[sup-talk] Status of GPG support?
William Morgan
wmorgan-sup at masanjin.net
Thu Dec 13 20:01:24 EST 2007
Excerpts from William Morgan's message of Mon Dec 10 14:13:42 -0800 2007:
> I will send an announcement when it's in.
I've committed a patch to add sign, encrypt, and sign+encrypt
capability. As with decryption and signature verification, this is gpg-
specific, and relies on gpg-agent for all password interactions. I don't
really want to get into the business of password management.
I need to add some mechanics for determining which setting is pre-
selected on a per-message basis. This will almost certainly be a hook.
Other than that, is should be basically functionally complete.
I did add one config option: :discard_snippets_from_encrypted_messages,
which defaults to false. If this option is set to true, snippets that
were generated from encrypted content will not be stored in the index.
This is a limited security measure, because someone with access to the
Ferret index can recover the contents of the message in several ways
(that's the problem with the basic operation being full-text search!),
but this eliminates the most trivial way of getting encrypted message
content. It also means that the snippet for a message won't show up in
thread-index-mode until you load the message and enter in the password.
--
William <wmorgan-sup at masanjin.net>
More information about the sup-talk
mailing list