* 2025-09-01 19:50:29-0400, Jeffrey Walton wrote:
> One datapoint you might find interesting...
It is. Thanks.
> The biggest pain point came when searching emails. As you probably know,
> most encryption schemes break sorting and searching.
A half-way solution is probably this: index the plain text (for search
engine) but store the actual message encrypted. No, this is not
half-way. It can be more towards revealing most of the content in the
index.
With Notmuch e-mail database user can choose to index any single
decrypted message or even automatically all decrypted messages. Then
searching will match words in those encrypted messages' body even though
the message itself is stored untouched in the original encrypted form in
the file system. A security risk, of course.
If user chooses he can also make Notmuch store the session key¹ which
was used in message's encryption and decryption. This can be made for
any single message but also automatically for all decrypted messages.
The session key is stored in the Notmuch database and is then used to
automatically decrypt the message. The private key is not needed
anymore. A big security risk, of course.
-----
1. A session key is randomly generated key which is used to encrypt and
decrypt the actual data. Recipients' public keys [certificates] are
used to encrypt the session key.
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
Attachment:
signature.asc
Description: PGP signature