X-Git-Url: https://git.notmuchmail.org/git?a=blobdiff_plain;f=doc%2Fman1%2Fnotmuch-config.rst;h=3ba849b2e42b972a0dc952596ff17eeb9c7837c2;hb=f3fc97c0008c1d48ccac88c52b5bae61460bfa3f;hp=712945546f3e5c6924fbdfb0ca0ae98c8126ba6c;hpb=6499fce3911df2646db67c0f1ff65672324904f0;p=notmuch diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst index 71294554..3ba849b2 100644 --- a/doc/man1/notmuch-config.rst +++ b/doc/man1/notmuch-config.rst @@ -15,7 +15,11 @@ DESCRIPTION =========== The **config** command can be used to get or set settings in the notmuch -configuration file. +configuration file and corresponding database. + +Items marked **[STORED IN DATABASE]** are only in the database. They +should not be placed in the configuration file, and should be accessed +programmatically as described in the SYNOPSIS above. **get** The value of the specified configuration item is printed to @@ -134,6 +138,63 @@ The available configuration items are described below. Default: ``gpg``. + **index.decrypt** + + **[STORED IN DATABASE]** + + Policy for decrypting encrypted messages during indexing. + Must be one of: ``false``, ``auto``, ``nostash``, or + ``true``. + + When indexing an encrypted e-mail message, if this variable is + set to ``true``, notmuch will try to decrypt the message and + index the cleartext, stashing a copy of any discovered session + keys for the message. If ``auto``, it will try to index the + cleartext if a stashed session key is already known for the message + (e.g. from a previous copy), but will not try to access your + secret keys. Use ``false`` to avoid decrypting even when a + stashed session key is already present. + + ``nostash`` is the same as ``true`` except that it will not + stash newly-discovered session keys in the database. + + From the command line (i.e. during **notmuch-new(1)**, + **notmuch-insert(1)**, or **notmuch-reindex(1)**), the user + can override the database's stored decryption policy with the + ``--decrypt=`` option. + + Here is a table that summarizes the functionality of each of + these policies: + + +------------------------+-------+------+---------+------+ + | | false | auto | nostash | true | + +========================+=======+======+=========+======+ + | Index cleartext using | | X | X | X | + | stashed session keys | | | | | + +------------------------+-------+------+---------+------+ + | Index cleartext | | | X | X | + | using secret keys | | | | | + +------------------------+-------+------+---------+------+ + | Stash session keys | | | | X | + +------------------------+-------+------+---------+------+ + | Delete stashed session | X | | | | + | keys on reindex | | | | | + +------------------------+-------+------+---------+------+ + + Stashed session keys are kept in the database as properties + associated with the message. See ``session-key`` in + **notmuch-properties(7)** for more details about how they can + be useful. + + Be aware that the notmuch index is likely sufficient (and a + stashed session key is certainly sufficient) to reconstruct + the cleartext of the message itself, so please ensure that the + notmuch message index is adequately protected. DO NOT USE + ``index.decrypt=true`` or ``index.decrypt=nostash`` without + considering the security of your index. + + Default: ``auto``. + **built_with.** Compile time feature . Current possibilities include @@ -142,6 +203,7 @@ The available configuration items are described below. **query.** + **[STORED IN DATABASE]** Expansion for named query called . See **notmuch-search-terms(7)** for more information about named queries. @@ -169,5 +231,6 @@ SEE ALSO **notmuch-restore(1)**, **notmuch-search(1)**, **notmuch-search-terms(7)**, +**notmuch-properties(7)**, **notmuch-show(1)**, **notmuch-tag(1)**