From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto
Date: Wed, 25 Oct 2017 02:51:56 -0400 [thread overview]
Message-ID: <20171025065203.24403-12-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20171025065203.24403-1-dkg@fifthhorseman.net>
we also include --try-decrypt=auto in the tab completion.
---
completion/notmuch-completion.bash | 6 +++---
doc/man1/notmuch-insert.rst | 16 ++++++++++------
doc/man1/notmuch-new.rst | 10 +++++++---
doc/man1/notmuch-reindex.rst | 23 ++++++++++++++---------
4 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash
index 2703d542..53d7380b 100644
--- a/completion/notmuch-completion.bash
+++ b/completion/notmuch-completion.bash
@@ -288,7 +288,7 @@ _notmuch_insert()
return
;;
--try-decrypt)
- COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
return
;;
esac
@@ -320,7 +320,7 @@ _notmuch_new()
$split &&
case "${prev}" in
--try-decrypt)
- COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
return
;;
esac
@@ -442,7 +442,7 @@ _notmuch_reindex()
$split &&
case "${prev}" in
--try-decrypt)
- COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
+ COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) )
return
;;
esac
diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst
index e2bf37d0..a5505b5b 100644
--- a/doc/man1/notmuch-insert.rst
+++ b/doc/man1/notmuch-insert.rst
@@ -50,14 +50,18 @@ Supported options for **insert** include
``--no-hooks``
Prevent hooks from being run.
- ``--try-decrypt=(true|false)``
+ ``--try-decrypt=(true|auto|false)``
- If true and the message is encrypted, try to decrypt the
- message while indexing. If decryption is successful, index
+ If ``true`` and the message is encrypted, try to decrypt the
+ message while indexing. If ``auto``, and notmuch already
+ knows about a session key for the message, it will try
+ decrypting using that session key but will not try to access
+ the user's secret keys. If decryption is successful, index
the cleartext itself. Either way, the message is always
- stored to disk in its original form (ciphertext). Be aware
- that the index is likely sufficient to reconstruct the
- cleartext of the message itself, so please ensure that the
+ stored to disk in its original form (ciphertext).
+
+ Be aware that the index is likely sufficient to reconstruct
+ the cleartext of the message itself, so please ensure that the
notmuch message index is adequately protected. DO NOT USE
``--try-decrypt=true`` without considering the security of
your index.
diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst
index bc26aa48..d8cb77f5 100644
--- a/doc/man1/notmuch-new.rst
+++ b/doc/man1/notmuch-new.rst
@@ -43,11 +43,15 @@ Supported options for **new** include
``--quiet``
Do not print progress or results.
- ``--try-decrypt=(true|false)``
+ ``--try-decrypt=(true|auto|false)``
- If true, when encountering an encrypted message, try to
+ If ``true``, when encountering an encrypted message, try to
decrypt it while indexing. If decryption is successful, index
- the cleartext itself. Be aware that the index is likely
+ the cleartext itself. If ``auto``, try to use any session key
+ already known to belong to this message, but do not attempt to
+ use the user's secret keys.
+
+ Be aware that the index is likely
sufficient to reconstruct the cleartext of the message itself,
so please ensure that the notmuch message index is adequately
protected. DO NOT USE ``--try-decrypt=true`` without
diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 21f6c7a9..b15981a2 100644
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -21,15 +21,20 @@ messages using the supplied options.
Supported options for **reindex** include
- ``--try-decrypt=(true|false)``
-
- If true, when encountering an encrypted message, try to
- decrypt it while reindexing. If decryption is successful,
- index the cleartext itself. Be aware that the index is likely
- sufficient to reconstruct the cleartext of the message itself,
- so please ensure that the notmuch message index is adequately
- protected. DO NOT USE ``--try-decrypt=true`` without
- considering the security of your index.
