diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2017-12-08 01:23:53 -0500 |
---|---|---|
committer | David Bremner <david@tethera.net> | 2017-12-08 08:07:53 -0400 |
commit | e4890b5bf9e2260b36bcc36ddb77d8e97e2abe7d (patch) | |
tree | 83c71b87a02c656aee698a5e10700a4ff6e12419 /doc/man1 | |
parent | 798aa789b5d117cf11697bc97dd982bd5a2c2ac8 (diff) |
crypto: new decryption policy "auto"
This new automatic decryption policy should make it possible to
decrypt messages that we have stashed session keys for, without
incurring a call to the user's asymmetric keys.
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/notmuch-config.rst | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst index ea3d9754..4835f897 100644 --- a/doc/man1/notmuch-config.rst +++ b/doc/man1/notmuch-config.rst @@ -142,9 +142,14 @@ The available configuration items are described below. **[STORED IN DATABASE]** When indexing an encrypted e-mail message, if this variable is - set to true, notmuch will try to decrypt the message and index - the cleartext. Be aware that the index is likely sufficient - to reconstruct the cleartext of the message itself, so please + set to ``true``, notmuch will try to decrypt the message and + index the cleartext. If ``auto``, it will try to index the + cleartext if a stashed session key is already known for the message, + but will not try to access your secret keys. Use ``false`` to + avoid decrypting even when a session key is already known. + + Be aware that the notmuch index is likely sufficient to + reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE ``index.decrypt=true`` without considering the security of your index. |