Re: How do you manage encrypted mail?
On Tue, Jul 02, 2013 at 03:18:54PM -0400, Rob Owens wrote:
> ----- Original Message -----
> > From: "Richard Lawrence" <richard.lawrence@berkeley.edu>
> >
> > Joey Hess <joeyh@debian.org> writes:
> >
> > >
> > > Typically, gpg is configured to encrypt mail to multiple
> > > recipients,
> > > which includes everyone the mail is sent to, as well as the sender.
> > >
> > > For example, I have in my gpg.conf:
> > >
> > > # Encrypt stuff to my key too.
> > > encrypt-to 2512E3C7
> > >
> >
> > Ah, this is what I was missing. Thanks!
> >
> > >> 2) Search. The more serious issue is that I can't search encrypted
> > >> email, whether I sent it or received it...
> > >
> > > Mutt will use gpg to decrypt encrypted mail when searching in the
> > > body
> > > (ie, when limiting to ~bsomething). It can get slow, indeed.
> >
> > Good to know, thanks. When I try this, Mutt asks me to enter my GPG
> > passphrase for every encrypted message in the folder I'm limiting,
> > though! (So it's not a good option for my "sent" folder, for
> > example.)
> > Any way to avoid that?
> >
> On my system, Mutt doesn't re-ask me for my GPG passphrase until some
> timeout has been reached. 5 minutes, I think. I didn't set it like
> that. It was the default. I'm not sure if that's a Mutt setting or a
> GPG setting.
>
I just verified that I can search the contents of emails in Mutt and
only enter my GPG passphrase once. There were multiple encrypted emails
in my inbox when I tested this.
Here is the GPG section of my .muttrc, in case you find it useful:
# GPG / PGP rules
set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt-to 70952D9D --encrypt --textmode --armor --always-trust -- -r %r -- %f"
set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt-to 70952D9D --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
# no encryption or signature by default:
send-hook . 'set pgp_autosign=no; set pgp_autoencrypt=no'
# turn off inline by default:
send-hook . 'set pgp_autoinline=no'
# always encrypt and sign to some recipients:
send-hook '~t "(somebody@server.com)"' 'set pgp_autosign=yes; set pgp_autoencrypt=yes; set pgp_autoinline=yes'
send-hook '~t "(me@address.com|friend@server.com|person@server.com)"' 'set pgp_autosign=yes; set pgp_autoencrypt=yes'
Note that "somebody@server.com" can only accept inline encrypted emails.
The other recipients get smime encrypted emails.
In .gnupg/gpg.conf, I have a default-key defined. I also have use-agent
specified.
-Rob
Reply to: