saving and searching encrypted mail
I often send and receive gpg-encrypted mail. At the moment I use thunderbird + enigmail (in linux) to do that. As far as I know there is no way in thunderbird to find all encrypted messages which bodies contain particular keywords. There also seems to be no option to save encrypted mails decrypted (so they would be searchable). However for me it is important to be able to search old encrypted mails. So my question is:
Is there a way in linux to save incoming mails automatically decrypted in my inbox and save outgoing encrypted mail decrypted in the send folder? Both times adding a line to the body which remarks that the mail was encrypted.
It could be another email client for linux that could to that or perhaps a solution using procmail or maildrop.
For a procmail solution I guess there could be some problems with encoding (perhaps one have to use emil?) the solution should work well with german special characters in subject and body. Note that the solution should work for multipart encrypted messages (including encrypted attachments) too i.e. with everything which could thunderbird + enigmail generate.
Further note that I don't want a discussion about security holes. For me it's ok if messages are stored decrypted on my harddrive (which is encrypted as a whole anyway). In doubt for a first solution it would be ok to store my private key passphrase in cleartext on my harddrive, too. The point is that the mails are encrypted on the mailserver or more generally on their "way through the net".
Solution 1:
Have you tried BCC'ing yourself and adding a per recipient rule that says to never, sign or encrypt the message to your BBC'd email address?
Then on the incoming you could make a rule, but you would have to provide your passphrase interactively anyway, so you might as well copy the email to a folder after you decrypt it.
Of course, if you had access to the mail server, and you run maildir, you could always write a short script that greps the mail files looking for "-----PGP BEGIN -----" and runs them through GPG on the command line and them copies them to a folder. Then you could just set it up for a cron job. Caveat is that you would have to provide the script your key and passphrase - which sort of defeats the whole idea, but possible.
/2 cents
UPDATE: I was thinking (this morning in the shower...) that since you're running linux as your OS, you could just write a shell script that greps your thunderbird inbox (and folders) to find the PGP files on the command line, decrypt them, and then copy them in to the appropriate mail folder. That way none of the data is in the clear on the server. You could run the script interactively for better security.
Solution 2:
After skub's hint I could imagine that the following could work:
- use fetchmail to fetch mail
- put something like this:
/usr/bin/procmail -d %s
in.fetchmailrc
- procmail puts mail into
~/Maildir
-
use the following postfix rule in
.postfixrc
:0 Bfw \* -----BEGIN PGP MESSAGE-----| formail -A "MIME-Version: 1.0" | formail -A "Content-Transfer-Encoding: quoted-printable" { :0 fw | emil { :0 bfw | gpg -d --passphrase "My password" --batch } }
run locally an IMAP server like Dovecot (reads
~/Maildir
)- configure Thunderbird (or another email client) to listen on localhost for IMAP