crypto: add --decrypt=nostash to avoid stashing session keys

Here's the configuration choice for people who want a cleartext index, but don't want stashed session keys. Interestingly, this "nostash" decryption policy is actually the same policy that should be used by "notmuch show" and "notmuch reply", since they never modify the index or database when they are invoked with --decrypt. We take advantage of this parallel to tune the behavior of those programs so that we're not requesting session keys from GnuPG during "show" and "reply" that we would then otherwise just throw away.
author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2017-12-08 01:24:02 -0500
committer: David Bremner <david@tethera.net> 2017-12-08 08:08:47 -0400
commit: fccebbaeef1e4b6489425afb13f419543d53d285 (patch)
tree: ca92f729931994c2fd6f290c25092b35618cd9c9 /notmuch-show.c
parent: 29648a137c5807135ab168917b4a51d5e19e51c2 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/notmuch-show.c b/notmuch-show.c
index c8f5a48f..4e22424b 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -1121,7 +1121,8 @@ notmuch_show_command (notmuch_config_t *config, int argc, char *argv[])
 
     if (decrypt_set) {
 	if (decrypt) {
-	    params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
+	    /* we do not need or want to ask for session keys */
+	    params.crypto.decrypt = NOTMUCH_DECRYPT_NOSTASH;
 	    /* decryption implies verification */
 	    params.crypto.verify = true;
 	} else {
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2017-12-08 01:24:02 -0500
committer	David Bremner <david@tethera.net>	2017-12-08 08:08:47 -0400
commit	fccebbaeef1e4b6489425afb13f419543d53d285 (patch)
tree	ca92f729931994c2fd6f290c25092b35618cd9c9 /notmuch-show.c
parent	29648a137c5807135ab168917b4a51d5e19e51c2 (diff)