Encryption for lazy users?

Encryption for lazy users?

Post by Jorgen Gra » Thu, 09 Jul 2009 06:37:07

First, let me admit that I haven't RTFM on this recently. I did a few
years ago, but couldn't find anything really useful.

The thing is this: I already use Mutt with GnuPG to sign all the mails
I send (except to recipients who get confused very easily and/or use
extremely obsolete mail readers). But I also want to encrypt it in
order to avoid the scary monitoring which has become so popular with
governments in the past few years.

But I also want:

- My own Fcc: copies of mails I send should be stored in plaintext
(preferably still signed, and with some indication that I sent it
encrypted). I trust my local user account to be safe from snooping.

Reason: ease of use, searching my sent mails, not losing the
data if I lose my secret key

- When I receive encrypted mail and have decrypted it for reading,
there should be a simple command "remove the encryption from this mail
in the mailbox". If the contents isn't really sensitive, I'll do this
when I've read the mail.

Reason: same as above -- ease of use. Too much effort wading through
encrypted mails.

Is there a simple way to accomplish this? Where should I RTFM?

I don't really care that this is less secure than storing the mails
encrypted, because the only realistic alternative for me is to send
and receive all my mail in plaintext -- which is /a lot/ less secure
than either!


// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .

Encryption for lazy users?

Post by Rocco Rutt » Thu, 09 Jul 2009 21:26:05

* Jorgen Grahn <grahn+ XXXX@XXXXX.COM >:

Why do you think people help you when you show little to no effort

You should read it at:


This is for the latest devel version, but mostly applies to older
versions, too. And this has changed _a_ _lot_ for the better.

For issue #1, you'll find $fcc_clear, for #2 see decode-copy and
decode-save, macros and mailbox shortcuts (to automate it).



Encryption for lazy users?

Post by Jorgen Gra » Fri, 10 Jul 2009 05:33:54

I don't know. Because they see I had put an effort into stating the
problem? Because they want to see more people use OpenPGP? For fun?

I'm old enough not to /demand/ help on Usenet. I appreciate it when I
get it though -- so thanks!

Thanks. I knew about that one, but was under the impression that it
had been deprecated or removed some years ago. Maybe I confuse it
with when I tried to encrypt to the recipient /and/ myself.

It does work, but (at least in mutt 1.5.13) leaves no traces of the
signing or encryption in the FCC copy. I'd prefer to know if and how
I signed/encrypted a mail I sent. (The interface for deleted
attachments is an example of this done well -- you can clearly see
that there was something there, and that you yourself deleted it

I might try to write a patch which at least adds an X-something:
header for that.

That was actually one reason I didn't bother with the manual. Having a
brief reference is one thing, but talking to real people who have
created, tested and used a real solution for themselves is something
quite different.

The manual has exactly this to say about those two commands:

<decode-copy> make decoded (text/plain) copy
<decode-save> make decoded copy (text/plain) and delete

And it's not enough -- the manual uses the word "decode" for pure
MIME-related operations too, so it is far from clear that it has to do
with encryption. I wouldn't have guessed it.

Also, it doesn't solve my problem. When I tried decode-save, it
discarded the image/jpeg attachment I had, and in another case some
headers (X-Original-To, Delivered-To, Received, ...) got lost.
I wouldn't want to use it on anything valuable, especially not without
documented behavior.

So, I guess mutt/PGP users currently store their received encrypted
mail as they receive it, i.e. encrypted.


// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .