From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 940E66DE1006 for ; Tue, 24 Oct 2017 23:52:13 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.037 X-Spam-Level: X-Spam-Status: No, score=-0.037 tagged_above=-999 required=5 tests=[AWL=-0.037] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zv2EkD8Qh5k0 for ; Tue, 24 Oct 2017 23:52:12 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 9F82C6DE0222 for ; Tue, 24 Oct 2017 23:52:12 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 4E1EEF9A0 for ; Wed, 25 Oct 2017 02:52:12 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id EE28021538; Wed, 25 Oct 2017 02:52:06 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto Date: Wed, 25 Oct 2017 02:51:56 -0400 Message-Id: <20171025065203.24403-12-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171025065203.24403-1-dkg@fifthhorseman.net> References: <20171025065203.24403-1-dkg@fifthhorseman.net> X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Oct 2017 06:52:13 -0000 we also include --try-decrypt=auto in the tab completion. --- completion/notmuch-completion.bash | 6 +++--- doc/man1/notmuch-insert.rst | 16 ++++++++++------ doc/man1/notmuch-new.rst | 10 +++++++--- doc/man1/notmuch-reindex.rst | 23 ++++++++++++++--------- 4 files changed, 34 insertions(+), 21 deletions(-) diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index 2703d542..53d7380b 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -288,7 +288,7 @@ _notmuch_insert() return ;; --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -320,7 +320,7 @@ _notmuch_new() $split && case "${prev}" in --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -442,7 +442,7 @@ _notmuch_reindex() $split && case "${prev}" in --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst index e2bf37d0..a5505b5b 100644 --- a/doc/man1/notmuch-insert.rst +++ b/doc/man1/notmuch-insert.rst @@ -50,14 +50,18 @@ Supported options for **insert** include ``--no-hooks`` Prevent hooks from being run. - ``--try-decrypt=(true|false)`` + ``--try-decrypt=(true|auto|false)`` - If true and the message is encrypted, try to decrypt the - message while indexing. If decryption is successful, index + If ``true`` and the message is encrypted, try to decrypt the + message while indexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index the cleartext itself. Either way, the message is always - stored to disk in its original form (ciphertext). Be aware - that the index is likely sufficient to reconstruct the - cleartext of the message itself, so please ensure that the + stored to disk in its original form (ciphertext). + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--try-decrypt=true`` without considering the security of your index. diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst index bc26aa48..d8cb77f5 100644 --- a/doc/man1/notmuch-new.rst +++ b/doc/man1/notmuch-new.rst @@ -43,11 +43,15 @@ Supported options for **new** include ``--quiet`` Do not print progress or results. - ``--try-decrypt=(true|false)`` + ``--try-decrypt=(true|auto|false)`` - If true, when encountering an encrypted message, try to + If ``true``, when encountering an encrypted message, try to decrypt it while indexing. If decryption is successful, index - the cleartext itself. Be aware that the index is likely + the cleartext itself. If ``auto``, try to use any session key + already known to belong to this message, but do not attempt to + use the user's secret keys. + + Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--try-decrypt=true`` without diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst index 21f6c7a9..b15981a2 100644 --- a/doc/man1/notmuch-reindex.rst +++ b/doc/man1/notmuch-reindex.rst @@ -21,15 +21,20 @@ messages using the supplied options. Supported options for **reindex** include - ``--try-decrypt=(true|false)`` - - If true, when encountering an encrypted message, try to - decrypt it while reindexing. If decryption is successful, - index the cleartext itself. Be aware that the index is likely - sufficient to reconstruct the cleartext of the message itself, - so please ensure that the notmuch message index is adequately - protected. DO NOT USE ``--try-decrypt=true`` without - considering the security of your index. + ``--try-decrypt=(true|auto|false)`` + + If ``true``, when encountering an encrypted message, try to + decrypt it while reindexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index + the cleartext itself. + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the + notmuch message index is adequately protected. DO NOT USE + ``--try-decrypt=true`` without considering the security of + your index. See also ``index.try_decrypt`` in **notmuch-config(1)**. -- 2.14.2