Slashdot Mirror

← Back to Stories (view on slashdot.org)

Email Clients with Encrypted Archives?

Posted by Cliff on from the yet-another-cool-feature-idea dept.

jasonbrown asks: "If your like a lot of us, you want to keep all your good email for later viewing. Then again, who wants to have all that personal stuff laying around when some higher power decides to dig through it. I was wondering if the Slashdot community knows of any good, preferably linux compatible, email clients with an encrypted archive to keep your old email away from prying eyes."

12 of 49 comments (clear)

  1. re: Email Clients with Encrypted Archives? by zantrox · · Score: 5, Funny

    --- BEGIN ENCRYPTED COMMENT ---
    fk9aoeka89ok7aozeka.iKHAOEKauoe7kaeyFH43%YG. ;UEIM45fyh234P!H@#$p*Kx;ep986f 214%"DuoKOHKAuQqjp.ysa98kfokntab,.p',.ntdoi
    --- END ENCRYPTED COMMENT ---

  2. use the filesystem, luke by mclinc · · Score: 3, Informative

    Store your mbox (or whatever) on an encrypted file system. Not perfect but easy.

    --
    "Oh no, not again"
  3. Simple: Encrypt the filesystem. by Marijn · · Score: 5, Informative

    Really simple, just use an encrypted file-system. Either in a partition or via loopback in a file (convinient for backuping).

    Save, Simple, and you can use any email software you want.

    --
    -- Aji con Todo!
  4. my setup by Phork · · Score: 3, Interesting

    a few months back i decided i wanted to setup something similar. i wasnt after an email client that encrypted mailboxes, i wanted an encrypted backup of all email i recived. how i did this was edit my alias file for sendmail to send my mail to a perl script that appends stdin to my mbox, and sends it through a gpg and then to a seperate backup file. so it gets written to 2 places, one unecrypted for immediate viewing, and the other encrypted for long term archiving. if you want my script i can polish it up and send it to you, though you will proably have to modify it at least a little because parts of it are specific to my system.

    --
    -- free as in swatantryam - not soujanyam.
  5. Outlook by Howie · · Score: 4, Informative

    Evil nasty bad MS Outlook has had this ability for at least the last few versions (97 onwards I think).

    Depending on how much grief other people reading your mail is going to cause (legal, or merely embarrassing), it's worth noting that several countries already have laws requiring you to give up the keys to your encrypted mail in certain situations, and others are considering similar laws.

    --
    "don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
  6. Notes won't work, and here's why.... by scotpurl · · Score: 3, Interesting

    True, it is encrypted. And true that the CIA uses Lotus Notes, so it obviously can pass the paranoia test. (Notes is one of the few systems where even mail administrators can't read your email.)

    Where Lotus Notes breaks down in this situation is the certifier IDs. In LN, an administrator uses a "god" (or certifier) ID to create other IDs. That "god" ID can also go back and alter the IDs that it created (like to extend expirations, do name changes for marriage/divorce), which means that forgotten passwords can be unlocked.

    So, using Lotus Notes will keep anyone who's not your boss, and anyone who's not the government, from reading your email.

    There are other encryption keys that the end-user can create in Notes (the ID file can store several encryption keys in it, in different formats, so it's somewhat like a key manager), and they can use these for encryption, but these other keys are used to encrypt fields only, which means you'd have to write something that would take all the fields in your emails, and create new documents in your archive, and encrypt the fields along the way. (Simple, really, and it'd probably take me an afternoon to do.) The on-disk encryption is for the ID only (the one issued from the certifier), which means Bosses and Governments still can get it.

    Oh, but Notes is reasonably stable running under WINE.

    Brings me to one other bit. In the 4.x family of Notes, there were 3 encryption versions. 64-bit (U.S./Canada only, but strangely titled "North American" as if everything north of Panama isn't in North America), 40-bit (International), and this strange French version (unknown encryption, but the French Government didn't want any encryption, really, so it was even lower encryption).

