Need a little (in)sanity check re. Enigmail and public key encryption
 

I have Thunderbird/Enigmail/GPG installed and working on a Ubuntu 10.04 VM and a Windows 7 VM under VMWare. On the Ubuntu VM I have an account called "George" setup as the only email account. On the Win 7 VM I have a test account called "Zorro" as the only email account in Thunderbird. Both accounts point to actual email accounts on my ISP's email server. I will use these names in my examples below for brevity.

I created a key pair for each account on its respective VM and uploaded the public keys to pool.sks-keyservers.net.

From the Win 7 VM Zorro sent an email from Zorro to George. Zorro signed the email.

On the Ubuntu VM George received the email from Zorro and downloaded Zorro's public key to George's keyring.

George then composed an email to Zorro using Zorro's public key, signed and encrypted the email.

Back on Zorro's VM the second email was received and decrypted using Zorro's private key. So it looks like everything works as intended.
--------------------
Now for the sanity check... I recall reading that an email encrypted with a public key can be decrypted ONLY by the recipient holding the corresponding private key. I found that when I looked at the encrypted email in George's Sent folder I was offered the opportunity to decrypt it - and yes I was able to decrypt it. Is this not contrary to the concepts of public key encryption? or does Enigmail perhaps encrypt the sent email using the sender's public key so that the sender can always view what they have sent?

Second concern... before I put this in place on my production PC for my real email accounts... Suppose I have created my public/private key pair, published it to the key server and used the pair to exchange emails for a period of time. Thus I might have a number of emails in Thunderbird which are (were?) encrypted using my public key. I then have a need to generate a new key pair (say the original one was compromised). I revoke my original keys and begin to use the new ones. Will I still be able to read the old emails which I still have saved in Thunderbird?

TIA,

Ken

I believe this is the default for Enigmail. You can turn it off on the Sending tab in preferences ("Add my own key to the recipients list") but it would mean you wouldn't be able to read anything you've encrypted to someone else.

Yes. Enigmail should warn you that the key has been revoked, but it will still decrypt the message.

Thanks tsg, I see the "Add my own key..." setting. Makes sense. As to "My own key(s)" - it looks like I need to keep any keys I have ever used in perpetuity - if I have received email with them. I have email files dating back to Netscape Communicator on Win NT 3.51 - I sort of never throw anything away :( Obviously I have a lot more to learn about Enigmail before I begin to use it for real.

I need to look for a way to decrypt an email which I receive and save it on the PC in plain text. I think that would make things easier. I could store the email files in Truecrypt if I was really paranoid. At the moment I am more concerned with the email while in transit.

Thanks again,

Ken

p.s. I started on this encrypted email thing about 20 years ago. I encrypted a text file with pgp on DOS 3.11, copied the result into Banyan Vines mail, sent it to my co-worker in the next cube. He then extracted the cypher-text, put it in a text file, decrypted it with pgp and read the message. That was too much like work so I have sort of taken a hiatus over all these years :D

That comes under the heading of data retention policy. If you're keeping the emails, obviously you need to keep the keys to read them with. The PGP keyring is largely transparent, so it really isn't too much of an inconvenience to hang on to old keys.

Enigmail has a "Save decrypted message" function in the menu. From there you can re-encrypt it with your new key if you don't want to save it as plaintext. Or you could get rid of your old email ;^)


Not quite as long, but I generated my first key pair in 1995 to sign posts to usenet(!) because someone was impersonating me. I still have it. I'm trying to get PGP working in the office more for being able to verify the sender rather than for security, but once I have one the rest will follow. What I am currently dealing with is making sure that any encrypted emails sent out are also encrypted with the company key so that we can read them.

Thanks again tsg,

Not only would I need to keep the keys (historical an otherwise) but move them from OS version to version and machine to machine. I actually still have some dBase II files which were generated on my Osborne Executive running CP/M+. They have been migrated to DOS and are readable with a Windows VM using Visual FoxPro. If I type it in once, I DESPISE having to type it again!

sound like what I want. I will poke around and see if that can be made the default.

I have used PGP to create encrypted files which can be mounted as drive letters in Windows for many years. Accessing archived data in this format is the main reason I have an XP VM setup on my Ubuntu 10.04 host.

Before taking the opportunity for an EARLY early retirement from a Fortune 250 company in 2005 I was involved in some discussions re. setting up a public key server system for the purpose of signing engineering design documents. As I recall they were looking at some sort of Microsoft product. Microsoft - Security the ultimate oxymoron. Regardless of the product, corporate key management is something which needs a lot of thought before implementing. Especially if encryption is available to the users. Otherwise when an unhappy employee leaves... Best of luck with your implementation.

Ken