- When <a href='../notmuch-show-1/'>notmuch-show</a>(1) or <b>nomtuch-reply</b> encounters a message with an
- encrypted part, if notmuch finds a <b>session-key</b> property associated
- with the message, it will try that stashed session key for decryp‐
- tion.
-
- If you do not want to use any stashed session keys that might be
- present, you should pass those programs <b>--decrypt=false</b>.
-
- Using a stashed session key with "notmuch show" will speed up ren‐
- dering of long encrypted threads. It also allows the user to
- destroy the secret part of any expired encryption-capable subkey
- while still being able to read any retained messages for which they
- have stashed the session key. This enables truly deletable e-mail,
- since (once the session key and asymmetric subkey are both
- destroyed) there are no keys left that can be used to decrypt any
- copy of the original message previously stored by an adversary.
-
- However, access to the stashed session key for an encrypted message
- permits full byte-for-byte reconstruction of the cleartext message.
- This includes attachments, cryptographic signatures, and other mate‐
- rial that cannot be reconstructed from the index alone.
-
- See <b>index.decrypt</b> in <a href='../notmuch-config-1/'>notmuch-config</a>(1) for more details about how to
- set notmuch's policy on when to store session keys.
-
- The session key should be in the ASCII text form produced by GnuPG.
- For OpenPGP, that consists of a decimal representation of the hash
- algorithm used (identified by number from RFC 4880, e.g. 9 means
- AES-256) followed by a colon, followed by a hexadecimal representa‐
- tion of the algorithm-specific key. For example, an AES-128 key
- might be stashed in a notmuch property as: <b>ses-</b>
- <b>sion-key=7:14B16AF65536C28AF209828DFE34C9E0</b>.
+ When <a href='../notmuch-show-1/'>notmuch-show</a>(1) or <a href='../notmuch-reply-1/'>notmuch-reply</a>(1) encounters a message
+ with an encrypted part, if notmuch finds a <b>session-key</b> property
+ associated with the message, it will try that stashed session
+ key for decryption.
+
+ If you do not want to use any stashed session keys that might be
+ present, you should pass those programs <b>--decrypt=false</b>.
+
+ Using a stashed session key with "notmuch show" will speed up
+ rendering of long encrypted threads. It also allows the user to
+ destroy the secret part of any expired encryption-capable subkey
+ while still being able to read any retained messages for which
+ they have stashed the session key. This enables truly deletable
+ e-mail, since (once the session key and asymmetric subkey are
+ both destroyed) there are no keys left that can be used to de‐
+ crypt any copy of the original message previously stored by an
+ adversary.
+
+ However, access to the stashed session key for an encrypted mes‐
+ sage permits full byte-for-byte reconstruction of the cleartext
+ message. This includes attachments, cryptographic signatures,
+ and other material that cannot be reconstructed from the index
+ alone.
+
+ See <b>index.decrypt</b> in <a href='../notmuch-config-1/'>notmuch-config</a>(1) for more details about
+ how to set notmuch's policy on when to store session keys.
+
+ The session key should be in the ASCII text form produced by
+ GnuPG. For OpenPGP, that consists of a decimal representation
+ of the hash algorithm used (identified by number from RFC 4880,
+ e.g. 9 means AES-256) followed by a colon, followed by a hexa‐
+ decimal representation of the algorithm-specific key. For exam‐
+ ple, an AES-128 key might be stashed in a notmuch property as:
+ <b>session-key=7:14B16AF65536C28AF209828DFE34C9E0</b>.