encrypt the sent folder

David Shaw dshaw at jabberwocky.com
Tue Dec 5 22:15:18 CET 2006

On Tue, Dec 05, 2006 at 02:52:56PM -0600, Robert J. Hansen wrote:
> David Shaw wrote:
> > I must disagree with this.  OpenPGP is not solely a wire protocol.
> I probably should have said 'primarily'.  It wasn't my intent to give
> the impression it was exclusively a wire protocol.
> > The nice thing about using OpenPGP as an archival primitive is that
> > each encrypted file is its own file and decrypting one does not impact
> > any others.  This works well in the context of email, where each mail
> > is its own object.
> In other ways it doesn't work very well, since each email is encrypted
> separately, requiring complex bignum math for each decryption.
> Searching through large numbers of emails could potentially be very
> problematic.
> Compare this to an encrypted filesystem, which is typically much more
> performance-friendly.

Absolutely.  It all depends on what the goal is.  Given a compromise,
many distinct files can limit the damage done to a subset (or one) of
the encrypted files.  A compromise of an encrypted filesystem
generally compromises the whole filesystem containing all the files.
On the other side, as you say, an encrypted filesystem will probably
outperform multiple encrypted files.  Given the original request (to
store encrypted mails on a remote IMAP server), OpenPGP seems like an
obvious answer as it works even when the remote IMAP server isn't
under the control of the user (which is often the case).

OpenPGP (and encrypted filesystems) are two good solutions to two
slightly different and overlapping problems.


More information about the Gnupg-users mailing list