After the concerns arising from the latest reveals i think that would be a very good option in enigmail just:
download
check for encryption if not encrypt with assigned key for email account
upload encrypted result
delete plain text email.
Options should follow
per imap folder
per email
per mailbox
all the above can be like filters in Thunderbird possibilities are limitless!!!
i don't have the experience in Thunderbird extension or else it should not be so difficult to deploy. i'm sure this will be handy for many people.
cheers
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Enigmail does not provide functionality to encrypt EXISTING (received, sent, archived) messages, see [bugs:#6]. If[bugs:#1] is solved, then maybe that feature will come, too. Although it is non trivial what a user should expect the message being encrypted to, then.
Since Bug #1 is fixed now, how are the chances of getting this feature done?
Some Webmail Services like Posteo or Mailbox.org offer a similiar feature that encrypts all mail you receive automatically with your public key.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What should this feature help for? The mails in the mailbox were already sent in cleartext and an adversary could have read them on the way, e.g. the mail service provider could have made a non encrypted copy on arrival. That makes an encryption after arrival senseless in my eyes.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is a very narrow window of opportunity for an attacker to steal emails while they are on the wire. It is certainly possible, and in an ideal world all emails will be encrypted end-to-end, which is what Enigmail is for.
However, many people do not use GPG, and send private emails and require that I send them unencrypted emails (by refusing to use GPG).
In my mind, the chance of an email provider (Google) or a government agency reading your existing emails from the server is actually a real and distinct threat separate from those individuals grabbing emails on the wire.
bugs:#1 addressed something similar and is fixed now. I use it frequently to decrypt emails that are not very private that I send with GPG anyway just because I believe all email should be encrypted end-to-end. I decrypt them because I don't care about my email provider or a government agent reading them, and I want full text search.
The counter-point is equally important in my opinion. I have emails that have been sent to me that are very private. I want to keep them as secure as possible, but I want to keep them on the email server for future access. By encrypting them to my own key, that can be accomplished. No one with access to the email server can get them ever again without compromising my private key first.
While this is far from ideal security, we should not allow the best to be the enemy of the good. There is still a lot of value to encrypting email on the server after receipt.
The ideal solution would be a button that is present on all unencrypted emails that says 'Encrypt' and encrypts the email to the user's private key. Similarly, a button present on all encrypted emails to 'Decrypt Permanently' would be nice. That later part is possible now, but it is slightly cumbersome as filters must be used. Better than nothing though.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
stressing the "could have".
Not necessarily you were the target of curious network administrators or secret service agencies at the time the emails in your mailbox were sent, it is quite possible that you became intresting later on.
So if the archive gets encrypted between these two points in time there is less interesting information to hand over for the mailprovider.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That would be a nice feature indeed.
An additional usecase could be to re-encrypt received mails, that were encrypted using an old gpg key. Currently you can't remove the revoked/expired key from your keyring without losing access to the emails that have been encrypted with that key.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This would be a useful feature for me. I hope the developers get the time and incentive to enable it. Also, thanks for your previous work in the development of enigmail.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was wondering if it would be possible to add a feature that would encrypt existing email?
It logic would be as follows;
1. Fetch mail from mailbox
2. Encrypt
3. Delete clear email from mailbox
4. Upload encrypted version to mailbox
The goal here is for example to protect against someone getting unauthorised access to your gmail.
I'm considering writing it up as a stand alone tool using VMIME and GPG.
Thoughts?
The Thunderbird infrastructure should allow for such functionality, however, this is currently not possible with Enigmail.
After the concerns arising from the latest reveals i think that would be a very good option in enigmail just:
download
check for encryption if not encrypt with assigned key for email account
upload encrypted result
delete plain text email.
Options should follow
per imap folder
per email
per mailbox
all the above can be like filters in Thunderbird possibilities are limitless!!!
i don't have the experience in Thunderbird extension or else it should not be so difficult to deploy. i'm sure this will be handy for many people.
cheers
Hai
I have like to encrypt my existing IMAP boxes.please help me to do the same
It is very important for me please friends help me
Enigmail does not provide functionality to encrypt EXISTING (received, sent, archived) messages, see [bugs:#6]. If [bugs:#1] is solved, then maybe that feature will come, too. Although it is non trivial what a user should expect the message being encrypted to, then.
Related
Bugs:
#1Bugs:
#6Last edit: Olav Seyfarth 2014-08-23
Since Bug #1 is fixed now, how are the chances of getting this feature done?
Some Webmail Services like Posteo or Mailbox.org offer a similiar feature that encrypts all mail you receive automatically with your public key.
What should this feature help for? The mails in the mailbox were already sent in cleartext and an adversary could have read them on the way, e.g. the mail service provider could have made a non encrypted copy on arrival. That makes an encryption after arrival senseless in my eyes.
There is a very narrow window of opportunity for an attacker to steal emails while they are on the wire. It is certainly possible, and in an ideal world all emails will be encrypted end-to-end, which is what Enigmail is for.
However, many people do not use GPG, and send private emails and require that I send them unencrypted emails (by refusing to use GPG).
In my mind, the chance of an email provider (Google) or a government agency reading your existing emails from the server is actually a real and distinct threat separate from those individuals grabbing emails on the wire.
bugs:#1 addressed something similar and is fixed now. I use it frequently to decrypt emails that are not very private that I send with GPG anyway just because I believe all email should be encrypted end-to-end. I decrypt them because I don't care about my email provider or a government agent reading them, and I want full text search.
The counter-point is equally important in my opinion. I have emails that have been sent to me that are very private. I want to keep them as secure as possible, but I want to keep them on the email server for future access. By encrypting them to my own key, that can be accomplished. No one with access to the email server can get them ever again without compromising my private key first.
While this is far from ideal security, we should not allow the best to be the enemy of the good. There is still a lot of value to encrypting email on the server after receipt.
The ideal solution would be a button that is present on all unencrypted emails that says 'Encrypt' and encrypts the email to the user's private key. Similarly, a button present on all encrypted emails to 'Decrypt Permanently' would be nice. That later part is possible now, but it is slightly cumbersome as filters must be used. Better than nothing though.
stressing the "could have".
Not necessarily you were the target of curious network administrators or secret service agencies at the time the emails in your mailbox were sent, it is quite possible that you became intresting later on.
So if the archive gets encrypted between these two points in time there is less interesting information to hand over for the mailprovider.
That would be a nice feature indeed.
An additional usecase could be to re-encrypt received mails, that were encrypted using an old gpg key. Currently you can't remove the revoked/expired key from your keyring without losing access to the emails that have been encrypted with that key.
This would be a useful feature for me. I hope the developers get the time and incentive to enable it. Also, thanks for your previous work in the development of enigmail.