Encrypting with an message expiration date

David Shaw dshaw at jabberwocky.com
Sun Jan 3 01:45:15 CET 2010


On Jan 2, 2010, at 5:40 PM, Allen Schultz wrote:

> GnuPG-Users:
>
> Is there a way to force an expiration date when encrypting a message
> for additional security. I have a friend who is inquiring. I've
> already informed him of the "for his/her eyes only" option.

No, there isn't.  The basic problem here is that you rely on someone  
to honor your request to kill a message after the expiration date.   
They can just ignore your request, and do what they like.  Even if  
there was some means to do this, it's easy to foil - Alice sends a  
self-destructing message to Baker, but before it expires, Baker reads  
it and copies the contents into an unencrypted file.

Incidentally, the "For Your Eyes Only" option in OpenPGP is also not  
particularly secure, for these same reasons.

It's possible to imagine a mail system that enforces this sort of  
thing (not the crypto itself, but as part of the whole mail system of  
which the crypto is only a part), but that's not a very strong  
protection - and even then suffers from the copy-to-an-unencrypted- 
file problem.

David




More information about the Gnupg-users mailing list