save decrypded incoming and outgoing messages in clear?

[owl77]

Hi!

I'd like to encrypt messages to protect them 'on wire' - i.e. wile they are being sent through the Internet. But I would like (have an option) to save them locally unencrypted. I rely on disk encryption software to protect 'data at rest'.

Scenario: an encrypted message arrives. I decrypt it just once, for the first time. It's saved to my inbox unencrypted and I don't have to decrypt it again and again every time I happen to look at it. Also when I send emails I'd like to encrypt it but I'd like it to be saved in 'Sent' folder unencrypted.

I'd also like an instrument that would allow me to run through all or some locally saved messages in a batch decrypting and saving them in clear.

Main goal that I'm seeking- to be able to run search command over sent and received emails, which becomes impossible if emails are saved encrypted. And I really don't see much sense saving them locally in encrypted form, once my hard drive is encrypted.

I would still like (to have option) to save the same emails encrypted 'in the cloud'. For example, I'd be happy to keep stuff encrypted in online Gmail folders but decrypted in my locally-saved Thunderbird folders.

Can I achieve any of this with current Thunderbird and Enigmail (for Mac)? Is it something on developers roadmap? Could you recommend any (open-source GPL) software that can do this?

I recall It was possible with PGP Desktop, but it lived as something like an locally installed email-proxy which I understand is different from current Enigmail being an add-on.

Thank you!

[Rob]

Enigmail tends to get used in one of two ways: POP mail or IMAP mail.
In POP mail your email gets delivered to your local computer, which
means that if you check your email from another computer you won't see
it. In IMAP mail your email gets delivered to your email server and
stays there, which means that you can check your email from any computer
anywhere in the world.

We'd have to dive down deep into Thunderbird's internals and change the
way Thunderbird handles POP and IMAP. This would mean big changes to
the Thunderbird code, as opposed to what we like to do, which is leave
Thunderbird alone and do all of our stuff entirely within Enigmail.

So it's theoretically possible, but it would require a lot of work and
our changes would have to be accepted/adopted by upstream Thunderbird.
For that reason, we think it's not practical to do it right now and
we've got no plans to implement it. Sorry. :(

[Patrick Brunschwig]

You can use filter-rules to permanently decrypt mails. In Thunderbird 31, this is only automatically possible for received messages, and manually for any stored messages. Thunderbird 38 will add the ability to apply filters to sent messages (after they were sent). This should allow you to store decrypted copies of anything you send/receive.

[owl77]

Hello! Thanks for your replies, really.

2 Patrick:
This can be a great "short cut". But could you please explain in a bit more 'step-by-step' way how I can set up these filter-rules? I'm relatively new to Thunderbird. Thank you!

[Patrick Brunschwig]

Menu Tools > Message Filters, then click on "New ..."

You need to specify something to identify the message (e.g. Date greater than 01/01/1970) and you need to define an action.

For the action, choose "Decrypt permanently (Enigmail)" or "Create decrypted copy (Enigmail)" and define a target folder where the decrypted mails shall be stored.

[owl77]

I tried to do that. It seems to be quite close to what I wanted, so thanks again for the hint. But I faced a few problems.

1. while creating filter/rules Enigmail gives a warning when I select 'Decrypt permanently' action that it can permanently damage or destroy my email. And suggests I should use 'Create decrypted copy' instead. Which I did. Is 'Decrypt permanently' really dangerous? Can it damage emails that are being left on the server (I use Gmail and IMAP) or just those locally saved?

I used 'Body contains BEGIN PGP MESSAGE' identification rule and 'Create decrypted copy in Inbox' action.

1. I ran the filter manually on my Inbox folder. A few messages that were received encrypted were added with decrypted copy. Cool! But most of the times even shortest encrypted messages with a few lines of text and no attachments were converted into messages of giant size. I don't know how I can see the size but it's huge. It takes minutes for Thunderbird to load and show them. When I try to view Message source I can see that the message body begins with what should be decrypted (but it's still encrypted) and then there go different unconnected, unrelated, encrypted and not encrypted messages concatenated to the first one. It's virtually endless- I never could scroll to the end of it. So now I have to find those giants and delete them manually.

So manual filter run on Inbox folder failed, essentially.

1. It seems that when a new encrypted message arrives the filter does not catch it. I have to select the encrypted message and run the rule on it manually. Then it's done. But creating a decrypted copy automatically fails.

Is there anything I can do to make it work as desired? I'm afraid I do need help on this.

Thanks a lot.

P.S. I thought that it would be convenient to have a button - just next to 'reply' and 'reply to all' etc. by pressing which one can permanently decrypt (or create decrypted copy of) the message and its attachments. Just like when I run the filters/rules on the selected message(s), but just one click away.

[owl77]

Here comes another "cool feature" connected with creating decrypted copies. I got encrypted message (the first one on the screenshots below, displayed encrypted). Using "run filter/rule on selected messages" I created decrypted copy. It's the second one on the screenshots below. It's supposed to be decrypted but in the preview window it's still shown ENCRYPTED! However if I select both messages (as displayed on the third screenshot) and look at the preview (on the right) I'll see portion of the first message encrypted followed by portion of the second message - but here it will be DECRYPTED.

Anything I'm doing wrong here? Thanks