[GnuPG] Re: Can you unlock sent messages ?? Somehow ??

Ryan Malayter rmalayter@bai.org
Fri Jul 18 16:51:02 2003

Hash: SHA1

1) Your company should almost definitely *not* be using PST files for
Outlook mail storage. PST=3DBAD for a lot of reasons, see
http://www.swinc.com/resource/exch_faq_appxf.htm for details. Of
course, if you're not an Exchange server shop, but use POP3 or IMAP
servers, you might be stuck with PST files.

2) You cannot decrypt OpenPGP messages without the private key and
pass-phrase of the sender, and then only if they encrypted the
message to themselves. This is the whole point of PGP. If you don't
have the private key and pass phrase, or if the messages weren't
encrypted to the user himself as well as the recipient, you'll have
to trust the *recipients* of the encrypted messages to forward you
unaltered copies of the encrypted messages. Basically, if the OpenPGP
user didn't want those messages recovered, you're screwed.

3) You (supposedly) cannot decrypt an encrypted PST file if the
user's original profile is lost. The encryption key is stored in the
user portion of the Windows registry. However, I think PST encryption
is relatively weak, since it is "compressible", so there may be a
brute-force cracking utility out there somewhere.

- -----Original Message-----
From: Stone, Darryll [mailto:Darryll.Stone@Encana.com]=20
Sent: Thursday, July 17, 2003 9:01 AM
To: gnupg-users@gnupg.org
Subject: Can you unlock sent messages ?? Somehow ??=20

 If someone in an organization used GPG and then left the company,
and you
 had to give a copy of all emails that that individual had ever sent
, how
 can you unlock all of the encrypted messages?? specially if your
email is
 actual record that you have to keep... is there somewhere you can
send a
 file to be unencrypted??

Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.94