+ ``--try-decrypt=(true|auto|false)``
+
+ If ``true``, when encountering an encrypted message, try to
+ decrypt it while reindexing. If ``auto``, and notmuch already
+ knows about a session key for the message, it will try
+ decrypting using that session key but will not try to access
+ the user's secret keys. If decryption is successful, index
+ the cleartext itself.
+
+ Be aware that the index is likely sufficient to reconstruct
+ the cleartext of the message itself, so please ensure that the
+ notmuch message index is adequately protected. DO NOT USE
+ ``--try-decrypt=true`` without considering the security of
+ your index.
See also ``index.try_decrypt`` in **notmuch-config(1)**.
--
2.14.2
next prev parent reply other threads:[~2017-10-25 6:52 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 6:51 Stashed session keys Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 01/18] mime-node: handle decrypt_result more safely Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 02/18] crypto: add _notmuch_crypto_decrypt wrapper function Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available Daniel Kahn Gillmor
2017-10-26 19:00 ` Daniel Kahn Gillmor
2017-11-14 13:02 ` David Bremner
2017-11-14 13:54 ` Daniel Kahn Gillmor
2017-11-15 12:59 ` David Bremner
2017-10-25 6:51 ` [PATCH 04/18] test/corpora: add an encrypted message for index decryption tests Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys Daniel Kahn Gillmor
2017-11-14 13:13 ` David Bremner
2017-11-14 13:58 ` Daniel Kahn Gillmor
2017-11-14 14:27 ` David Bremner
2017-10-25 6:51 ` [PATCH 06/18] lib: convert notmuch decryption policy to an enum Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 07/18] crypto: new decryption policy "auto" Daniel Kahn Gillmor
2017-11-11 23:14 ` Jameson Graef Rollins
2017-11-12 3:39 ` Daniel Kahn Gillmor
2017-11-12 15:26 ` Jameson Graef Rollins
2017-11-14 13:21 ` David Bremner
2017-10-25 6:51 ` [PATCH 08/18] cli/reply: use decryption policy "auto" by default Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 09/18] cli/show: " Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 10/18] cli/show, reply: document use of stashed session keys in notmuch-properties Daniel Kahn Gillmor
2017-10-25 6:51 ` Daniel Kahn Gillmor [this message]
2017-11-15 20:02 ` [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto David Bremner
2017-10-25 6:51 ` [PATCH 12/18] crypto: record whether an actual decryption attempt happened Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default Daniel Kahn Gillmor
2017-11-16 12:40 ` David Bremner
2017-11-30 6:16 ` Daniel Kahn Gillmor
2017-10-25 6:51 ` [PATCH 14/18] cli/reindex: destroy stashed session keys when --try-decrypt=false Daniel Kahn Gillmor
2017-10-25 6:52 ` [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true Daniel Kahn Gillmor
2017-11-16 12:53 ` David Bremner
2017-11-30 15:57 ` Daniel Kahn Gillmor
2017-12-02 1:56 ` David Bremner
2017-10-25 6:52 ` [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys Daniel Kahn Gillmor
2017-10-25 14:46 ` Daniel Kahn Gillmor
2017-11-16 13:02 ` David Bremner
2017-10-25 6:52 ` [PATCH 17/18] docs: clean up documentation about decryption policies Daniel Kahn Gillmor
2017-10-25 6:52 ` [PATCH 18/18] python: add try_decrypt argument to Database.index_file() Daniel Kahn Gillmor
2017-11-16 13:06 ` David Bremner
2017-11-30 15:58 ` Daniel Kahn Gillmor
2017-11-11 7:56 ` Stashed session keys Daniel Kahn Gillmor
2017-11-11 23:31 ` Jameson Graef Rollins
2017-11-12 3:51 ` Daniel Kahn Gillmor
2017-11-12 15:15 ` Jameson Graef Rollins
2017-11-12 18:51 ` Daniel Kahn Gillmor
2017-11-15 22:41 ` meskio
2017-11-16 16:03 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171025065203.24403-12-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).