Re: How do you manage encrypted mail?

To: debian-user@lists.debian.org
Subject: Re: How do you manage encrypted mail?
From: Rob Owens <rowens@ptd.net>
Date: Thu, 4 Jul 2013 12:40:31 -0400
Message-id: <[🔎] 20130704164030.GA15213@aurora.owens.net>
In-reply-to: <[🔎] 1233394087.42268205.1372792734521.JavaMail.root@ptd.net>
References: <[🔎] 87obakdgjc.fsf@berkeley.edu> <[🔎] 1233394087.42268205.1372792734521.JavaMail.root@ptd.net>

On Tue, Jul 02, 2013 at 03:18:54PM -0400, Rob Owens wrote:
> ----- Original Message -----
> > From: "Richard Lawrence" <richard.lawrence@berkeley.edu>
> > 
> > Joey Hess <joeyh@debian.org> writes:
> > 
> > >
> > > Typically, gpg is configured to encrypt mail to multiple
> > > recipients,
> > > which includes everyone the mail is sent to, as well as the sender.
> > >
> > > For example, I have in my gpg.conf:
> > >
> > > # Encrypt stuff to my key too.
> > > encrypt-to 2512E3C7
> > >
> > 
> > Ah, this is what I was missing.  Thanks!
> > 
> > >> 2) Search. The more serious issue is that I can't search encrypted
> > >> email, whether I sent it or received it...
> > >
> > > Mutt will use gpg to decrypt encrypted mail when searching in the
> > > body
> > > (ie, when limiting to ~bsomething). It can get slow, indeed.
> > 
> > Good to know, thanks.  When I try this, Mutt asks me to enter my GPG
> > passphrase for every encrypted message in the folder I'm limiting,
> > though!  (So it's not a good option for my "sent" folder, for
> > example.)
> > Any way to avoid that?
> > 
> On my system, Mutt doesn't re-ask me for my GPG passphrase until some
> timeout has been reached.  5 minutes, I think.  I didn't set it like 
> that.  It was the default.  I'm not sure if that's a Mutt setting or a
> GPG setting.
> 
I just verified that I can search the contents of emails in Mutt and
only enter my GPG passphrase once.  There were multiple encrypted emails
in my inbox when I tested this.  

Here is the GPG section of my .muttrc, in case you find it useful:

# GPG / PGP rules

set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt-to 70952D9D --encrypt --textmode --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt-to 70952D9D --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"

# no encryption or signature by default:
send-hook . 'set pgp_autosign=no; set pgp_autoencrypt=no'
# turn off inline by default:
send-hook . 'set pgp_autoinline=no'
# always encrypt and sign to some recipients:
send-hook '~t "(somebody@server.com)"'    'set pgp_autosign=yes; set pgp_autoencrypt=yes; set pgp_autoinline=yes'
send-hook '~t "(me@address.com|friend@server.com|person@server.com)"'    'set pgp_autosign=yes; set pgp_autoencrypt=yes'


Note that "somebody@server.com" can only accept inline encrypted emails.
The other recipients get smime encrypted emails.

In .gnupg/gpg.conf, I have a default-key defined.  I also have use-agent
specified.

-Rob

Reply to:

Follow-Ups:
- Re: How do you manage encrypted mail?
  - From: Jochen Spieker <ml@well-adjusted.de>

References:
- Re: How do you manage encrypted mail?
  - From: Richard Lawrence <richard.lawrence@berkeley.edu>
- Re: How do you manage encrypted mail?
  - From: Rob Owens <rowens@ptd.net>

Prev by Date: Re: How do you manage encrypted mail?
Next by Date: Re: Replicating a Squeeze system on Wheezy
Previous by thread: Re: How do you manage encrypted mail?
Next by thread: Re: How do you manage encrypted mail?
Index(es):
- Date
- Thread