On Fri, Aug 28, 2009 at 7:23 PM, Lars Kotthoff<l...@larsko.org> wrote: >> It's possible, but slightly pointless. > > Not if the user supplies the passphrase, e.g. it could be encrypted with the > user's GPG key and ask for the passphrase at startup.
Why not just ask for the IMAP password itself? There's no functional difference between that secret, and the secret that unlocks the secret ... indeed, if sup were to accidentally expose the passphrase you provided, would you rather lose your GPG key or your IMAP key? If you are really determined to allow others to read your private files, why not just encrypt the whole .sup directory with a separate tool (TrueCrypt, loopback, rot13, encfs, ecryptfs, or whatever else your distribution provides). That way, you are also protecting the ferret index collection, and the default sent box, which all contain data of the same level of sensitivity as your mailbox. Given your concern, I assume that you will be remembering to terminate sup and dismount the .sup directory every time you walk away from the keyboard. (Many schemes these days encrypt the whole of $HOME, which makes the whole screensaver/away from the keyboard thing even more difficult). Security must be appropriate to be actual security. Otherwise it's just an expensive façade. -jim _______________________________________________ sup-talk mailing list sup-talk@rubyforge.org http://rubyforge.org/mailman/listinfo/sup-talk
