we also include --try-decrypt=auto in the tab completion. --- completion/notmuch-completion.bash | 6 +++--- doc/man1/notmuch-insert.rst | 16 ++++++++++------ doc/man1/notmuch-new.rst | 10 +++++++--- doc/man1/notmuch-reindex.rst | 23 ++++++++++++++--------- 4 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index 2703d542..53d7380b 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -288,7 +288,7 @@ _notmuch_insert() return ;; --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -320,7 +320,7 @@ _notmuch_new() $split && case "${prev}" in --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -442,7 +442,7 @@ _notmuch_reindex() $split && case "${prev}" in --try-decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst index e2bf37d0..a5505b5b 100644 --- a/doc/man1/notmuch-insert.rst +++ b/doc/man1/notmuch-insert.rst @@ -50,14 +50,18 @@ Supported options for **insert** include ``--no-hooks`` Prevent hooks from being run. - ``--try-decrypt=(true|false)`` + ``--try-decrypt=(true|auto|false)`` - If true and the message is encrypted, try to decrypt the - message while indexing. If decryption is successful, index + If ``true`` and the message is encrypted, try to decrypt the + message while indexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index the cleartext itself. Either way, the message is always - stored to disk in its original form (ciphertext). Be aware - that the index is likely sufficient to reconstruct the - cleartext of the message itself, so please ensure that the + stored to disk in its original form (ciphertext). + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--try-decrypt=true`` without considering the security of your index. diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst index bc26aa48..d8cb77f5 100644 --- a/doc/man1/notmuch-new.rst +++ b/doc/man1/notmuch-new.rst @@ -43,11 +43,15 @@ Supported options for **new** include ``--quiet`` Do not print progress or results. - ``--try-decrypt=(true|false)`` + ``--try-decrypt=(true|auto|false)`` - If true, when encountering an encrypted message, try to + If ``true``, when encountering an encrypted message, try to decrypt it while indexing. If decryption is successful, index - the cleartext itself. Be aware that the index is likely + the cleartext itself. If ``auto``, try to use any session key + already known to belong to this message, but do not attempt to + use the user's secret keys. + + Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--try-decrypt=true`` without diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst index 21f6c7a9..b15981a2 100644 --- a/doc/man1/notmuch-reindex.rst +++ b/doc/man1/notmuch-reindex.rst @@ -21,15 +21,20 @@ messages using the supplied options. Supported options for **reindex** include - ``--try-decrypt=(true|false)`` - - If true, when encountering an encrypted message, try to - decrypt it while reindexing. If decryption is successful, - index the cleartext itself. Be aware that the index is likely - sufficient to reconstruct the cleartext of the message itself, - so please ensure that the notmuch message index is adequately - protected. DO NOT USE ``--try-decrypt=true`` without - considering the security of your index. + ``--try-decrypt=(true|auto|false)`` + + If ``true``, when encountering an encrypted message, try to + decrypt it while reindexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index + the cleartext itself. + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the + notmuch message index is adequately protected. DO NOT USE + ``--try-decrypt=true`` without considering the security of + your index. See also ``index.try_decrypt`` in **notmuch-config(1)**. -- 2.14.2 _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch