Doubt about Enigmail/GPG with emails on server

It's clear to me that Enigmail/GPG allows to send/receive encrypted emails (even if most of people do not use it..but this is another topic..).

But, what happens to the emails that are sent/received unencrypted when they are stored on the server?

Just to give a real example: I use my gmail account, setting up IMAP with Thunderbird with Enigmail/GPG.
On the Google's server (which is basically a replica of my Thunderbird emails) are then those emails encrypted or are they still stored in plain text (and bigG is able to scan them)?

Thanks for clarifying.

 

If you send an encrypted email, it stays encrypted all through it's travel and storage. The only one that can read it, are the recipients with the proper private keys. TB/Enigmail can *look* like stuff isn't encrypted, because it does a lot of automated stuff to decrypt/encrypt seamlessly. You can turn these options off, so that you have to manually encrypt/decrypt...then you will just see cipher text in the windows.

PD

 

Thanks Paul, but that was clear to me.
Maybe I was not able to explain well my concern: what happens to emails which are sent/received unencrypted?
Thanks to Enigmail/GPG, are they encrypted locally (and automatically) in Thundermail anyway?
What about their copies on the server?

 

Yeah, my mistake...now I see what you are saying. IMAP basically allows you to interact with what's on the server, locally. So that is a good point, when you decrypt, is what is on Googles server readable by them? I can't imagine it would be, but I'm not an expert of the RFC's of the IMAP protocol. Maybe search for PGP and IMAP on a search engine?

PD

 

Maybe here is the answer.

http://sourceforge.net/p/enigmail/forum/feature_requests/thread/b0940ad0/

Basically old emails or new ones unencrypted are still possible to read, while on the server.

 

Your post had me do a lot of research. I still haven't read the RFC's yet, but there is a setting in TB that you may want to turn off:

Options>Composition>General>Auto Save Every...

I would turn that off if using IMAP with Gmail (Who thought POP3 had an advantage? LOL)

Another thing you could do, is switch to GPG4USB, and compose all emails there. Then copy/paste into TB. I'm really digging GPG4USB.

PD

 

Paul,

I am getting pretty sure that unecrypted emails remain unencrypted on the server, even if Enigmail is used.
The workaround to have all emails locally encrypted is to use a client with POP3 (not IMAP) which runs in an encrypted environment on the HDD.
Using POP3, emails are deleted from the server then stored only on PC. And encrypted.
At least the received emails, but what about the sent ones?
mhhhmm...

 

When you send an encrypted email, it is encrypted locally with the public key of the recipient and then sent to the server, so normally the server shouldn't be able to touch its contents... And if I remember correctly, it is also stored locally in Thunderbird and encrypted with your public key (so you can decrypt them later and view them).

 

Clear, but there is no way to have a sent unencrypted email encrypted afterwards (when stored) on the server.

 

You can configure Enigmail to send only encrypted messages.

You can refuse to communicate with those who persist in sending unencrypted messages to you, and delete them from the server.

But you can't prevent people from sending unencrypted messages to you.

 

No, this is not possible.

 

What if you create an Inbox and Sent Archive on the Thunderbird 'Local Folders' area, then move everything off of the server to those folders. Then encrypt each one, then move it back to the Gmail inbox, sent, etc... It's A LOT of work, but should be doable. I don't use Gmail, but that should work, shouldn't it?

PD

 

It should. But I wonder if all that work makes really sense..

 

It's been a while since I didn't use Enigmail, but I don't remember the possibility to use it to encrypt an email in-place... Please correct me if I'm wrong.

 

You are correct.

PD