From mboxrd@z Thu Jan 1 00:00:00 1970 From: wmorgan-sup@masanjin.net (William Morgan) Date: Thu, 13 Dec 2007 17:01:24 -0800 Subject: [sup-talk] Status of GPG support? In-Reply-To: <1197324612-sup-4789@south> References: <475DB454.5020501@therning.org> <1197324612-sup-4789@south> Message-ID: <1197593643-sup-6305@south> Excerpts from William Morgan's message of Mon Dec 10 14:13:42 -0800 2007: > I will send an announcement when it's in. I've committed a patch to add sign, encrypt, and sign+encrypt capability. As with decryption and signature verification, this is gpg- specific, and relies on gpg-agent for all password interactions. I don't really want to get into the business of password management. I need to add some mechanics for determining which setting is pre- selected on a per-message basis. This will almost certainly be a hook. Other than that, is should be basically functionally complete. I did add one config option: :discard_snippets_from_encrypted_messages, which defaults to false. If this option is set to true, snippets that were generated from encrypted content will not be stored in the index. This is a limited security measure, because someone with access to the Ferret index can recover the contents of the message in several ways (that's the problem with the basic operation being full-text search!), but this eliminates the most trivial way of getting encrypted message content. It also means that the snippet for a message won't show up in thread-index-mode until you load the message and enter in the password. -- William