Slashdot Mirror
Email Clients with Encrypted Archives?
jasonbrown asks: "If your like a lot of us, you want to keep all your good email for later viewing. Then again, who wants to have all that personal stuff laying around when some higher power decides to dig through it. I was wondering if the Slashdot community knows of any good, preferably linux compatible, email clients with an encrypted archive to keep your old email away from prying eyes."
--- BEGIN ENCRYPTED COMMENT --- ;UEIM45fyh234P!H@#$p*Kx;ep986f 214%"DuoKOHKAuQqjp.ysa98kfokntab,.p',.ntdoi
fk9aoeka89ok7aozeka.iKHAOEKauoe7kaeyFH43%YG.
--- END ENCRYPTED COMMENT ---
Store your mbox (or whatever) on an encrypted file system. Not perfect but easy.
"Oh no, not again"
Really simple, just use an encrypted file-system. Either in a partition or via loopback in a file (convinient for backuping).
Save, Simple, and you can use any email software you want.
-- Aji con Todo!
a few months back i decided i wanted to setup something similar. i wasnt after an email client that encrypted mailboxes, i wanted an encrypted backup of all email i recived. how i did this was edit my alias file for sendmail to send my mail to a perl script that appends stdin to my mbox, and sends it through a gpg and then to a seperate backup file. so it gets written to 2 places, one unecrypted for immediate viewing, and the other encrypted for long term archiving. if you want my script i can polish it up and send it to you, though you will proably have to modify it at least a little because parts of it are specific to my system.
-- free as in swatantryam - not soujanyam.
I never really gave it a second thought... Thanks for pointing that one out, now I have something else on my plate to worry about!
But seriously, if you are working on a Winbloze platform, I think that Pegasus stores the mail file in an encryped format - password protected at least - to keep people away. Not for sure on that one, but I will check. May not be heavy enough encryption to keep the Feds off your back, but it should keep the old lady or your less-than-saavy computer friends out. (Or in the case of some, your parents)
Ligaguinggligagiggagoogoogwillgo
Posted at a perfect time actually - lunch break coming up in this neck of the woods:) I quite like the fact that most stories seem to be posted during US day, as it means I can work hard all morning and only get sucked in to /. surfing for the afternoon. It sure increases my productivity level.
Evil nasty bad MS Outlook has had this ability for at least the last few versions (97 onwards I think).
Depending on how much grief other people reading your mail is going to cause (legal, or merely embarrassing), it's worth noting that several countries already have laws requiring you to give up the keys to your encrypted mail in certain situations, and others are considering similar laws.
"don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
I am no cryptographer, but one of the issues I have seen with this kind of a system is the fact that you can put fairly easy cribs in the messages themselves that weaken the encryption somewhat. For example, if the system keeps the mail headers, simply send emails with known strings, such as a long X-header, like
X-crack-this-poor-dope's encryption: SOMEVERYLONGSTRING.
The odds are, he'll never see it, and now you have a known cleartext string to look for.
I have got to say, an encrypted fileseystem is probably the best, as at least you don't know where you are supposed to be looking for this string, then.
True, it is encrypted. And true that the CIA uses Lotus Notes, so it obviously can pass the paranoia test. (Notes is one of the few systems where even mail administrators can't read your email.)
Where Lotus Notes breaks down in this situation is the certifier IDs. In LN, an administrator uses a "god" (or certifier) ID to create other IDs. That "god" ID can also go back and alter the IDs that it created (like to extend expirations, do name changes for marriage/divorce), which means that forgotten passwords can be unlocked.
So, using Lotus Notes will keep anyone who's not your boss, and anyone who's not the government, from reading your email.
There are other encryption keys that the end-user can create in Notes (the ID file can store several encryption keys in it, in different formats, so it's somewhat like a key manager), and they can use these for encryption, but these other keys are used to encrypt fields only, which means you'd have to write something that would take all the fields in your emails, and create new documents in your archive, and encrypt the fields along the way. (Simple, really, and it'd probably take me an afternoon to do.) The on-disk encryption is for the ID only (the one issued from the certifier), which means Bosses and Governments still can get it.
Oh, but Notes is reasonably stable running under WINE.
Brings me to one other bit. In the 4.x family of Notes, there were 3 encryption versions. 64-bit (U.S./Canada only, but strangely titled "North American" as if everything north of Panama isn't in North America), 40-bit (International), and this strange French version (unknown encryption, but the French Government didn't want any encryption, really, so it was even lower encryption).
The U.S. and International versions both used the same 64-bit encryption. However, the U.S. held 24-bits of the 64-bit international key in escrow. That, to me, means that the U.S. could crack 40-bit encryption back in the mid 1990's. In the newest release, the encryption level is higher (128?), and there's only one level for all distributions (I'll exclude France as I really don't know), but that's partly because of eased export laws on encryption, and partly because I think the Feds realize they can get around encryption.
