emacs: sign/encrypt replies to signed/encrypted messages

This is a simple approach to improving security when replying to
signed or encrypted messages. If the message being replied to was
signed, add mml tag to sign the reply. If the message being replied to
was encrypted, add mml tag to sign and encrypt the reply.

This may need configuration; I for one might want to encrypt replies
to encrypted messages, but not always sign replies to signed messages.

This still includes a slight bug: if any mml tags are added, they are
included in the region containing the quoted parts. Killing the region
will kill the mml tags too.
This commit is contained in:
Jani Nikula 2014-04-05 12:18:06 +03:00 committed by David Bremner
parent b8327ab483
commit 30a0ed197e

View file

@ -115,6 +115,15 @@ list."
(push header message-hidden-headers))) (push header message-hidden-headers)))
notmuch-mua-hidden-headers)) notmuch-mua-hidden-headers))
(defun notmuch-mua-reply-crypto (parts)
(loop for part in parts
if (notmuch-match-content-type (plist-get part :content-type) "multipart/signed")
do (mml-secure-message-sign)
else if (notmuch-match-content-type (plist-get part :content-type) "multipart/encrypted")
do (mml-secure-message-sign-encrypt)
else if (notmuch-match-content-type (plist-get part :content-type) "multipart/*")
do (notmuch-mua-reply-crypto (plist-get part :content))))
(defun notmuch-mua-get-quotable-parts (parts) (defun notmuch-mua-get-quotable-parts (parts)
(loop for part in parts (loop for part in parts
if (notmuch-match-content-type (plist-get part :content-type) "multipart/alternative") if (notmuch-match-content-type (plist-get part :content-type) "multipart/alternative")
@ -151,9 +160,10 @@ list."
(defun notmuch-mua-reply (query-string &optional sender reply-all) (defun notmuch-mua-reply (query-string &optional sender reply-all)
(let ((args '("reply" "--format=sexp" "--format-version=1")) (let ((args '("reply" "--format=sexp" "--format-version=1"))
(process-crypto notmuch-show-process-crypto)
reply reply
original) original)
(when notmuch-show-process-crypto (when process-crypto
(setq args (append args '("--decrypt")))) (setq args (append args '("--decrypt"))))
(if reply-all (if reply-all
@ -224,7 +234,11 @@ list."
(set-mark (point)) (set-mark (point))
(goto-char start) (goto-char start)
;; Quote the original message according to the user's configured style. ;; Quote the original message according to the user's configured style.
(message-cite-original)))) (message-cite-original)))
;; Sign and/or encrypt replies to signed and/or encrypted messages.
(when process-crypto
(notmuch-mua-reply-crypto (plist-get original :body))))
;; Push mark right before signature, if any. ;; Push mark right before signature, if any.
(message-goto-signature) (message-goto-signature)