X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=doc%2Fman1%2Fnotmuch-insert.rst;h=1a3dfe98299ae21b6501de65cad97ef9f91a18bb;hb=fccebbaeef1e4b6489425afb13f419543d53d285;hp=eb9ff11bac289ac8b048db44798983d12e14780f;hpb=d3964e81ac98825a025a6120c488ebd73de2a281;p=notmuch diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst index eb9ff11b..1a3dfe98 100644 --- a/doc/man1/notmuch-insert.rst +++ b/doc/man1/notmuch-insert.rst @@ -51,17 +51,26 @@ Supported options for **insert** include ``--no-hooks`` Prevent hooks from being run. - ``--decrypt=(true|false)`` - - If true and the message is encrypted, try to decrypt the - message while indexing. If decryption is successful, index - the cleartext itself. Either way, the message is always - stored to disk in its original form (ciphertext). Be aware - that the index is likely sufficient to reconstruct the + ``--decrypt=(true|nostash|auto|false)`` + + If ``true`` and the message is encrypted, try to decrypt the + message while indexing, stashing any session keys discovered. + If ``auto``, and notmuch already knows about a session key for + the message, it will try decrypting using that session key but + will not try to access the user's secret keys. If decryption + is successful, index the cleartext itself. Either way, the + message is always stored to disk in its original form + (ciphertext). + + ``nostash`` is the same as ``true`` except that it will not + stash newly-discovered session keys in the database. + + Be aware that the index is likely sufficient (and a stashed + session key is certainly sufficient) to reconstruct the cleartext of the message itself, so please ensure that the notmuch message index is adequately protected. DO NOT USE - ``--decrypt=true`` without considering the security of - your index. + ``--decrypt=true`` or ``--decrypt=nostash`` without + considering the security of your index. See also ``index.decrypt`` in **notmuch-config(1)**.