Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id ABC0D6DE1B25 for ; Sun, 31 Jan 2016 12:40:16 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KoK8TWdLVPHZ for ; Sun, 31 Jan 2016 12:40:15 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by arlo.cworth.org (Postfix) with ESMTP id 70A176DE17BD for ; Sun, 31 Jan 2016 12:40:09 -0800 (PST) Received: from fifthhorseman.net (ip-64-134-185-108.public.wayport.net [64.134.185.108]) by che.mayfirst.org (Postfix) with ESMTPSA id 60EBCF99D for ; Sun, 31 Jan 2016 15:40:06 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 26E432024D; Sun, 31 Jan 2016 15:40:06 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: Allow indexing cleartext of encrypted messages (v3) Date: Sun, 31 Jan 2016 15:39:45 -0500 Message-Id: <1454272801-23623-1-git-send-email-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.7.0.rc3 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2016 20:40:16 -0000 This is the third draft of the series initially announced in id:1449718786-28000-1-git-send-email-dkg@fifthhorseman.net (second draft was in id:1453258369-7366-1-git-send-email-dkg@fifthhorseman.net). It differs from v2 in that it incorporates the recent improvements in detecting and processing S/MIME signatures. >From the v2 description: > Notmuch currently doesn't index the cleartext of encrypted mail. This > is the right choice by default, because the index is basically > cleartext-equivalent, and we wouldn't want every indexed mailstore to > leak the contents of its encrypted mails. > > However, if a notmuch user has their index in a protected location, > they may prefer the convenience of being able to search the contents > of (at least some of) their encrypted mail. > > This series of patches enables notmuch to index the cleartext of > specific encrypted messages when they're being added via "notmuch new" > or "notmuch insert", via a new --try-decrypt flag. > > If --try-decrypt is used, and decryption is successful for part of a > message, the message gets an additional "index-decrypted" tag. If > decryption of part of a message fails, the message gets an additional > "index-decryption-failed" tag. v2 addresses the concerns raised from the helpful feedback on the previous series, and adds a notmuch_indexopts_t object that can be used to declare options for indexing messages, including a "try_decrypt" boolean. Additionally, this series adds a new function to libnotmuch: notmuch_message_reindex (notmuch_message_t *message, notmuch_indexopts_t *indexopts) Which allows user of the library to adjust the indexing options of a given message. The CLI is additionally augmented with a new notmuch subcommand, "notmuch reindex", which also has a --try-decrypt flag. So a user who has their message index stored securely and wants to index the cleartext of all encrypted messages they've received can do something like: notmuch reindex --try-decrypt tag:encrypted and not tag:index-decrypted Or can clear all indexed cleartext from their database with: notmuch reindex tag:encrypted and tag:index-decrypted