On Tue, Dec 05, 2006 at 07:13:01PM +0200, Eray Aslan wrote: > Hi, > > How can I make sure that all the emails in my Sent folder are > encrypted and can't be read without my private key? In other > words, I want my email in my Sent folder to be encrypted even > though the email sent on the wire is plain text. > > Encrypt to self option only works if I send an encrypted mail. > I couldn't get it to work all the time. > > [...]/cy > > Email client is Thunderbird/Enigmail. Mails are stored on IMAP > server if it makes any difference.
[I'm making assumptions you are uni*-enabled] I do not have a full solution for you but I can propose to you another way of accomplishing the task. Modifying your client or plugin may not be the way you want to go. I'd suggest placing the feature request, but for the meantime..... Some scripting or configuring will probably be in order. What you might look at doing is, if you can stand your sent-mail being unencrypted on the IMAP server for a little while, copy it or sync it to your local machine (or to a server machine somewhere) with an IMAP mail copy tool[1] and encrypt them one message at a time which you could then sync back onto your IMAP storage and delete the plain-text version. You might consider two outgoing folders in your IMAP storage space: sent-plain and sent-enciphered. Another possibility would be to setup Thunderbird to write sent mail to a local folder on the machine you work on, do an encrypt-to-self operation (automated preferably, a batch job moving through your local spool) and then copy the enciphered version to a sent-mail folder on the IMAP server (via SMTP or an IMAP copy tool). You could also Bcc: all mails you send to an address where you have a mailhandler setup that bounces an encrypted version back to your 'IMAP email' and use server side filtering (SIEVE) to place those mails in sent-enciphered. I'm sure you could get procmail to do this too. To prevent the plaintext version from hanging around, you could set outgoing emails in Thunderbird to write to the local filesystem (or /dev/null somehow) instead of the default location on your IMAP space. There are a few tools that are designed for moving things about your IMAP storage and/or to a local file system. A small list and a bit of discussion about a few of them can be found at [1] <http://barnson.org/node/81> You would have to give up the body-text search for sure but I'm guessing you're not as worried about that as others seem to think you might be. A compromise might be to 'digestify' your mails so they are stored in day or week long chunks on the server. These would only require one decrypt per many messages rather than a resource intensive operation per message. Store in the 'real' sent-mail folder a dummy message with a body that hints to where the pgp text can be found. An approach like this might be useful to the plugin folks - one decrypt per many messages would be a huge speedup if body-text search were needed. Store in the body a machine readable index hint. If you have any control over your mail server [you may not but others on the list might] you can encrypt/sign all outgoing mail or perform other fun tasks with some of the tools you can find listed at: <http://www.gnupg.org/(en)/related_software/frontends.html#mua> And for those configuring your own mail servers, be sure you've got yours set to opportunistically encrypt traffic with TLS. That's just good sense, regardless if you use OpenPGP or not. (Setting it up is trivial on Postfix.) --... ...-- -.. . -.- -... ..--- ..- .-. .- =Cyrus -- cyrus@ [ Semper Curiosus .0. ] 80d [ ..0 ] dot [ 000 ] org [ OpenPGP key: 0xFF28DF5A ]
pgpdhSQ0Feerw.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users