    The U.S. and International versions both used the same 64-bit encryption. However, the U.S. held 24-bits of the 64-bit international key in escrow. That, to me, means that the U.S. could crack 40-bit encryption back in the mid 1990's. In the newest release, the encryption level is higher (128?), and there's only one level for all distributions (I'll exclude France as I really don't know), but that's partly because of eased export laws on encryption, and partly because I think the Feds realize they can get around encryption.

    If you have your own certifiers, and can digitally shred these as the Feds are knocking down your door with a search warrant in hand, then maybe it'd work.

  7. Back up a step. Why keep it? by scotpurl · · Score: 3, Interesting

    If you're worried about something that could be used against you later, why keep it?

    True, I don't like the idea of someone going back through years of email and reading private things. But maybe messages shouldn't be saved by default. And how often do we really go back through our old email for something? Not trolling here, but the majority of email I get isn't worthy of digital immortality.

    At one of the client sites I consulted, they deleted all Inbox mail after 30 days, and had a 3-year maximum retention on everything else in the mail file. (To keep it past 30 days, you basically had to move it to another folder.) Sent mail was also deleted after 90 days, but you could override that, up to the 3 year max. (Contrast that with another site where SEC made them keep _everything_ for years and years.)

    I gotta say, I love it. I've even tweaked my email client to ask me if I want to save a copy, for everything I send.

  8. useless by dutky · · Score: 4, Informative
    Unless the e-mail is encrypted during transmission there is little point in worrying about storing it on your local machine in an encrypted format. Since the transmission format is wide open you have to assume that it has already been captured and read by anyone interested in snooping around your life. If they already have copies of some of the clear text that resides in the encrypted archive, it will be child's play to find your encryption keys and decrypt the entire archive.


    If you are planning on doing stuff you would rather not have extra evidence of later, don't talk about it over e-mail! If you are conspiring with other folk stupid enough to send incriminating information over e-mail, you have bigger problems to worry about. If you are already sending all your e-mail in an encrypted form, you simply need to keep the encrypted e-mails in the archive as well.

    1. Re:useless by markj02 · · Score: 5, Insightful
      That's utter BS. There are plenty of reasons you may want to encrypt your E-mail archives even if it's transmitted in plain text. Perhaps you keep them on a laptop and worry about it getting stolen. Perhaps you use a secure VPN for getting your corporate mail and now want to secure the on-disk storage.

      Furthermore, for any reasonable cryptosystem, having even tons of plaintex and encrypted text available is not sufficient to recover the key.

  9. mutt by raulmazda · · Score: 3, Informative

    You could pretty easily do this with mutt and the compressed folders patch.

    It allows you to specify a regex for a folder, and then operations for opening and closing. It wouldn't be that much different than using bzip2 or gzip on a folder.

  10. Get a grip by coyote-san · · Score: 4, Insightful

    You've been watching too many spy movies...

    The issue most of us face isn't somebody actively snooping into our lives at all times, it's our boss taking a peek around our system to try to find some dirt. Nothing criminal, not even acting in bad faith, but a discussion of how much the VP looked like a drunk duck or a dancing Balmer at a "rally the troops" meeting would do nicely in damaging our image with senior management.

    Of course the boss could ask IT to search the mail archives kept by the company, but then they would have dirt on him! Nope, much better to make a midnight raid and 'accidently' forward the incriminating message to the topic of discussion late some night....

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  11. Re:Pretty easy cribs for this. by coyote-san · · Score: 3, Informative

    This is only a problem if they're using their own "very special" cryptography, e.g., the ever popular "xor with passphrase and a counter." For some odd reason that's used in several products -- and can be easily cracked with some commercial products.

    If the crypto was done right, the message was compressed and then encrypted in "chaining" mode with DES, 3DES, IDEA, AES, or a similar strong cipher. Having known plaintext won't help much in this case.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken