blog/content/posts/gnupg-encrypt-to-self.md

57 lines
2.7 KiB
Markdown

---
date: 2014-06-08T00:00:00-05:00
title: "Encrypting your e-mails to yourself using GnuPG"
tags: [en_us, english, free-software, security, privacy, howto]
---
It has been a while since I dream of being able to send encrypted e-mail
to everyone in my contact list. It is still a distant future, but
fortunately it is getting closer with campaigns like the [Reset the
Net](https://www.resetthenet.org/). And while I already send encrypted
messages to a couple of friends, it is always good to discover (and
share!) some configuration tips to make your life easy :-).
I use [Gnus](http://gnus.org/) as my e-mail (and news!) reader for quite
a while, and I can say it is a very nice piece of software (kudos to
Lars and all the devs!). For those who are not aware, Gnus runs inside
[Emacs](https://gnu.org/software/emacs/), which is a very nice operating
system (and text editor also).
Emacs provides
[EasyPG](https://www.gnu.org/software/emacs/manual/html_mono/epa.html)
for those who want to make use of cryptographic operations inside it,
and Gnus also uses it to encrypt/decrypt the messages it handles. I am
using it for my own messages, and it works like a charm. However, there
was something that I had not had configured properly: the ability to
read the encrypted messages that I was sending to my friends.
In a brief explanation, when you send an encrypted message GnuPG looks
at the recipients of the message (i.e., the people that will receive it,
listed in the “From:”, “Cc:” and “Bcc:” fields) and encrypts it
according to each recipient's public key, which must be present in your
local keyring. But when you send a message to someone, you are not
(usually) present in the original recipients list, so GnuPG does not
encrypt the message using your public key, and therefore you are unable
to read the message later. In fact, this example can be used to
illustrate how secure this system really is, when not even the sender
can read his/her message again!
Anyway, this behavior was mostly unnoticed by me because I rarely look
at my “Sent/” IMAP folder. Until today. And it kind of pissed me off,
because I wanted to read what I wrote, damn it! So, after looking for a
solution, I found a neat GnuPG setting called `hidden-encrypt-to`. It
basically tells GnuPG to add a hidden recipient in every message it
encrypts. So, all I had to do was to provide my key's ID and ask GnuPG
to always encrypt the message to myself too.
You basically have to edit your `$HOME/.gnupg/gpg.conf` file and put
this setting there:
#!bash
hidden-encrypt-to ID
That's it. Now, whenever I send an encrypted message, GnuPG encrypts it
for me as well, so I just need to go to my “Sent/” folder, and decrypt
it to read.
I hope this tip helps you the same way it helped me!