[PATCH] emacs: add check for encryption before saving.
David Bremner
david at tethera.net
Fri Nov 4 18:29:02 PDT 2016
This is intended to decrease the chance of people ending up with a bunch
of plaintext drafts of encrypted messages without knowing it.
The check is intentionally overcautious; I think the false positive of
misplaced #secure tag is probably OK here.
---
This is somewhat RFC. The regex needs to be double checked, and the
variable name is not ideal. However it does solve reduce a worry I
have about this code saving drafts of sensitive messages in plaintext
that are effectively invisible because they are tagged deleted.
emacs/notmuch-message.el | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/emacs/notmuch-message.el b/emacs/notmuch-message.el
index a503296..a2b079d 100644
--- a/emacs/notmuch-message.el
+++ b/emacs/notmuch-message.el
@@ -80,6 +80,12 @@ postponing and resuming a message."
:type '(repeat string)
:group 'notmuch-send)
+(defcustom notmuch-message-warn-encryption t
+ "Warn if the user postpones or saves a message with an mml encryption tag in it"
+ :type 'boolean
+ :group 'notmuch-send
+ :group 'notmuch-crypto)
+
(defvar notmuch-message-draft-id nil
"Message-id of the most recent saved draft of this message")
(make-variable-buffer-local 'notmuch-message-draft-id)
@@ -140,6 +146,22 @@ Used when a new version is saved, or the message is sent."
(when secure-tag
(insert secure-tag "\n")))))
+(defun notmuch-message-check-encryption ()
+ "Query user if there an mml tag that looks like it might indicate encryption.
+
+Returns t if there is no such tag, or the user confirms they mean
+it."
+ (save-excursion
+ (message-goto-body)
+ (or
+ ;; We fine if there is no secure tag, and no #part encryption
+ (not (re-search-forward "<#\\(part encrypt\\|secure.*mode=.*encrypt>\\)" nil 't))
+ ;; The user confirms they means it.
+ (yes-or-no-p "\
+This message contains mml tags that suggest it is intended to be encrypted.
+Really save and index an unencrypted copy?
+(Customize `notmuch-message-warn-encrypted' to avoid this warning)"))))
+
(defun notmuch-message-save-draft ()
"Save the current draft message in the notmuch database.
@@ -147,6 +169,9 @@ This saves the current message in the database with tags
`notmuch-message-draft-tags` (in addition to any default tags
applied to newly inserted messages)."
(interactive)
+ (when (and notmuch-message-warn-encryption
+ (not (notmuch-message-check-encryption))
+ (error "Save aborted")))
(let (;; We need the message id as we need it for tagging. Note
;; message-make-message-id gives the id inside a "<" ">" pair,
;; but notmuch doesn't want that form, so remove them.
--
2.10.1
More information about the notmuch
mailing list