It took me a while before I figured out how to read OpenPGP encrypted email with the emacs interface to notmuch. I thought it would be useful to the list the steps that I go through to read encrypted email, both for people who are wondering the same thing, but also hopefully to spur a discussion about how to improve the process, as it is clearly problematic and annoying. At the moment, if you simply hit 'v' on a message that contains a PGP/MIME encoded email part, the notmuch attachment viewer seems to do the right thing and ask you about decrypting the message, but then it puts the result in some mysterious place, or closes that window immediately. However, there is a set of steps that let you work around this. Its a pain to do, and I'm not skilled enough in elisp to know how to pull all of that together into something that fixes the problem. These are the steps I can go through to read encrypted email: 1. Determine if there is a PGP/MIME part, or if the message is in-line encrypted. PGP/MIME messages typically have no interesting body, although they could, but they do have: Attachment: (null) (application/pgp-encrypted) Content-type: application/octet-stream Non-text part: application/octet-stream If you look closer at the mime parts, you see that the above is represented as follows: mimepart_4b47a295c184f_2474..fdbe903a82212 Content-Type: application/pgp-encrypted Content-Disposition: attachment Version: 1 mimepart_4b47a295c184f_2474..fdbe903a82212 Content-Type: application/octet-stream; charset=3DUTF-8 Content-Disposition: inline; filename=3Dmessage.asc in-line PGP messages have the encrypted chunk in the body of the message itself, which can be seen when you view the message. It always starts with this header: ----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.6 (GNU/Linux) and ends with this one: ----END PGP MESSAGE----- (Obviously the Version line is going to be different, depending on the implementation, but I believe it is always there with an ascii armored OpenPGP blob) 2. If it is a PGP/MIME message, then you have to hit 'V' to view the raw message, otherwise if it is in-line PGP you would skip this step and go to 3. 3. using emacs selection, select the region that is bounded by the header and footer of the PGP ASCII armored blob, as described above. 4. M-x epa-decrypt-region (i think this only will work in emacs23) 5. You are asked, "Replace the original text? (y/n)", I think it is not worth doing so, but see what you think. 6. Now the window is split in three: the original raw message from notmuch; the result of the pgp verification of the data ("Good signature from...") appears in a small window (this is good information!); and then the decrypted text. 7. after reading the message, you have to kill a bunch of buffers, and if you want to reply to the message, you have to do some annoying return to the original message, after copying the text you wish to quote.... So what is the desired behavior? I think that the emacs mode should detect pgp messages, in-line or PGP/MIME and when they are viewed (notmuch show) they should be decrypted and verified. The decrypted text should just replace the encrypted text, and the signature verification should also be represented in a useful way (it is very important to know if a signed/encrypted message has a bad signature, or doesn't verify!), and it should clean-up nicely so you don't have to kill a bunch of windows. mutt deals with inline pgp by just looking in each message, as it is displayed (with a display hook) for the following in the body: "^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"' for pgp/MIME, mutt enables you to set various pgp customizable commands to make things work, however these pieces may be taken care of with epa-mode. Hopefully someone can take this and run with it, improving the emacs UI so that it is able to handle this automatically! micah