Need a little (in)sanity check re. Enigmail and public key encryption
I have Thunderbird/Enigmail/GPG installed and working on a Ubuntu 10.04 VM and a Windows 7 VM under VMWare. On the Ubuntu VM I have an account called "George" setup as the only email account. On the Win 7 VM I have a test account called "Zorro" as the only email account in Thunderbird. Both accounts point to actual email accounts on my ISP's email server. I will use these names in my examples below for brevity.
I created a key pair for each account on its respective VM and uploaded the public keys to pool.sks-keyservers.net. From the Win 7 VM Zorro sent an email from Zorro to George. Zorro signed the email. On the Ubuntu VM George received the email from Zorro and downloaded Zorro's public key to George's keyring. George then composed an email to Zorro using Zorro's public key, signed and encrypted the email. Back on Zorro's VM the second email was received and decrypted using Zorro's private key. So it looks like everything works as intended. -------------------- Now for the sanity check... I recall reading that an email encrypted with a public key can be decrypted ONLY by the recipient holding the corresponding private key. I found that when I looked at the encrypted email in George's Sent folder I was offered the opportunity to decrypt it - and yes I was able to decrypt it. Is this not contrary to the concepts of public key encryption? or does Enigmail perhaps encrypt the sent email using the sender's public key so that the sender can always view what they have sent? Second concern... before I put this in place on my production PC for my real email accounts... Suppose I have created my public/private key pair, published it to the key server and used the pair to exchange emails for a period of time. Thus I might have a number of emails in Thunderbird which are (were?) encrypted using my public key. I then have a need to generate a new key pair (say the original one was compromised). I revoke my original keys and begin to use the new ones. Will I still be able to read the old emails which I still have saved in Thunderbird? TIA, Ken |
Quote:
Quote:
|
Thanks tsg, I see the "Add my own key..." setting. Makes sense. As to "My own key(s)" - it looks like I need to keep any keys I have ever used in perpetuity - if I have received email with them. I have email files dating back to Netscape Communicator on Win NT 3.51 - I sort of never throw anything away :( Obviously I have a lot more to learn about Enigmail before I begin to use it for real.
I need to look for a way to decrypt an email which I receive and save it on the PC in plain text. I think that would make things easier. I could store the email files in Truecrypt if I was really paranoid. At the moment I am more concerned with the email while in transit. Thanks again, Ken p.s. I started on this encrypted email thing about 20 years ago. I encrypted a text file with pgp on DOS 3.11, copied the result into Banyan Vines mail, sent it to my co-worker in the next cube. He then extracted the cypher-text, put it in a text file, decrypted it with pgp and read the message. That was too much like work so I have sort of taken a hiatus over all these years :D |
Quote:
Quote:
Quote:
|
Thanks again tsg,
Not only would I need to keep the keys (historical an otherwise) but move them from OS version to version and machine to machine. I actually still have some dBase II files which were generated on my Osborne Executive running CP/M+. They have been migrated to DOS and are readable with a Windows VM using Visual FoxPro. If I type it in once, I DESPISE having to type it again! Quote:
I have used PGP to create encrypted files which can be mounted as drive letters in Windows for many years. Accessing archived data in this format is the main reason I have an XP VM setup on my Ubuntu 10.04 host. Before taking the opportunity for an EARLY early retirement from a Fortune 250 company in 2005 I was involved in some discussions re. setting up a public key server system for the purpose of signing engineering design documents. As I recall they were looking at some sort of Microsoft product. Microsoft - Security the ultimate oxymoron. Regardless of the product, corporate key management is something which needs a lot of thought before implementing. Especially if encryption is available to the users. Otherwise when an unhappy employee leaves... Best of luck with your implementation. Ken |
All times are GMT -5. The time now is 08:58 AM. |