X-Git-Url: https://git.notmuchmail.org/git?a=blobdiff_plain;ds=sidebyside;f=doc%2Fman1%2Fnotmuch-config.rst;h=3ba849b2e42b972a0dc952596ff17eeb9c7837c2;hb=89f651a40374d07750528f45d555ce821c049c80;hp=6961737f3d220b2b6478780acfd4bfe5c65db7c0;hpb=7ac96b149f5a0e5c03b64856d7c20789dab3c628;p=notmuch diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst index 6961737f..3ba849b2 100644 --- a/doc/man1/notmuch-config.rst +++ b/doc/man1/notmuch-config.rst @@ -138,18 +138,62 @@ The available configuration items are described below. Default: ``gpg``. - **index.try_decrypt** + **index.decrypt** **[STORED IN DATABASE]** - When indexing an encrypted e-mail message, if this variable is - set to true, notmuch will try to decrypt the message and index - the cleartext. Be aware that the index is likely sufficient - to reconstruct the cleartext of the message itself, so please - ensure that the notmuch message index is adequately protected. - DO NOT USE ``index.try_decrypt=true`` without considering the - security of your index. - Default: ``false``. + Policy for decrypting encrypted messages during indexing. + Must be one of: ``false``, ``auto``, ``nostash``, or + ``true``. + + When indexing an encrypted e-mail message, if this variable is + set to ``true``, notmuch will try to decrypt the message and + index the cleartext, stashing a copy of any discovered session + keys for the message. If ``auto``, it will try to index the + cleartext if a stashed session key is already known for the message + (e.g. from a previous copy), but will not try to access your + secret keys. Use ``false`` to avoid decrypting even when a + stashed session key is already present. + + ``nostash`` is the same as ``true`` except that it will not + stash newly-discovered session keys in the database. + + From the command line (i.e. during **notmuch-new(1)**, + **notmuch-insert(1)**, or **notmuch-reindex(1)**), the user + can override the database's stored decryption policy with the + ``--decrypt=`` option. + + Here is a table that summarizes the functionality of each of + these policies: + + +------------------------+-------+------+---------+------+ + | | false | auto | nostash | true | + +========================+=======+======+=========+======+ + | Index cleartext using | | X | X | X | + | stashed session keys | | | | | + +------------------------+-------+------+---------+------+ + | Index cleartext | | | X | X | + | using secret keys | | | | | + +------------------------+-------+------+---------+------+ + | Stash session keys | | | | X | + +------------------------+-------+------+---------+------+ + | Delete stashed session | X | | | | + | keys on reindex | | | | | + +------------------------+-------+------+---------+------+ + + Stashed session keys are kept in the database as properties + associated with the message. See ``session-key`` in + **notmuch-properties(7)** for more details about how they can + be useful. + + Be aware that the notmuch index is likely sufficient (and a + stashed session key is certainly sufficient) to reconstruct + the cleartext of the message itself, so please ensure that the + notmuch message index is adequately protected. DO NOT USE + ``index.decrypt=true`` or ``index.decrypt=nostash`` without + considering the security of your index. + + Default: ``auto``. **built_with.** @@ -187,5 +231,6 @@ SEE ALSO **notmuch-restore(1)**, **notmuch-search(1)**, **notmuch-search-terms(7)**, +**notmuch-properties(7)**, **notmuch-show(1)**, **notmuch-tag(1)**