Doubt about Enigmail/GPG with emails on server

Discussion in 'privacy technology' started by dogbite, Apr 30, 2013.

Thread Status:
Not open for further replies.
  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    It's clear to me that Enigmail/GPG allows to send/receive encrypted emails (even if most of people do not use it..but this is another topic..).

    But, what happens to the emails that are sent/received unencrypted when they are stored on the server?

    Just to give a real example: I use my gmail account, setting up IMAP with Thunderbird with Enigmail/GPG.
    On the Google's server (which is basically a replica of my Thunderbird emails) are then those emails encrypted or are they still stored in plain text (and bigG is able to scan them)?

    Thanks for clarifying.
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    If you send an encrypted email, it stays encrypted all through it's travel and storage. The only one that can read it, are the recipients with the proper private keys. TB/Enigmail can *look* like stuff isn't encrypted, because it does a lot of automated stuff to decrypt/encrypt seamlessly. You can turn these options off, so that you have to manually encrypt/decrypt...then you will just see cipher text in the windows.

    PD
     
  3. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Thanks Paul, but that was clear to me.
    Maybe I was not able to explain well my concern: what happens to emails which are sent/received unencrypted?
    Thanks to Enigmail/GPG, are they encrypted locally (and automatically) in Thundermail anyway?
    What about their copies on the server?
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yeah, my mistake...now I see what you are saying. IMAP basically allows you to interact with what's on the server, locally. So that is a good point, when you decrypt, is what is on Googles server readable by them? I can't imagine it would be, but I'm not an expert of the RFC's of the IMAP protocol. Maybe search for PGP and IMAP on a search engine?

    PD
     
  5. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Your post had me do a lot of research. I still haven't read the RFC's yet, but there is a setting in TB that you may want to turn off:

    Options>Composition>General>Auto Save Every...

    I would turn that off if using IMAP with Gmail (Who thought POP3 had an advantage? LOL)

    Another thing you could do, is switch to GPG4USB, and compose all emails there. Then copy/paste into TB. I'm really digging GPG4USB.

    PD
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Paul,

    I am getting pretty sure that unecrypted emails remain unencrypted on the server, even if Enigmail is used.
    The workaround to have all emails locally encrypted is to use a client with POP3 (not IMAP) which runs in an encrypted environment on the HDD.
    Using POP3, emails are deleted from the server then stored only on PC. And encrypted.
    At least the received emails, but what about the sent ones?
    mhhhmm...
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    When you send an encrypted email, it is encrypted locally with the public key of the recipient and then sent to the server, so normally the server shouldn't be able to touch its contents... And if I remember correctly, it is also stored locally in Thunderbird and encrypted with your public key (so you can decrypt them later and view them).
     
  9. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Clear, but there is no way to have a sent unencrypted email encrypted afterwards (when stored) on the server.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    You can configure Enigmail to send only encrypted messages.

    You can refuse to communicate with those who persist in sending unencrypted messages to you, and delete them from the server.

    But you can't prevent people from sending unencrypted messages to you.
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    No, this is not possible.
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    What if you create an Inbox and Sent Archive on the Thunderbird 'Local Folders' area, then move everything off of the server to those folders. Then encrypt each one, then move it back to the Gmail inbox, sent, etc... It's A LOT of work, but should be doable. I don't use Gmail, but that should work, shouldn't it?

    PD
     
  13. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    It should. But I wonder if all that work makes really sense..
     
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It's been a while since I didn't use Enigmail, but I don't remember the possibility to use it to encrypt an email in-place... Please correct me if I'm wrong.
     
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You are correct.

    PD
     
    Last edited: May 1, 2013
Loading...
Thread Status:
Not open for further replies.