...

--
Jamie

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]

Re: Gnus: Store message in PGP-decrypted form

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jamie Beardslee wrote:

> It's not exactly what you want, but
> `epa-decrypt-region' usually works for my needs.
> In any case, here's a little function to decrypt
> some saved mail.
>
> decrypt-saved-message [...]

Cool :)

But try this:

(require 'epa-mail)

(defvar armor-start)
(defvar armor-end)

(defun decrypt-saved-message (file &optional save) ...

Also, if you use "beg" instead of "start" it has as
many letters as "end" :)

Keep it uptime...

-- 
underground experts united
http://user.it.uu.se/~embe8573
https://dataswamp.org/~incal

Re: Gnus: Store message in PGP-decrypted form

[Jamie Beardslee]

[-- Attachment #1: Type: text/plain, Size: 348 bytes --]

I stole some of it from `epa-decrypt-armor-in-region' because
`epa-mail-decrypt' is interactive-only.

Ideally armor-start and armor-end should only be lexically bound, so
they should be in the let form:

(let ((buffer (get-buffer-create
		 (format "%s *decrypted*"
			 (file-name-nondirectory file))))
      armor-beg armor-end)
   ...)

--
Jamie

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]

Re: Gnus: Store message in PGP-decrypted form

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jamie Beardslee wrote:

> I stole some of it from
> `epa-decrypt-armor-in-region' because
> `epa-mail-decrypt' is interactive-only.
>
> Ideally armor-start and armor-end should only be
> lexically bound, so they should be in the let form:
>
> (let ((buffer (get-buffer-create
> 		 (format "%s *decrypted*"
> 			 (file-name-nondirectory file))))
>       armor-beg armor-end)
>    ...)

I know right?

-- 
underground experts united
http://user.it.uu.se/~embe8573
https://dataswamp.org/~incal

Re: Gnus: Store message in PGP-decrypted form

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 1358 bytes --]

Marvin ‘quintus’ Gülker [2020-06-09T10:02:22+02] wrote:

> until recently I was using mutt for handling my e-mail. In my desire
> to move as much of my daily workflow into Emacs as possible, I am
> currently investigating whether Gnus suits my needs. So far, it is
> pretty nice. I however often have PGP-encrypted conversations, and
> those are impossible to properly search.

Another email client option would be Notmuch Emacs. Notmuch is an
indexing system for mail and Notmuch Emacs is an email client based on
that. There is option index.decrypt which enables indexing of encrypted
messages (when user decrypts them). When the option is enabled the
message itself is kept in encrypted form in the file system but the
Notmuch database will contain normal indexed data about message's
content.

Optionally the Notmuch database can store the _session_ keys for all or
selected encrypted messages. With the stored session key a particular
message can be decrypted automatically.

(Note that session key is not user's private key. It is the random key
generated for the symmetric key encryption. In public key encryption
that random session key is encrypted with user's public key and
decrypted with private key.)

-- 
/// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 251 bytes --]

Re: Gnus: Store message in PGP-decrypted form

[Marvin ‘quintus’ Gülker]

Am Mittwoch, dem 10. Juni 2020 schrieb Teemu Likonen:
> Another email client option would be Notmuch Emacs. Notmuch is an
> indexing system for mail and Notmuch Emacs is an email client based on
> that.

Thank you for the hint. I already tried out mu4e as an e-mail client for
a few weeks. I did not like its usage paradigm, Gnu's group-based
approach is much more sensible to me. From what I see on Notmuch Emacs’
web page, it is similar in its approach to mu4e, so no, it will not do
for me. I simply do not feel comfortable with thinking of my mail as
entirely search-based. Folder filing is more intuitive to me, maybe
because I still handle quite a bit of snail mail as well.

That being said, mu does a nice job for searching my e-mail. I was
already using it with mutt for a long time.

> Optionally the Notmuch database can store the _session_ keys for all or
> selected encrypted messages. With the stored session key a particular
> message can be decrypted automatically.

This is an interesting approach, but really, I want my mail on my disk
simply unencrypted (with my hard disk itself, as already pointed out,
being encrypted with LUKS). If something compromises the PC I am working
on, it can just as well dig out that database or keylog my PGP key's
password. By storing the mail unencrypted I leave it open to be
processed by any tool I might ever switch to.

  -quintus

-- 
Blog: https://mg.guelker.eu

Re: Gnus: Store message in PGP-decrypted form

[Marvin ‘quintus’ Gülker]

Am Mittwoch, dem 10. Juni 2020 schrieb Jamie Beardslee:
> It's not exactly what you want, but `epa-decrypt-region' usually works
> for my needs.  In any case, here's a little function to decrypt some
> saved mail.

This looks already quite nice, thank you! It is a step in the right
direction, but both Gnus and mutt fail to display the message after it
has been modified this way. This is because the MIME structure is broken
by the lexical replacement. What is required is to remove the MIME part
which is application/pgp-encrypted and replace it with the decrypted
MIME structure contained therein; then the message's toplevel MIME type
needs to be adjusted.

I think I can implement that, and surely there's a way to get it hooked
up to Gnus somehow. If not, I will write again. For now, does somebody
know if there is an easy way to parse the MIME structure of a mail with
Elisp? I can surely just do what I need directly with text replacements,
but if there is an API for adding and removing MIME parts easily with
Elisp I would rather use that one. After all, Gnus needs to parse the
MIME structure somehow as well. Maybe I should just look at its source
code...

In any case, I infer that there is no pre-built way to achieve what I
want. Until I get this working (fiddling requires time...), I will thus
continue to use mutt for saving my PGP-encrypted in unencrypted form
mail.

  -quintus

-- 
Blog: https://mg.guelker.eu

Mail folders and searches

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

Marvin ‘quintus’ Gülker [2020-06-10T10:40:53+02] wrote:

> I simply do not feel comfortable with thinking of my mail as entirely
> search-based. Folder filing is more intuitive to me, [...]

The folder feel in Notmuch Emacs comes from named searches. They look
like folders and have user-chosen names except that they really trigger
configured searches.

Obviously you choose what is comfortable for you and Gnus is an
excellent choice. I just wanted to say that I like folder interface too.
The difference between Notmuch Emacs and concrete folder systems is that
in Notmuch the actual mail files don't need to be in similar concrete
file system directories.

-- 
/// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 251 bytes --]