+/* The user probably wants to know if the entire message was in the
+ * clear. When replying, the MUA probably wants to know whether there
+ * was any part decrypted in the message. And when displaying to the
+ * user, we probably only want to display "encrypted message" if the
+ * entire message was covered by encryption. */
+typedef enum {
+ NOTMUCH_MESSAGE_DECRYPTED_NONE = 0,
+ NOTMUCH_MESSAGE_DECRYPTED_PARTIAL,
+ NOTMUCH_MESSAGE_DECRYPTED_FULL,
+} _notmuch_message_decryption_status_t;
+
+/* description of the cryptographic state of a given message overall;
+ * for use by simple user agents.
+ */
+typedef struct _notmuch_message_crypto {
+ /* encryption status: partial, full, none */
+ _notmuch_message_decryption_status_t decryption_status;
+ /* FIXME: can we show what key(s) a fully-encrypted message was
+ * encrypted to? This data is not necessarily cryptographically
+ * reliable; even when we decrypt, we might not know which public
+ * key was used (e.g. if we're using a session key). */
+
+ /* signature status of the whole message (either the whole message
+ * is signed, or it is not) -- this means that partially-signed
+ * messages will get no signature status. */
+ GMimeSignatureList *sig_list;
+ /* if part of the message was signed, and the MUA is clever, it
+ * can determine on its own exactly which part and try to make
+ * more sense of it. */
+
+ /* mark this flag once we encounter a payload (i.e. something that
+ * is not part of the cryptographic envelope) */
+ bool payload_encountered;
+
+ /* the value of any "Subject:" header in the cryptographic payload
+ * (the top level part within the crypto envelope), converted to
+ * UTF-8 */
+ char *payload_subject;
+
+ /* if both signed and encrypted, was the signature encrypted? */
+ bool signature_encrypted;
+} _notmuch_message_crypto_t;
+
+
+/* _notmuch_message_crypto_t objects should be released with
+ * talloc_free (), or they will be released along with their parent
+ * context.
+ */
+_notmuch_message_crypto_t *
+_notmuch_message_crypto_new (void *ctx);
+
+/* call potential_sig_list during a depth-first-search on a message to
+ * consider a particular signature as relevant for the message.
+ */
+notmuch_status_t
+_notmuch_message_crypto_potential_sig_list (_notmuch_message_crypto_t *msg_crypto,
+ GMimeSignatureList *sigs);
+
+/* call successful_decryption during a depth-first-search on a message
+ * to indicate that a part was successfully decrypted.
+ */
+notmuch_status_t
+_notmuch_message_crypto_successful_decryption (_notmuch_message_crypto_t *msg_crypto);
+
+/* call potential_payload during a depth-first-search on a message
+ * when encountering a message part that is not part of the envelope.
+ *
+ * Returns true if part is the root of the cryptographic payload of
+ * this message.
+ */
+bool
+_notmuch_message_crypto_potential_payload (_notmuch_message_crypto_t *msg_crypto, GMimeObject *part,
+ GMimeObject *parent, int childnum);
+
+