Thanks David! I updated the Wiki accordingly. This issue can be closed from my point of view. Best, Rainer David Bremner writes: > Rainer Gemulla writes: > >> Hi all, >> >> when a message contains an text/plain part that is signed via inline pgp and shown in notmuch-show-mode, verification of that part's signature via epa-mail-verify or epa-verify-region fails. >> >> The reason is that the hooks in notmuch-show-insert-text/plain-hook modify the text (and thus the signature becomes invalid). Calling notmuch-show-pipe-part with "gpg --verify" works as expected and verifies the correctness of the signature. >> >> Not sure what to do about this, but I find the current behavior confusing. The notmuch emacstips documentation also (implicitly) states that verification of inline pgp can be done via the epa-* functions. >> > > That documentation is wiki. That means both that you should take it with > a grain of salt, and that we welcome updates to it > > https://notmuchmail.org/wikiwriteaccess/ > >> One option may be to document this behavior. Another one to add a >> function like notmuch-crypto-verify-part (which is what I currently >> do). > > I suppose that you could also customize notmuch-show-insert-text/plain-hook > >> And/or one may be verify each inline pgp signature part by >> default (when crypto processing is enabled) and add a "crypto button". > > As far as documentation in the wiki there is a FAQ about (non) support > for inline PGP. I think dkg (in copy) was working on decryption of > inline PGP, but explicitely not on verifying signatures. You can read a > summary of his issues with inline PGP signatures at > > https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/