More Secure Email

General discussions and other topics.
3 posts Page 1 of 1
by dja » Sat Dec 24, 2011 10:44 pm
I was doing a bit of procmail hacking and came up with a recipe for encrypting all incoming messages so that the original sender would not have to know a thing about encryption, but that the messages would be encrypted anyways.

This could be helpful in an enterprise situation where your employees are checking their email on their mobile devices and you have a natural concern over the security over that device (Granted this does not protect your sent items folder as this setup assumes that your recipients do not have a way to decrypt your message and therefor your outgoing messages are not encrypted, If you find a way to remove sent items from the device, then you're even better off).

This could also be helpful if you're concerned about privacy and you've been paying attention to data-retention legislation. If your email is encrypted before being delivered to your inbox, there are no copies laying around that are in the clear. These are step by step instrucitons....

First, if you don't have shell access enabled and you have any type of network connectivity or hosting from Sonic.net, give Sonic.net a call and ask that they enable shell access.

Second, go ahead and login through ssh, once logged in go ahead and run the command "gpg --gen-key". This will take you through the steps of creating a gpg private public key pair. Doing it on the shell server, because this is a multi-user system, will give you the advantage of having a much larger entropy pool.....

Once you have your key created, run the command "gpg --list-pub", this will show you your public keys. Each public key will output three lines, one line starts with the word pub, the second item in this line is a pair of identifiers for the key... you're interested in the second number. This number will be the id number of your public key. Write this down.

Next, you're going to edit/create your .procmailrc file, in this file, you'll place the lines:

:0 H
* ^Subject:.*
{
:0 fb
| gpg --batch --quiet --always-trust -a -e -r <place your public key id here>
}

This file needs to be placed in your home directory. This setup will only work for the main account, there are ways to do this for sub-accounts, but you'll have to check Sonic's support pages for the proper way to do this.

Anybody who reads this post who actually knows procmail will definitely be able to tell me a better way to do this, but this is more for the people who don't know procmail or gpg and, yet, want privacy in their inbox.

Once you have your key created and you've created your .procmailrc file, you'll want to import your private key into your mail reader. Mac Mail, Thunderbird, K-9 mail, and others have good support for pgp or gpg encryption. You will need to find a way to transfer your private key from the server to whatever machine you plan on using to check your email. I suggest using scp, but if you're on a windows machine, ftp will suffice. Once you have the key on your local machine, importing it into your mail reader will be implementation specific and therefor may require a simple Google search to find a quick tutorial.

I gotta say, once I figured out how to do this, I was pretty stoked. I mean, how many email providers will let you encrypt your email before it's delivered to your mailbox?! This is very cool, being able to keep your email more secure and free from privacy intrusions by unexpected parites... Way to go Sonic!

This posting was only intended to provide a very basic guide on how to make your email more secure/private, there may be some difficulties that arise in getting this setup. If you need some help in getting this setup, please leave a comment. I'll be checking back often. Thanks!
by dane » Sat Dec 24, 2011 10:47 pm
Neat idea. What are you using for your email client to allow for decryption of the encrypted stored messages?

-Dane
Dane Jasper
Sonic
by dja » Sat Dec 24, 2011 10:58 pm
On my Android, I'm using APG in combination with K-9 mail. On my laptop, I'm using Thunderbird with OpenPGP. Both of them seem to work pretty nicely. One of the nice features of K-9 mail is that it allows you to set a timeout on the cache of your passphrase, by configuring it to use as small a time as possible it provides for more security. You could check your messages, immediately lose your phone, and not have to worry about your messages being readable by anyone who may have picked up your phone.

BTW, after checking out the man pages for procmailrc, it appears that you can actually get by with just the following lines in your .procmailrc file.

:0 fb
| gpg --batch --quiet --always-trust -a -e -r <key id>
3 posts Page 1 of 1

Who is online

In total there are 25 users online :: 0 registered, 0 hidden and 25 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 25 guests