Re: How do you manage encrypted mail?
Joey Hess <joeyh@debian.org> writes:
> Richard Lawrence wrote:
>> I've recently (re-)decided to make an effort to use PGP, and to convince
>> others to use it too. (My effort to do so:
>> http://www.ocf.berkeley.edu/~rwl/encryption.html, linked from my
>> .signature. Comments welcome.) But I've run into a couple of problems
>> fairly quickly. If you use PGP regularly, how do you solve them?
>>
>> 1) Reading encrypted mail that I sent...
>
> Typically, gpg is configured to encrypt mail to multiple recipients,
> which includes everyone the mail is sent to, as well as the sender.
>
> For example, I have in my gpg.conf:
>
> # Encrypt stuff to my key too.
> encrypt-to 2512E3C7
>
Ah, this is what I was missing. Thanks!
>> 2) Search. The more serious issue is that I can't search encrypted
>> email, whether I sent it or received it...
>
> Mutt will use gpg to decrypt encrypted mail when searching in the body
> (ie, when limiting to ~bsomething). It can get slow, indeed.
Good to know, thanks. When I try this, Mutt asks me to enter my GPG
passphrase for every encrypted message in the folder I'm limiting,
though! (So it's not a good option for my "sent" folder, for example.)
Any way to avoid that?
> I rarely find the need to search in bodies of mail after it's a month
> old, and use mairix to index and search subject and other headers,
> which are not encrypted. Then if necessary I can load the resulting
> mbox full of search results into mutt and do a body search to further
> refine it down to what I was looking for.
This is more or less what I'm doing now with notmuch. I think it will
work fine for me personally, but I'm a bit concerned that this will not
sound convincing to someone else. ("You should encrypt all your
messages. But full disclosure: you won't be able to search the message
contents easily, just headers. Sorry!")
One possibility I can see here is to store and index unencrypted copies
of messages locally, but only sync encrypted messages with the mail
server. I imagine I could rig something up to accomplish this, using
the scripting features of offlineimap, etc. Is there an existing
solution for a setup like that?
Thanks!
--
Best,
Richard
Reply to: