revisiting Autocrypt in notmuch, MVP

Subject: revisiting Autocrypt in notmuch, MVP

Date: Wed, 26 Apr 2023 12:10:09 -0600

To: Notmuch list

Cc: dkg@fifthhorseman.net, dme@dme.org

From: Antoine Beaupré

Hi!

I'm giving an OpenPGP training this week, which I haven't done in
ages. A lot has changed since then: keyservers are basically dead (or
have changed significantly), WKD and Autocrypt exist and are supported
out of the box by Thunderbird, which simplifies a lot of things.

While testing out Thunderbird, I realized I wasn't sending out autocrypt
headers. I find those headers really precious, as they allow me to TOFU
users when they send me encrypted email. I have a rough hack to parse
incoming email and manually importing them in my keyring:

https://gitlab.com/anarcat/scripts/-/blob/dd898332c4e6c829fd18455fe3f1bbbee37e9551/autocrypt-key-import

That used to be a complicated Python program, but it turns out that
sequoia directly supports parsing those headers! So it's now this
one-liner:

    sq autocrypt decode | gpg --import

So I have a basic MVP (minimal viable product) for importing keys. But
what about *sending* keys, i.e. embedding keys in outgoing messages?

Well, this (and parsing incoming keys too, obviously) is something that
was discussed before:

https://nmbug.notmuchmail.org/nmweb/show/20210221152132.2302112-1-dme%40dme.org

That discussion somewhat died out as dkg suggested to fix the problem
more broadly, and things stalled there.

And while autocrypt has a nice beautiful and brilliant spec that does
everything, that's not what I'm looking at right now. And I don't think
it's productive to block in this way at this point.

So I made a bespoke implementation that just calls out to sequoia (and
yes, also gpg, hopefully one day the latter can just go away) to insert
autocrypt headers to outgoing mail. Here's the implementation:

https://gitlab.com/anarcat/emacs-d/-/blob/354fabad24100f69310dd16a0d30ac3bd96d7244/notmuch-config.el#L14-31

It's brittle, but it works for my case.

I don't think this is something that can be merged as-is in notmuch. It
depends on gnupg and sequoia, and it's probably incorrect as far as the
Autocrypt spec is concerned (in particular it doesn't use a UID to
fingerprint map), but this all seems like things could be improved.

So that's what I got. I hope that helps! :)

a.

-- 
Celui qui ne connaît pas l'histoire est condamné à la revivre.
                        - Karl Marx
signature.asc (application/pgp-signature)
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Thread: