aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2017-12-08 01:24:01 -0500
committerDavid Bremner <david@tethera.net>2017-12-08 08:08:47 -0400
commit29648a137c5807135ab168917b4a51d5e19e51c2 (patch)
treeea06354db54289171b1cc46fba3f7314f515516b /test
parent6a9626a2fdddf6115bcf97982fd10053bf48e942 (diff)
crypto: actually stash session keys when decrypt=true
If you're going to store the cleartext index of an encrypted message, in most situations you might just as well store the session key. Doing this storage has efficiency and recoverability advantages. Combined with a schedule of regular OpenPGP subkey rotation and destruction, this can also offer security benefits, like "deletable e-mail", which is the store-and-forward analog to "forward secrecy". But wait, i hear you saying, i have a special need to store cleartext indexes but it's really bad for me to store session keys! Maybe (let's imagine) i get lots of e-mails with incriminating photos attached, and i want to be able to search for them by the text in the e-mail, but i don't want someone with access to the index to be actually able to see the photos themselves. Fret not, the next patch in this series will support your wacky uncommon use case.
Diffstat (limited to 'test')
-rwxr-xr-xtest/T357-index-decryption.sh24
1 files changed, 23 insertions, 1 deletions
diff --git a/test/T357-index-decryption.sh b/test/T357-index-decryption.sh
index 9f46a01b..fcecb1d9 100755
--- a/test/T357-index-decryption.sh
+++ b/test/T357-index-decryption.sh
@@ -48,6 +48,17 @@ test_expect_equal \
"$output" \
"$expected"
+test_begin_subtest "show the message body of the encrypted message"
+notmuch dump wumpus
+output=$(notmuch show wumpus | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }')
+expected='This is a test encrypted message with a wumpus.'
+if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
+ test_subtest_known_broken
+fi
+test_expect_equal \
+ "$output" \
+ "$expected"
+
test_begin_subtest "message should go away after deletion"
# cache the message in an env var and remove it:
@@ -129,10 +140,21 @@ test_expect_equal \
"$output" \
"$expected"
+# try a simple reindex
+test_begin_subtest 'reindex in auto mode'
+test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
+test_begin_subtest "reindexed encrypted messages, should not have changed"
+output=$(notmuch search wumpus)
+if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
+ test_subtest_known_broken
+fi
+test_expect_equal \
+ "$output" \
+ "$expected"
# try to remove cleartext indexing
test_begin_subtest 'reindex without cleartext'
-test_expect_success 'notmuch reindex tag:encrypted and property:index.decryption=success'
+test_expect_success 'notmuch reindex --decrypt=false tag:encrypted and property:index.decryption=success'
test_begin_subtest "reindexed encrypted messages, without cleartext"
output=$(notmuch search wumpus)
expected=''