From: Daniel Kahn Gillmor Date: Fri, 8 Dec 2017 06:23:57 +0000 (-0500) Subject: cli/new, insert, reindex: update documentation for --decrypt=auto X-Git-Tag: 0.26_rc0~41 X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=commitdiff_plain;h=181d4091c408b8ca014ec245ecdae602942b70ce cli/new, insert, reindex: update documentation for --decrypt=auto we also include --decrypt=auto in the tab completion. --- diff --git a/completion/notmuch-completion.bash b/completion/notmuch-completion.bash index f94dbeed..272131e6 100644 --- a/completion/notmuch-completion.bash +++ b/completion/notmuch-completion.bash @@ -288,7 +288,7 @@ _notmuch_insert() return ;; --decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -320,7 +320,7 @@ _notmuch_new() $split && case "${prev}" in --decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac @@ -442,7 +442,7 @@ _notmuch_reindex() $split && case "${prev}" in --decrypt) - COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) ) + COMPREPLY=( $( compgen -W "true false auto" -- "${cur}" ) ) return ;; esac diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst index eb9ff11b..b22be863 100644 --- a/doc/man1/notmuch-insert.rst +++ b/doc/man1/notmuch-insert.rst @@ -51,14 +51,18 @@ Supported options for **insert** include ``--no-hooks`` Prevent hooks from being run. - ``--decrypt=(true|false)`` + ``--decrypt=(true|auto|false)`` - If true and the message is encrypted, try to decrypt the - message while indexing. If decryption is successful, index + If ``true`` and the message is encrypted, try to decrypt the + message while indexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index the cleartext itself. Either way, the message is always - stored to disk in its original form (ciphertext). Be aware - that the index is likely sufficient to reconstruct the - cleartext of the message itself, so please ensure that the + stored to disk in its original form (ciphertext). + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--decrypt=true`` without considering the security of your index. diff --git a/doc/man1/notmuch-new.rst b/doc/man1/notmuch-new.rst index 1df86f06..71df31d7 100644 --- a/doc/man1/notmuch-new.rst +++ b/doc/man1/notmuch-new.rst @@ -43,11 +43,15 @@ Supported options for **new** include ``--quiet`` Do not print progress or results. - ``--decrypt=(true|false)`` + ``--decrypt=(true|auto|false)`` - If true, when encountering an encrypted message, try to + If ``true``, when encountering an encrypted message, try to decrypt it while indexing. If decryption is successful, index - the cleartext itself. Be aware that the index is likely + the cleartext itself. If ``auto``, try to use any session key + already known to belong to this message, but do not attempt to + use the user's secret keys. + + Be aware that the index is likely sufficient to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``--decrypt=true`` without diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst index 782b0d7b..d87e9d85 100644 --- a/doc/man1/notmuch-reindex.rst +++ b/doc/man1/notmuch-reindex.rst @@ -21,15 +21,20 @@ messages using the supplied options. Supported options for **reindex** include - ``--decrypt=(true|false)`` - - If true, when encountering an encrypted message, try to - decrypt it while reindexing. If decryption is successful, - index the cleartext itself. Be aware that the index is likely - sufficient to reconstruct the cleartext of the message itself, - so please ensure that the notmuch message index is adequately - protected. DO NOT USE ``--decrypt=true`` without - considering the security of your index. + ``--decrypt=(true|auto|false)`` + + If ``true``, when encountering an encrypted message, try to + decrypt it while reindexing. If ``auto``, and notmuch already + knows about a session key for the message, it will try + decrypting using that session key but will not try to access + the user's secret keys. If decryption is successful, index + the cleartext itself. + + Be aware that the index is likely sufficient to reconstruct + the cleartext of the message itself, so please ensure that the + notmuch message index is adequately protected. DO NOT USE + ``--decrypt=true`` without considering the security of your + index. See also ``index.decrypt`` in **notmuch-config(1)**.