Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > + Be aware that the index is likely sufficient to reconstruct > + the cleartext of the message itself, so please ensure that the > + notmuch message index is adequately protected. DO NOT USE > + ``--try-decrypt=true`` without considering the security of > + your index. > This is probably just my ignorance, but doesn't stashing session keys change this from likely to certain? Is it possible we decrypt thing and don't get session keys. > +test_begin_subtest "show the message body of the encrypted message" > +notmuch dump wumpus > +output=$(notmuch show wumpus | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }') > +expected='This is a test encrypted message with a wumpus.' > +test_expect_equal \ > + "$output" \ > + "$expected" I'd be happier if we didn't further entrench the text format in the test suite. How hard would it be to use json output (+maybe python?) here? > *attempted = true; > #if (GMIME_MAJOR_VERSION < 3) > +#if (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21) > + gboolean oldgetsk = g_mime_crypto_context_get_retrieve_session_key (crypto_ctx); > + gboolean newgetsk = (decrypt_result); > + if (newgetsk != oldgetsk) > + /* This could return an error, but we can't do anything about it, so ignore it */ > + g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, newgetsk, NULL); > +#endif > ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx, > decrypt_result, err); > +#if (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21) > + if (newgetsk != oldgetsk) > + g_mime_crypto_context_set_retrieve_session_key (crypto_ctx, oldgetsk, NULL); I lost track a bit, but now there's at least 2 (maybe 3) repetitions of this somewhat complicated test, and one more needed for built_with.session_keys. HAVE_GMIME_SESSION_KEYS is looking better and better. _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch