Slashdot Mirror
Email Clients with Encrypted Archives?
jasonbrown asks: "If your like a lot of us, you want to keep all your good email for later viewing. Then again, who wants to have all that personal stuff laying around when some higher power decides to dig through it. I was wondering if the Slashdot community knows of any good, preferably linux compatible, email clients with an encrypted archive to keep your old email away from prying eyes."
a few months back i decided i wanted to setup something similar. i wasnt after an email client that encrypted mailboxes, i wanted an encrypted backup of all email i recived. how i did this was edit my alias file for sendmail to send my mail to a perl script that appends stdin to my mbox, and sends it through a gpg and then to a seperate backup file. so it gets written to 2 places, one unecrypted for immediate viewing, and the other encrypted for long term archiving. if you want my script i can polish it up and send it to you, though you will proably have to modify it at least a little because parts of it are specific to my system.
-- free as in swatantryam - not soujanyam.
True, it is encrypted. And true that the CIA uses Lotus Notes, so it obviously can pass the paranoia test. (Notes is one of the few systems where even mail administrators can't read your email.)
Where Lotus Notes breaks down in this situation is the certifier IDs. In LN, an administrator uses a "god" (or certifier) ID to create other IDs. That "god" ID can also go back and alter the IDs that it created (like to extend expirations, do name changes for marriage/divorce), which means that forgotten passwords can be unlocked.
So, using Lotus Notes will keep anyone who's not your boss, and anyone who's not the government, from reading your email.
There are other encryption keys that the end-user can create in Notes (the ID file can store several encryption keys in it, in different formats, so it's somewhat like a key manager), and they can use these for encryption, but these other keys are used to encrypt fields only, which means you'd have to write something that would take all the fields in your emails, and create new documents in your archive, and encrypt the fields along the way. (Simple, really, and it'd probably take me an afternoon to do.) The on-disk encryption is for the ID only (the one issued from the certifier), which means Bosses and Governments still can get it.
Oh, but Notes is reasonably stable running under WINE.
Brings me to one other bit. In the 4.x family of Notes, there were 3 encryption versions. 64-bit (U.S./Canada only, but strangely titled "North American" as if everything north of Panama isn't in North America), 40-bit (International), and this strange French version (unknown encryption, but the French Government didn't want any encryption, really, so it was even lower encryption).
The U.S. and International versions both used the same 64-bit encryption. However, the U.S. held 24-bits of the 64-bit international key in escrow. That, to me, means that the U.S. could crack 40-bit encryption back in the mid 1990's. In the newest release, the encryption level is higher (128?), and there's only one level for all distributions (I'll exclude France as I really don't know), but that's partly because of eased export laws on encryption, and partly because I think the Feds realize they can get around encryption.
If you have your own certifiers, and can digitally shred these as the Feds are knocking down your door with a search warrant in hand, then maybe it'd work.
If you're worried about something that could be used against you later, why keep it?
True, I don't like the idea of someone going back through years of email and reading private things. But maybe messages shouldn't be saved by default. And how often do we really go back through our old email for something? Not trolling here, but the majority of email I get isn't worthy of digital immortality.
At one of the client sites I consulted, they deleted all Inbox mail after 30 days, and had a 3-year maximum retention on everything else in the mail file. (To keep it past 30 days, you basically had to move it to another folder.) Sent mail was also deleted after 90 days, but you could override that, up to the 3 year max. (Contrast that with another site where SEC made them keep _everything_ for years and years.)
I gotta say, I love it. I've even tweaked my email client to ask me if I want to save a copy, for everything I send.
1. Use IMAP instead of POP; this keeps the mail on the server.
2. set up an IMAP server on a box that you control, preferably at home. Put the server behind SSL.
3. When you want to archive an email, drag it over to your home server, and delete the original.
This assumes that you use an email client that can talk to multiple IMAP servers at once.
If you use pine or some other command line client, or really any client you could do this:
1. Save all your old mail to a file other than the default.
2. PGP encrypt that file.
3. It would be pretty simple to write a script to first decrypt the file with a password and then launch your mail reader to read old mail from that file.
I know its not elegant or the perfect solution but it is much simpler than writing a client todo it. I know a lot of people will be talking about encrypted filesystems. The problem with this, is that your root or user password is usually much shorter than your PGP passkey. The second problem is that not everyone owns the system thier mail is stored on, you have to consider that with systems such as IMAP your mail is stored in TWO places.
I've never even considered encrypting my old mail, this is a very good idea. Good luck in finding a more elegant solution, and if you do please post it here!