crypto: actually stash session keys when decrypt=true

[notmuch] / doc / man1 / notmuch-reindex.rst

diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 782b0d7be3dbb33b88fc01d7e78d48e35be4b6a9..477908713e89885f509c6ece7ec0ae15d5438cd5 100644 (file)
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -21,15 +21,23 @@ messages using the supplied options.
 
 Supported options for **reindex** include
 
-    ``--decrypt=(true|false)``
-
-        If true, when encountering an encrypted message, try to
-        decrypt it while reindexing.  If decryption is successful,
-        index the cleartext itself.  Be aware that the index is likely
-        sufficient to reconstruct the cleartext of the message itself,
-        so please ensure that the notmuch message index is adequately
-        protected. DO NOT USE ``--decrypt=true`` without
-        considering the security of your index.
+    ``--decrypt=(true|auto|false)``
+
+        If ``true``, when encountering an encrypted message, try to
+        decrypt it while reindexing, storing any session keys
+        discovered.  If ``auto``, and notmuch already knows about a
+        session key for the message, it will try decrypting using that
+        session key but will not try to access the user's secret keys.
+        If decryption is successful, index the cleartext itself.
+
+        If ``false``, notmuch reindex will also delete any stashed
+        session keys for all messages matching the search terms.
+
+        Be aware that the index is likely sufficient to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected. DO NOT USE
+        ``--decrypt=true`` without considering the security of your
+        index.
 
         See also ``index.decrypt`` in **notmuch-config(1)**.