COMPREPLY=( $( compgen -W "text json sexp mbox raw" -- "${cur}" ) )
return
;;
- --exclude|--body)
+ --exclude|--body|--decrypt)
COMPREPLY=( $( compgen -W "true false" -- "${cur}" ) )
return
;;
! $split &&
case "${cur}" in
-*)
- local options="--entire-thread= --format= --exclude= --body= --format-version= --part= --verify --decrypt --include-html ${_notmuch_shared_options}"
+ local options="--entire-thread= --format= --exclude= --body= --format-version= --part= --verify --decrypt= --include-html ${_notmuch_shared_options}"
compopt -o nospace
COMPREPLY=( $(compgen -W "$options" -- ${cur}) )
;;
multipart/encrypted part will be replaced by the decrypted
content.
+ If a session key is already known for the message, then it
+ will be decrypted automatically unless the user explicitly
+ sets ``--decrypt=false``.
+
Decryption expects a functioning **gpg-agent(1)** to provide any
needed credentials. Without one, the decryption will fail.
.part = -1,
.omit_excluded = true,
.output_body = true,
- .crypto = { .decrypt = NOTMUCH_DECRYPT_FALSE },
+ .crypto = { .decrypt = NOTMUCH_DECRYPT_AUTO },
};
int format = NOTMUCH_FORMAT_NOT_SPECIFIED;
bool exclude = true;
bool entire_thread_set = false;
bool single_message;
bool decrypt = false;
+ bool decrypt_set = false;
notmuch_opt_desc_t options[] = {
{ .opt_keyword = &format, .name = "format", .keywords =
{ .opt_bool = ¶ms.entire_thread, .name = "entire-thread",
.present = &entire_thread_set },
{ .opt_int = ¶ms.part, .name = "part" },
- { .opt_bool = &decrypt, .name = "decrypt" },
+ { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set },
{ .opt_bool = ¶ms.crypto.verify, .name = "verify" },
{ .opt_bool = ¶ms.output_body, .name = "body" },
{ .opt_bool = ¶ms.include_html, .name = "include-html" },
notmuch_process_shared_options (argv[0]);
- if (decrypt) {
- params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
- /* decryption implies verification */
- params.crypto.verify = true;
+ if (decrypt_set) {
+ if (decrypt) {
+ params.crypto.decrypt = NOTMUCH_DECRYPT_TRUE;
+ /* decryption implies verification */
+ params.crypto.verify = true;
+ } else {
+ params.crypto.decrypt = NOTMUCH_DECRYPT_FALSE;
+ }
}
/* specifying a part implies single message display */
"$output" \
"$expected"
+test_begin_subtest "notmuch show should show cleartext if session key is present"
+output=$(notmuch show id:simple-encrypted@crypto.notmuchmail.org | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }')
+expected='This is a top sekrit message.'
+if [ $NOTMUCH_HAVE_GMIME_SESSION_KEYS -eq 0 ]; then
+ test_subtest_known_broken
+fi
+test_expect_equal \
+ "$output" \
+ "$expected"
+
+test_begin_subtest "notmuch show should show nothing if decryption is explicitly disallowed"
+output=$(notmuch show --decrypt=false id:simple-encrypted@crypto.notmuchmail.org | awk '/^\014part}/{ f=0 }; { if (f) { print $0 } } /^\014part{ ID: 3/{ f=1 }')
+expected='Non-text part: application/octet-stream'
+test_expect_equal \
+ "$output" \
+ "$expected"
+
# TODO: test removal of a message from the message store between
# indexing and reindexing.