Rainer Gemulla <rgemulla@gmx.de> writes: > Hi all, > > when a message contains an text/plain part that is signed via inline pgp and shown in notmuch-show-mode, verification of that part's signature via epa-mail-verify or epa-verify-region fails. > > The reason is that the hooks in notmuch-show-insert-text/plain-hook modify the text (and thus the signature becomes invalid). Calling notmuch-show-pipe-part with "gpg --verify" works as expected and verifies the correctness of the signature. > > Not sure what to do about this, but I find the current behavior confusing. The notmuch emacstips documentation also (implicitly) states that verification of inline pgp can be done via the epa-* functions. > That documentation is wiki. That means both that you should take it with a grain of salt, and that we welcome updates to it https://notmuchmail.org/wikiwriteaccess/ > One option may be to document this behavior. Another one to add a > function like notmuch-crypto-verify-part (which is what I currently > do). I suppose that you could also customize notmuch-show-insert-text/plain-hook > And/or one may be verify each inline pgp signature part by > default (when crypto processing is enabled) and add a "crypto button". As far as documentation in the wiki there is a FAQ about (non) support for inline PGP. I think dkg (in copy) was working on decryption of inline PGP, but explicitely not on verifying signatures. You can read a summary of his issues with inline PGP signatures at https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/ _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch