encryption

Bart Silverstrim bsilver at chrononomicon.com
Tue May 8 20:59:39 UTC 2007 

Felipe Figueiredo wrote:
> On Tuesday 08 May 2007 15:42:36 Bart Silverstrim wrote:
>> Henk Postma wrote:
>>> On 5/1/07, John Richard Moser <nigelenki at comcast.net> wrote:
>>>> This makes me wonder what problem you're trying to solve.  As long as
>>>> your PC is on, the encryption is useless...
>>> Here's one scenario. Your hard drive crashes and stops responding. You
>>> can't erase the disk anymore, so what do you do with the drive
>>> containing (presumably) sensitive data? You get it replaced, send it
>>> to the original manufacturer. I would feel more safe knowing that next
>>> to the drive being unresponsive, the data would not be recoverable as
>>> well.
>> Here's one I'm posing as a question for everyone...
>>
>> I'd like to find a way to encrypt email.  However, I have 2 desktops I'm 
>> using in 2 locations plus a laptop.  All three are accessing email 
>> through IMAP, so the mail is stored on 2 different mail servers.
>>
>> The end result email would have to have some kind of decryption client 
>> available on Windows as well as OS X and Linux.
>>
>> What would be a good solution, and what will it involve to implement and 
>> use it?
>>
>> The goal is to have the encrypted text on the mail server and decrypt it 
>> at reading time, so if it's read on the mail server by a third party the 
>> message will be gibberish.
> 
> you can use gnupg to encrypt message bodies, but headers will sill be visible. 
> You can use virtually any OpenPGP enabled MUA to encrypt to self, and get 
> this on-the-fly decryption, but encrypting already existing messages might 
> turn to be an interesting problem. 
> 
> You could probably solve this with a simple script, depending on your 
> particular configs (maildir x mbox, MUA(s) of choice, interoperability, etc).

Laptop uses Mail.app, Linux system is using Thunderbird, Outlook is used 
on the Windows system.  I would be willing to try out Balsa or KMail if 
they have good IMAP support and support for decent filtering rules...I 
just had the impression that Thunderbird was actively developed and 
flexible.

The main problem I saw was making sure I had a key on all three systems 
that was sync'd up.  Lose the key, lose the email.  Ideally I could use 
a system that would use an algorithm each could use (like Blowfish) and 
would base it on a password that is prompted, like interactive SSH 
sessions.  That way I could encrypt the messages using a password at 
either the startup of the mail client or when encrypting the message, 
and the end recipient would also have a password to decrypt it.

More information about the ubuntu-users mailing list