Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[misc] [documentation] Document how mu works with encrypted mail. #2660

Closed
shamefulCake1 opened this issue Mar 7, 2024 · 2 comments
Closed

[misc] [documentation] Document how mu works with encrypted mail. #2660

shamefulCake1 opened this issue Mar 7, 2024 · 2 comments
Labels
new

Comments

@shamefulCake1
Copy link

Describe the issue

Please, consider adding a few words on how mu (not mu4e) works with encrypted mail into the manual.

I presume it uses gnupg to decrypt both s/mime and openpgp sidned messages when explcitly choosing to view them, but it is interesting to know how it works when indexing.

Does it only index the subject/header?

If it does query gnupg on decrypting, and indexes encrypted content too, it sort of becomes a semi-copy of the cleartext, which is presumably unsafe if your laptop is stolen.

Or maybe the index itself should be encrypted?

Or maybe it is worth adding a "fake" maildir with cleartexts for indexing? And make sure that it is not synchronized with the imap server?
@shamefulCake1
Copy link
Author

shamefulCake1 commented Mar 7, 2024
edited
Loading

If anybody finds issue, this is my results:

To make the view mode verify signatures:

  (setf mm-verify-option 'always)
  (cl-pushnew "multipart/signed" gnus-buttonized-mime-types)

This won't download the keys automatically, but, I guess, downloading automatically can be set in gpg.conf.

To manually download keys:

(defun mu4e-view-snarf-pgp-key (&optional msg)
  "Snarf the pgp key for the specified message."
  (interactive)
  (let* ((msg (or msg (mu4e-message-at-point)))
          (path (mu4e-message-field msg :path))
          (cmd (format "%s verify --verbose %s"
                 mu4e-mu-binary
                 (shell-quote-argument path)))
          (output (shell-command-to-string cmd)))
    (message "mu4e-view-snarf-pgp-key" ":msg=" msg ":path=" path ":cmd=" cmd ":output=" output)
    (let ((case-fold-search nil)
          (index 0))
      (while (string-match "finger-print[[:space:]]*: \\([A-F0-9]+\\)" output index)
        (let* ((cmd (format "%s --recv %s"
                            epg-gpg-program (match-string 1 output)))
               (output (shell-command-to-string cmd)))
          (setf index (match-end 0))
          (message output))))))

will download all keys without asking, but will not automatically trust them.

To automatically sign messages on sending:

:hook
  (mu4e-compose-mode . (lambda () (mml-secure-sign)))

The function from the manual mml-secure-message-sign-pgp for some reason does no work for me.

@djcb
Copy link
Owner

djcb commented Mar 7, 2024

I've added a note to the mu index manpage. mu index does not decrypt, and only the metadata (various headers etc.) make it to the database.

@djcb djcb closed this as completed in 0b68afe Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djcb @shamefulCake1