[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

Jameson Graef Rollins jrollins at finestructure.net
Tue Jun 19 08:18:20 PDT 2018

Introduce notmuch-crypto-store-session-keys customization variable to
control stashing of session keys.  If non-nil any session keys
recovered during decryption will be stored in the database.

This is just a switch to have --decrypt= use "stash" instead of
 emacs/notmuch-crypto.el | 15 +++++++++++++++
 emacs/notmuch-query.el  |  4 +++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el
index fc2b5301..26ce19b4 100644
--- a/emacs/notmuch-crypto.el
+++ b/emacs/notmuch-crypto.el
@@ -43,6 +43,21 @@ mode."
   :package-version '(notmuch . "0.25")
   :group 'notmuch-crypto)
+(defcustom notmuch-show-stash-session-keys nil
+  "Should session keys be stashed when decrypting messages for display?
+If this variable is non-nil session keys recovered while
+decrypting messages for display will be stored in the database.
+See description of --decrypt option in notmuch-show(1) for more
+NOTE: Stashing encryption session keys requires opening the
+notmuch database in read/write mode, which is not normally done
+when retrieving messages for display."
+  :type 'boolean
+  :package-version '(notmuch . "0.28")
+  :group 'notmuch-crypto)
 (defface notmuch-crypto-part-header
   '((((class color)
       (background dark))
diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el
index 563e4acf..e53c9489 100644
--- a/emacs/notmuch-query.el
+++ b/emacs/notmuch-query.el
@@ -32,7 +32,9 @@ is a possibly empty forest of replies.
   (let ((args '("show" "--format=sexp" "--format-version=4")))
     (if notmuch-show-process-crypto
-	(setq args (append args '("--decrypt=true"))))
+        (if notmuch-show-stash-session-keys
+            (setq args (append args '("--decrypt=stash")))
+          (setq args (append args '("--decrypt=true")))))
     (setq args (append args search-terms))
     (apply #'notmuch-call-notmuch-sexp args)))

More information about the notmuch mailing list