Encrypting your e-mails to yourself using GnuPG

It has been a while since I dream of being able to send encrypted e-mail to everyone in my contact list. It is still a distant future, but fortunately it is getting closer with campaigns like the Reset the Net. And while I already send encrypted messages to a couple of friends, it is always good to discover (and share!) some configuration tips to make your life easy :-).

I use Gnus as my e-mail (and news!) reader for quite a while, and I can say it is a very nice piece of software (kudos to Lars and all the devs!). For those who are not aware, Gnus runs inside Emacs, which is a very nice operating system (and text editor also).

Emacs provides EasyPG for those who want to make use of cryptographic operations inside it, and Gnus also uses it to encrypt/decrypt the messages it handles. I am using it for my own messages, and it works like a charm. However, there was something that I had not had configured properly: the ability to read the encrypted messages that I was sending to my friends.

In a brief explanation, when you send an encrypted message GnuPG looks at the recipients of the message (i.e., the people that will receive it, listed in the “From:”, “Cc:” and “Bcc:” fields) and encrypts it according to each recipient's public key, which must be present in your local keyring. But when you send a message to someone, you are not (usually) present in the original recipients list, so GnuPG does not encrypt the message using your public key, and therefore you are unable to read the message later. In fact, this example can be used to illustrate how secure this system really is, when not even the sender can read his/her message again!

Anyway, this behavior was mostly unnoticed by me because I rarely look at my “Sent/” IMAP folder. Until today. And it kind of pissed me off, because I wanted to read what I wrote, damn it! So, after looking for a solution, I found a neat GnuPG setting called hidden-encrypt-to. It basically tells GnuPG to add a hidden recipient in every message it encrypts. So, all I had to do was to provide my key's ID and ask GnuPG to always encrypt the message to myself too.

You basically have to edit your $HOME/.gnupg/gpg.conf file and put this setting there:

hidden-encrypt-to KEY_ID

That's it. Now, whenever I send an encrypted message, GnuPG encrypts it for me as well, so I just need to go to my “Sent/” folder, and decrypt it to read.

I hope this tip helps you the same way it helped me!

Tags


Blogroll


I am also on




Legal matters


The following catch-all copyright notice and permission apply to all documents and postings in this blog that don't contain a copyright notice of their own, and whose copyright can be reasonably assumed to be held by Sergio Durigan Junior.

Copyright 2011-2016 Sergio Durigan Junior

Permission is granted to make and distribute verbatim copies of this entire document worldwide without royalty, provided the copyright notice, the document's official URL, and this permission notice are preserved.

The following licensing terms also apply to all documents and postings in this blog that don't contain a copyright notice of their own, or that contain a notice equivalent to the one above, and whose copyright can be reasonably assumed to be held by Sergio Durigan Junior.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.