notmuch/doc/man1/notmuch-reindex.rst
Daniel Kahn Gillmor fccebbaeef crypto: add --decrypt=nostash to avoid stashing session keys
Here's the configuration choice for people who want a cleartext index,
but don't want stashed session keys.

Interestingly, this "nostash" decryption policy is actually the same
policy that should be used by "notmuch show" and "notmuch reply",
since they never modify the index or database when they are invoked
with --decrypt.

We take advantage of this parallel to tune the behavior of those
programs so that we're not requesting session keys from GnuPG during
"show" and "reply" that we would then otherwise just throw away.
2017-12-08 08:08:47 -04:00

63 lines
1.9 KiB
ReStructuredText

===============
notmuch-reindex
===============
SYNOPSIS
========
**notmuch** **reindex** [*option* ...] <*search-term*> ...
DESCRIPTION
===========
Re-index all messages matching the search terms.
See **notmuch-search-terms(7)** for details of the supported syntax for
<*search-term*\ >.
The **reindex** command searches for all messages matching the
supplied search terms, and re-creates the full-text index on these
messages using the supplied options.
Supported options for **reindex** include
``--decrypt=(true|nostash|auto|false)``
If ``true``, when encountering an encrypted message, try to
decrypt it while reindexing, stashing any session keys
discovered. If ``auto``, and notmuch already knows about a
session key for the message, it will try decrypting using that
session key but will not try to access the user's secret keys.
If decryption is successful, index the cleartext itself.
``nostash`` is the same as ``true`` except that it will not
stash newly-discovered session keys in the database.
If ``false``, notmuch reindex will also delete any stashed
session keys for all messages matching the search terms.
Be aware that the index is likely sufficient (and a stashed
session key is certainly sufficient) to reconstruct the
cleartext of the message itself, so please ensure that the
notmuch message index is adequately protected. DO NOT USE
``--decrypt=true`` or ``--decrypt=nostash`` without
considering the security of your index.
See also ``index.decrypt`` in **notmuch-config(1)**.
SEE ALSO
========
**notmuch(1)**,
**notmuch-config(1)**,
**notmuch-count(1)**,
**notmuch-dump(1)**,
**notmuch-hooks(5)**,
**notmuch-insert(1)**,
**notmuch-new(1)**,
**notmuch-reply(1)**,
**notmuch-restore(1)**,
**notmuch-search(1)**,
**notmuch-search-terms(7)**,
**notmuch-show(1)**,
**notmuch-tag(1)**