* Daniel Kahn Gillmor: > Have you considered running gpg-agent in a dedicated terminal window, > and handling the gpg-agent prompts from that window? I tried that by setting GPG_TTY to a fixed terminal, but while this seemed to work on the first call, the second time I was prompted for a password it was echoed, in cleartext, to the terminal. Is there a better method to achieve what you proposed? > To be clear about your threat model here: [...] Barring break-ins, nobody but me is logging in on that particular server, so intercepting gpg-agent would be difficult. Access to the Notmuch index would not be any easier, unless somebody physically removed the hard drives. The lock/unlock operations to seems interesting, and, if it was based on strong encryption, I would feel more comfortable. Are you thinking of protecting just the index or the whole Maildir store? The latter would not work for me, because Dovecot needs to access the data, and if only the index is protected, I'd still need to decrypt messages within Emacs. Currently, decryption happens in whatever MUA I am using at that time, i.e. mostly Notmuch/Emacs and alternatively Thunderbird/Enigmail. -Ralph _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch