encrypt the sent folder - offline task

[Cyrus Yunker]

On Tue, Dec 05, 2006 at 07:13:01PM +0200, Eray Aslan wrote:
> Hi,
>
> How can I make sure that all the emails in my Sent folder are
> encrypted and can't be read without my private key?  In other
> words, I want my email in my Sent folder to be encrypted even
> though the email sent on the wire is plain text.
>
> Encrypt to self option only works if I send an encrypted mail.
> I couldn't get it to work all the time.
>
> [...]/cy
>
> Email client is Thunderbird/Enigmail.  Mails are stored on IMAP
> server if it makes any difference.

[I'm making assumptions you are uni*-enabled]

I do not have a full solution for you but I can propose to you
another way of accomplishing the task.

Modifying your client or plugin may not be the way you want to go.
I'd suggest placing the feature request, but for the meantime.....
Some scripting or configuring will probably be in order.

What you might look at doing is, if you can stand your sent-mail
being unencrypted on the IMAP server for a little while, copy
it or sync it to your local machine (or to a server machine
somewhere) with an IMAP mail copy tool[1] and encrypt them one
message at a time which you could then sync back onto your IMAP
storage and delete the plain-text version.  You might consider
two outgoing folders in your IMAP storage space: sent-plain and
sent-enciphered.

Another possibility would be to setup Thunderbird to write
sent mail to a local folder on the machine you work on, do an
encrypt-to-self operation (automated preferably, a batch job
moving through your local spool) and then copy the enciphered
version to a sent-mail folder on the IMAP server (via SMTP or an
IMAP copy tool).

You could also Bcc: all mails you send to an address where you
have a mailhandler setup that bounces an encrypted version back to
your 'IMAP email' and use server side filtering (SIEVE) to place
those mails in sent-enciphered.  I'm sure you could get procmail
to do this too.  To prevent the plaintext version from hanging
around, you could set outgoing emails in Thunderbird to write to
the local filesystem (or /dev/null somehow) instead of the default
location on your IMAP space.

There are a few tools that are designed for moving things about
your IMAP storage and/or to a local file system.  A small list and
a bit of discussion about a few of them can be found at

[1] <http://barnson.org/node/81>

You would have to give up the body-text search for sure but I'm
guessing you're not as worried about that as others seem to think
you might be.

A compromise might be to 'digestify' your mails so they are
stored in day or week long chunks on the server.  These would
only require one decrypt per many messages rather than a resource
intensive operation per message.  Store in the 'real' sent-mail
folder a dummy message with a body that hints to where the pgp
text can be found.  An approach like this might be useful to the
plugin folks - one decrypt per many messages would be a huge
speedup if body-text search were needed.  Store in the body a
machine readable index hint.

If you have any control over your mail server [you may not but
others on the list might] you can encrypt/sign all outgoing mail
or perform other fun tasks with some of the tools you can find
listed at:

  <http://www.gnupg.org/(en)/related_software/frontends.html#mua>

And for those configuring your own mail servers, be sure you've
got yours set to opportunistically encrypt traffic with TLS.
That's just good sense, regardless if you use OpenPGP or not.
(Setting it up is trivial on Postfix.)

--... ...-- -.. . -.- -... ..--- ..- .-. .-  
=Cyrus

-- 
cyrus@ [     Semper Curiosus         .0.  ]
80d    [                             ..0  ]
dot    [                             000  ]
org    [ OpenPGP key: 0xFF28DF5A          ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20061208/d5992086/attachment.pgp