If you have your own certifiers, and can digitally shred these as the Feds are knocking down your door with a search warrant in hand, then maybe it'd work.
If you're worried about something that could be used against you later, why keep it?
True, I don't like the idea of someone going back through years of email and reading private things. But maybe messages shouldn't be saved by default. And how often do we really go back through our old email for something? Not trolling here, but the majority of email I get isn't worthy of digital immortality.
At one of the client sites I consulted, they deleted all Inbox mail after 30 days, and had a 3-year maximum retention on everything else in the mail file. (To keep it past 30 days, you basically had to move it to another folder.) Sent mail was also deleted after 90 days, but you could override that, up to the 3 year max. (Contrast that with another site where SEC made them keep _everything_ for years and years.)
I gotta say, I love it. I've even tweaked my email client to ask me if I want to save a copy, for everything I send.
If you are planning on doing stuff you would rather not have extra evidence of later, don't talk about it over e-mail! If you are conspiring with other folk stupid enough to send incriminating information over e-mail, you have bigger problems to worry about. If you are already sending all your e-mail in an encrypted form, you simply need to keep the encrypted e-mails in the archive as well.
You could pretty easily do this with mutt and the compressed folders patch.
It allows you to specify a regex for a folder, and then operations for opening and closing. It wouldn't be that much different than using bzip2 or gzip on a folder.
You've been watching too many spy movies...
The issue most of us face isn't somebody actively snooping into our lives at all times, it's our boss taking a peek around our system to try to find some dirt. Nothing criminal, not even acting in bad faith, but a discussion of how much the VP looked like a drunk duck or a dancing Balmer at a "rally the troops" meeting would do nicely in damaging our image with senior management.
Of course the boss could ask IT to search the mail archives kept by the company, but then they would have dirt on him! Nope, much better to make a midnight raid and 'accidently' forward the incriminating message to the topic of discussion late some night....
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
1. Use IMAP instead of POP; this keeps the mail on the server.
2. set up an IMAP server on a box that you control, preferably at home. Put the server behind SSL.
3. When you want to archive an email, drag it over to your home server, and delete the original.
This assumes that you use an email client that can talk to multiple IMAP servers at once.
I have a B.A. in Geography, so, yeah, I tend to go for the geographic over the legal definitions.
Offtopic now, but about ten years ago, the media did one of their famed polls about how little adults know, and one of the results was how few people could name 3 countries in North America.
(I always love those polls where they ask adults something, then schools are forced to teach kids what the adults didn't know.)
Back to encryption, I should have added that once the Feds (or whomever has resources) has your Notes ID file, or your GPG/PGP private key file, then brute force attack becomes much easier. Lotus Notes uses PKI, with the ID file holding the private key, and the directory of Notes users holding the public key.
Having said that, I don't know if it was 56-bit DES, or what, but I do remember the password hash was stored in the ID file, and not the actual password (I think it was the MD5 checksum, but I don't think there was a salt used). I did do a diff on an international vs. a north american version, and only 5 files differed. 2 files each were only in one distribution, and a single DLL had differently named functions in it.
If you use pine or some other command line client, or really any client you could do this:
1. Save all your old mail to a file other than the default.
2. PGP encrypt that file.
3. It would be pretty simple to write a script to first decrypt the file with a password and then launch your mail reader to read old mail from that file.
I know its not elegant or the perfect solution but it is much simpler than writing a client todo it. I know a lot of people will be talking about encrypted filesystems. The problem with this, is that your root or user password is usually much shorter than your PGP passkey. The second problem is that not everyone owns the system thier mail is stored on, you have to consider that with systems such as IMAP your mail is stored in TWO places.
I've never even considered encrypting my old mail, this is a very good idea. Good luck in finding a more elegant solution, and if you do please post it here!
Use them all and it's on like a pot of grits. PGP4pine is a script that Pine calls (when it sees the PGP encryption header in the mail) PGP4pine then uses GnuPGP (or actually, any of many other encryption programs) to decrypt the message. Everything happens seemlessly (you can even set it up so that PGP4Pine automatically grabs public keys from sig files). Best thing is as far as Pine knows its just text, so the message gets stored encrypted, it's only decrypted when you want to read it or quote it.
Of course, this assumes you want to use PGP while sending and recieveing messages too (and why wouldn't you..)
Praise the Force Field! Praise the Laser Project! Slackware Loon #19830573
If you must, Emacs/XEmacs can be set up to automatically decrypt/encrypt on load/save, and that should work with any of the Emacs/XEmacs mail clients. The packages are crypt.el or jka-compr.
Of course, you could also just encrypt your old mail file. How often do you go through mail from 1998 anyway?
This Sig is a mnemonic device designed to allow you to recognize this author in the future.