This is a simple approach to improving security when replying to signed or encrypted messages. If the message being replied to was signed, add mml tag to sign the reply. If the message being replied to was encrypted, add mml tag to sign and encrypt the reply.
This may need configuration; I for one might want to encrypt replies to encrypted messages, but not always sign replies to signed messages. This still includes a slight bug: if any mml tags are added, they are included in the region containing the quoted parts. Killing the region will kill the mml tags too. --- emacs/notmuch-mua.el | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index ba3ef275ec5e..9fb84b57b030 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -115,6 +115,15 @@ list." (push header message-hidden-headers))) notmuch-mua-hidden-headers)) +(defun notmuch-mua-reply-crypto (parts) + (loop for part in parts + if (notmuch-match-content-type (plist-get part :content-type) "multipart/signed") + do (mml-secure-message-sign) + else if (notmuch-match-content-type (plist-get part :content-type) "multipart/encrypted") + do (mml-secure-message-sign-encrypt) + else if (notmuch-match-content-type (plist-get part :content-type) "multipart/*") + do (notmuch-mua-reply-crypto (plist-get part :content)))) + (defun notmuch-mua-get-quotable-parts (parts) (loop for part in parts if (notmuch-match-content-type (plist-get part :content-type) "multipart/alternative") @@ -224,7 +233,10 @@ list." (set-mark (point)) (goto-char start) ;; Quote the original message according to the user's configured style. - (message-cite-original)))) + (message-cite-original))) + + ;; Sign and/or encrypt replies to signed and/or encrypted messages. + (notmuch-mua-reply-crypto (plist-get original :body))) ;; Push mark right before signature, if any. (message-goto-signature) -- 1.9.1