Decrypt once and save permanetly on local disk
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
I am new to Engimail. Each time I decrypt a message I have to enter my password. I want to decrypt once and the decrypted message is saved permanently on local disk. I will search and read it later on without keys.
How to do that?
I see suggestions using Thunderbird filter, but without step by step instructions. A native solution by Enigmail would be the best.
There is no need to leave the messages encrypted: a decrypted message is as good as plaintext messages. The user could encrypt the whole thuderbird profile if needed. Obviously with the current approach encrypted messages are not searchable and processable.
Thank you!
Last edit: Bob 2020-06-23
There is no direct method to do that, as that's not how Enigmail is intended to work.
A workaround would be to set up a filter rule that decrypts messages permanently. You can define that incoming messages as automatically decrypted upon arrival.
OK, thank you, I suspected so.
The threat model for most people is such that permanent decryption would make sense. You want to keep the emails private from anyone operating outside the computer -- hence the term end-to-end. Encryption on local disk is the job of a diferent tool with symmetric encryption (eg, AES 256).
Daily use of encryption becomes rather impractical with the current approach (to focus on messages one at a time).
Any link to a robust filter definition for this task? I am afraid I will leave out some messages encrypted.
By automatic decryption I suppose you mean automatically decrypt and save? It would still need user's attention to enter the password (which might be on an external hardware token and unavailable other than for the first time).
Thanks for this excellent tool!
Last edit: Bob 2020-06-23
You can apply the filter rule for every mail. If the mail is not encrypted or cannot be decrypted, it will be skipped. Thus something like "Date > 1970-01-01" should work.
Thanks! It works well!
One comments for those who might check later: when defining a filter, if you forget to change the default folder which is on the mail provider's server, and run the filter, all encrypted emails will be decrypted on the server. You could create a local folder.
If you have too many encrypted emails, the key is better be available on the local machine than a Yubikey or KMS.