new "crypto" branch providing full PGP/MIME support
micah anderson
micah at riseup.net
Thu Feb 3 08:25:06 PST 2011
On Wed, 02 Feb 2011 17:18:45 -0800, Jameson Rollins <jrollins at finestructure.net> wrote:
> Hi, all. I have pushed a new branch called "crypto" to my notmuch
> repository [0]. This branch provides full support for PGP/MIME signed
> and encrypted messages, including emacs UI support. It has been applied
> on top of cworth's current master (21e97c50). It includes the
> following:
>
> * David Edmondson's improved multipart handling patch series (cherry-picked)
> * Daniel Gillmor's PGP/MIME signature verification patch series (cherry-picked)
> * my PGP/MIME decryption+verification patch series
> * a test suite for signature verification and decryption
> * emacs support for the above
Don't forget that you also included man page changes!
> Please test and provide feedback. I would really like to see this
> series merged into the mainline for the next release, if at all
> possible.
I've really really really wanted this functionality, so I pulled this
right away and have been testing it, its really slick! I like how the
emacs UI gives you good visual feedback for different signature states
(I had red for a signature from Sebastian Spaeth because I did not have
the key; orange for when I obtained that key; and green for Jameson and
dkg's mails because I have exchanged keys with them and have full
validity for them; and purple for a decryption error). The minor delay
in opening a thread with signatures is not bad, and is to be expected.
And messages that are PGP/MIME encrypted are decrypted automatically,
wow, this is amazing. I enthusiastically support merging this into
mainline for the next release.
I have a couple points of feedback that I do not think should hold up
merging this work:
1. I personally think notmuch-show-process-pgpmime should default to
true
2. in-line pgp messages don't have any processing done on them. getting
the mime-encoded processing work is a huge step and I'm happy that
works, in-line can (and IMHO, should) come later
3. i'm not sure expired/revoked keys are handled properly - tested on a
message that was encrypted by a key that was revoked and got "End of
file during parsing"
4. messages that I sent encrypted to someone are not also encrypted to
myself, which means that a thread which contains my replies isn't able
to decrypt my messages in that thread and results in a purple
'decryption error'. Perhaps this is an emacs UI tweak that needs to be
made to get messages also encrypted to my own key?
5. unknown keys are represented in a long format,
eg. '0x5585F58CC827A062' when most tools represent them just with their
shortened keyid (in this case this one would be: 0xC827A062), is there a
particular reason for this? I recognize some people's keyids in the
short form, but do not in the longform.
6. this is awesome, huge thanks to everyone who has worked on this!
micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20110203/e0066155/attachment.pgp>
More information about the notmuch
mailing list