[notmuch] Handling encrypted email

micah micah at riseup.net
Mon Feb 15 09:55:29 PST 2010


It took me a while before I figured out how to read OpenPGP encrypted
email with the emacs interface to notmuch. I thought it would be useful
to the list the steps that I go through to read encrypted email, both
for people who are wondering the same thing, but also hopefully to spur
a discussion about how to improve the process, as it is clearly
problematic and annoying.

At the moment, if you simply hit 'v' on a message that contains a
PGP/MIME encoded email part, the notmuch attachment viewer seems to do
the right thing and ask you about decrypting the message, but then it
puts the result in some mysterious place, or closes that window
immediately. 

However, there is a set of steps that let you work around this. Its a
pain to do, and I'm not skilled enough in elisp to know how to pull all
of that together into something that fixes the problem.

These are the steps I can go through to read encrypted email:

1. Determine if there is a PGP/MIME part, or if the message is in-line
 encrypted.

 PGP/MIME messages typically have no interesting body, although they
 could, but they do have:

 Attachment: (null) (application/pgp-encrypted)
 Content-type: application/octet-stream
 Non-text part: application/octet-stream

 If you look closer at the mime parts, you see that the above is
 represented as follows:

  mimepart_4b47a295c184f_2474..fdbe903a82212
  Content-Type: application/pgp-encrypted
  Content-Disposition: attachment

  Version: 1

  mimepart_4b47a295c184f_2474..fdbe903a82212
  Content-Type: application/octet-stream; charset=3DUTF-8
  Content-Disposition: inline; filename=3Dmessage.asc

  in-line PGP messages have the encrypted chunk in the body of the message
  itself, which can be seen when you view the message. It always starts
  with this header:

  ----BEGIN PGP MESSAGE-----
  Version: GnuPG v1.4.6 (GNU/Linux)

  and ends with this one:

  ----END PGP MESSAGE-----

  (Obviously the Version line is going to be different, depending on the
  implementation, but I believe it is always there with an ascii armored
  OpenPGP blob)

  2. If it is a PGP/MIME message, then you have to hit 'V' to view the
  raw message, otherwise if it is in-line PGP you would skip this step
  and go to 3.

  3. using emacs selection, select the region that is bounded by the
  header and footer of the PGP ASCII armored blob, as described above.

  4. M-x epa-decrypt-region (i think this only will work in emacs23)

  5. You are asked, "Replace the original text? (y/n)", I think it is
  not worth doing so, but see what you think.

  6. Now the window is split in three: the original raw message from
  notmuch; the result of the pgp verification of the data ("Good
  signature from...") appears in a small window (this is good
  information!); and then the decrypted text.

  7. after reading the message, you have to kill a bunch of buffers, and
  if you want to reply to the message, you have to do some annoying
  return to the original message, after copying the text you wish to
  quote.... 

  So what is the desired behavior? I think that the emacs mode should
  detect pgp messages, in-line or PGP/MIME and when they are viewed
  (notmuch show) they should be decrypted and verified. The decrypted
  text should just replace the encrypted text, and the signature
  verification should also be represented in a useful way (it is very
  important to know if a signed/encrypted message has a bad signature,
  or doesn't verify!), and it should clean-up nicely so you don't have
  to kill a bunch of windows.

  mutt deals with inline pgp by just looking in each message, as it is
  displayed (with a display hook) for the following in the body:

  "^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"'

  for pgp/MIME, mutt enables you to set various pgp customizable commands
  to make things work, however these pieces may be taken care of with
  epa-mode.

Hopefully someone can take this and run with it, improving the emacs UI
so that it is able to handle this automatically!

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20100215/86123005/attachment.pgp>


More information about the notmuch mailing list