2023-04-17 15:54:12 +00:00
|
|
|
---
|
|
|
|
date: 2014-06-08T00:00:00-05:00
|
|
|
|
title: "Encrypting your e-mails to yourself using GnuPG"
|
2023-04-18 16:16:48 +00:00
|
|
|
tags: [en_us, english, free-software, security, privacy, howto]
|
2023-04-17 15:54:12 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
It has been a while since I dream of being able to send encrypted e-mail
|
|
|
|
to everyone in my contact list. It is still a distant future, but
|
|
|
|
fortunately it is getting closer with campaigns like the [Reset the
|
|
|
|
Net](https://www.resetthenet.org/). And while I already send encrypted
|
|
|
|
messages to a couple of friends, it is always good to discover (and
|
|
|
|
share!) some configuration tips to make your life easy :-).
|
|
|
|
|
|
|
|
I use [Gnus](http://gnus.org/) as my e-mail (and news!) reader for quite
|
|
|
|
a while, and I can say it is a very nice piece of software (kudos to
|
|
|
|
Lars and all the devs!). For those who are not aware, Gnus runs inside
|
|
|
|
[Emacs](https://gnu.org/software/emacs/), which is a very nice operating
|
|
|
|
system (and text editor also).
|
|
|
|
|
|
|
|
Emacs provides
|
|
|
|
[EasyPG](https://www.gnu.org/software/emacs/manual/html_mono/epa.html)
|
|
|
|
for those who want to make use of cryptographic operations inside it,
|
|
|
|
and Gnus also uses it to encrypt/decrypt the messages it handles. I am
|
|
|
|
using it for my own messages, and it works like a charm. However, there
|
|
|
|
was something that I had not had configured properly: the ability to
|
|
|
|
read the encrypted messages that I was sending to my friends.
|
|
|
|
|
|
|
|
In a brief explanation, when you send an encrypted message GnuPG looks
|
|
|
|
at the recipients of the message (i.e., the people that will receive it,
|
|
|
|
listed in the “From:”, “Cc:” and “Bcc:” fields) and encrypts it
|
|
|
|
according to each recipient's public key, which must be present in your
|
|
|
|
local keyring. But when you send a message to someone, you are not
|
|
|
|
(usually) present in the original recipients list, so GnuPG does not
|
|
|
|
encrypt the message using your public key, and therefore you are unable
|
|
|
|
to read the message later. In fact, this example can be used to
|
|
|
|
illustrate how secure this system really is, when not even the sender
|
|
|
|
can read his/her message again!
|
|
|
|
|
|
|
|
Anyway, this behavior was mostly unnoticed by me because I rarely look
|
|
|
|
at my “Sent/” IMAP folder. Until today. And it kind of pissed me off,
|
|
|
|
because I wanted to read what I wrote, damn it! So, after looking for a
|
|
|
|
solution, I found a neat GnuPG setting called `hidden-encrypt-to`. It
|
|
|
|
basically tells GnuPG to add a hidden recipient in every message it
|
|
|
|
encrypts. So, all I had to do was to provide my key's ID and ask GnuPG
|
|
|
|
to always encrypt the message to myself too.
|
|
|
|
|
|
|
|
You basically have to edit your `$HOME/.gnupg/gpg.conf` file and put
|
|
|
|
this setting there:
|
|
|
|
|
2024-02-25 21:07:05 +00:00
|
|
|
```console
|
|
|
|
hidden-encrypt-to ID
|
|
|
|
```
|
2023-04-17 15:54:12 +00:00
|
|
|
|
|
|
|
That's it. Now, whenever I send an encrypted message, GnuPG encrypts it
|
|
|
|
for me as well, so I just need to go to my “Sent/” folder, and decrypt
|
|
|
|
it to read.
|
|
|
|
|
|
|
|
I hope this tip helps you the same way it helped me!
|