Allow indexing cleartext of encrypted messages (v3)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jan 31 12:39:45 PST 2016


This is the third draft of the series initially announced in
id:1449718786-28000-1-git-send-email-dkg at fifthhorseman.net (second
draft was in
id:1453258369-7366-1-git-send-email-dkg at fifthhorseman.net).  It
differs from v2 in that it incorporates the recent improvements in
detecting and processing S/MIME signatures.

>From the v2 description:

> Notmuch currently doesn't index the cleartext of encrypted mail.  This
> is the right choice by default, because the index is basically
> cleartext-equivalent, and we wouldn't want every indexed mailstore to
> leak the contents of its encrypted mails.
> 
> However, if a notmuch user has their index in a protected location,
> they may prefer the convenience of being able to search the contents
> of (at least some of) their encrypted mail.
> 
> This series of patches enables notmuch to index the cleartext of
> specific encrypted messages when they're being added via "notmuch new"
> or "notmuch insert", via a new --try-decrypt flag.
> 
> If --try-decrypt is used, and decryption is successful for part of a
> message, the message gets an additional "index-decrypted" tag.  If
> decryption of part of a message fails, the message gets an additional
> "index-decryption-failed" tag.

v2 addresses the concerns raised from the helpful feedback on the
previous series, and adds a notmuch_indexopts_t object that can be
used to declare options for indexing messages, including a
"try_decrypt" boolean.

Additionally, this series adds a new function to libnotmuch:

  notmuch_message_reindex (notmuch_message_t *message,
                           notmuch_indexopts_t *indexopts)

Which allows user of the library to adjust the indexing options of a
given message.

The CLI is additionally augmented with a new notmuch subcommand,
"notmuch reindex", which also has a --try-decrypt flag.

So a user who has their message index stored securely and wants to
index the cleartext of all encrypted messages they've received can do
something like:

  notmuch reindex --try-decrypt tag:encrypted and not tag:index-decrypted

Or can clear all indexed cleartext from their database with:

  notmuch reindex tag:encrypted and tag:index-decrypted




More information about the notmuch mailing list