Hi David, all-- On Sun 2021-02-21 15:21:30 +0000, David Edmondson wrote: > I started looking at how to add autocrypt support based on > https://git.sr.ht/~zge/autocrypt. Thanks for this work, i'm glad to see the interest in autocrypt! I tend to think that the autocrypt handling belongs in libnotmuch, and not just in the emacs frontend, so i'm a bit concerned about what we'll have to prune out of the emacs frontend if we do manage to land the features in libnotmuch itself. I want it in libnotmuch and in the cli because: a) i want the database to hold the autocrypt tables, so that it can be dumped/restored between notmuch-based clients b) i want non-emacs frontends of notmuch to be able to make use of it relatively easily. that said, i've failed to get the code into shape for libnotmuch yet, and i also don't want to block this work -- i want to see more autocrypt adoption generally, and i'm feeling guilty for having been so tardy in getting ito into notmuch. My general outline for getting autocrypt into notmuch is the following list of steps. it's a fairly long list, but each step shouldn't be a huge amount of work. 0) augment the database so that it can store the autocrypt "peers" table and the autocrypt "accounts" table, and they can be dumped and restored. see https://autocrypt.org/level1.html#autocrypt-internal-state 1) add a configuration option that affects "notmuch {new,insert,reindex}" that ingests the loading of autocrypt headers according to the standard policy for updating the peer state (see https://autocrypt.org/level1.html#updating-autocrypt-peer-state) 2) add a configuration option that affects "notmuch {new,insert,reindex}" that enables detection of any Autocrypt Setup Message from another client sharing the same inbox, and adjusts the "accounts" table appropriately. 3) add a "notmuch autocrypt" subcommand with its own subsubcommands: "notmuch autocrypt enable [mutual]" and "notmuch autocrypt disable " -- these subsubcommands update the "accounts" table as well. 4) add "notmuch autocrypt generate-setup-message" subsubcommand for enabled accounts that produces its own self-targeted Autocrypt Setup Message on stdout, which can be injected into the mailsystem by the user's notmuch setup. 5) Add "notmuch autocrypt prune" subsubcommand which clears accumulated cruft from the autocrypt peers table 6) in libnotmuch, if is a source e-mail address, and is a set of destination addresses, add is a boolean, a new function notmuch_autocrypt_recommendation(, , ) that returns an Autocrypt Recommendation (ui-recommendation and a set of target-keys, see https://autocrypt.org/level1.html#provide-a-recommendation-for-message-encryption) 7) add a new subsubcommand that exposes notmuch_autocrypt_recommendation() to the cli. 8) emacs frontend work during message composition (i have no idea how to do this) -- dynamically adjust the message composition buffer as the from, to, cc, and bcc fields change to show the current autocrypt recommendation status, in combination with the ability for the user to manually turn on encryption (if available) or off (if on by default). 9) more emacs frontend work -- at send time (at the end of composition) if the autocrypt recommendation is encrypt, or if it's available and the user has manually turned it on, encrypt the message using standard autocrypt format (which is just PGP/MIME, using the recommended keys). It's possible that (9) could be replaced with a new subcommand like "notmuch send" which could have a "--autocrypt-checked" argument, such that the notmuch cli actually does the full encryption for the user, or acts as some sort of filter for the outgoing message. there might also be some library-level work that could use notmuch and gmime to translate the message this way; I haven't really pieced those things together, or how they would integrate into the emacs frontend, but the steps laid out above seem to be necessary for that to happen in either case. I'd love any collaboration on this -- especially for the parts that i don't know how to do at all, like the emacs composition window frontend -- but also on the earlier parts, as i've been procrastinating on it for too long. David, do you think this plan will collide with the series you're proposing? do you see problems or downsides with the plan sketched here (other than it not existing 😛)? > Sending seems straightforward, as far as I understand autocrypt, at > least. https://autocrypt.org and the #autocrypt channel on freenode are both good resources for understanding autocrypt in more detail, fwiw. --dkg