allow indexing cleartext of encrypted messages

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Dec 11 07:34:25 PST 2015


On Wed 2015-12-09 22:39:37 -0500, Daniel Kahn Gillmor wrote:
>  * the libnotmuch API is extended with
>    notmuch_database_add_message_try_decrypt().  This should probably
>    ultimately be more general, because there are a few additional
>    knobs that i can imagine fiddling at indexing time.  For example:
>
>     * verifying cryptographic signatures and storing something about
>       those verifications in the notmuch db
>      
>     * extracting OpenPGP session key information for a given message
>       and storing it in a lookaside table in the notmuch db, so that
>       it's possible to securely destroy old encryption-capable keys
>       and still have local access to the cleartext of the remaining
>       messages.
>
>    Some of these additional features might be orthogonal to one
>    another as well.  I welcome suggestions for how to improve the API
>    so that we don't end up with a combinatorial explosion of
>    n_d_add_message_foo() functions.

I have a proposal for how to do this better:

I'll introduce a notmuch_index_options_t, with the usual constructors
and destructors and a couple functions:

  notmuch_index_options_set_try_decrypt()
  notmuch_index_options_get_try_decrypt()
  notmuch_index_options_set_gpg_path()
  notmuch_index_options_get_gpg_path()

Then i'll add:

  notmuch_database_add_message_with_options(db, fname, options, &message)

If we add new indexing features, they can be set directly in the
index_options object (including features that might be more complex than
a string or a bool, like a chain of command-line filters).

a few nice features of this approach:

 * The user of the library can craft a set of index options and repeat
   it easily, and the options can contain cached/lazily-initialized
   things (like GMimeCryptoContexts) if needed.

 * The user can index different messages with different options if they
   prefer (no need to set the options on the database object itself)

 * the capability of the indexing features in the library is visible
   directly in the exposed API.

any thoughts on this?

    --dkg


More information about the notmuch mailing list