Encrypting your e-mails to yourself using GnuPG

Table of Contents

It has been a while since I dream of being able to send encrypted e-mail to everyone in my contact list. It is still a distant future, but fortunately it is getting closer with campaigns like the Reset the Net. And while I already send encrypted messages to a couple of friends, it is always good to discover (and share!) some configuration tips to make your life easy :-).

I use Gnus as my e-mail (and news!) reader for quite a while, and I can say it is a very nice piece of software (kudos to Lars and all the devs!). For those who are not aware, Gnus runs inside Emacs, which is a very nice operating system (and text editor also).

Emacs provides EasyPG for those who want to make use of cryptographic operations inside it, and Gnus also uses it to encrypt/decrypt the messages it handles. I am using it for my own messages, and it works like a charm. However, there was something that I had not had configured properly: the ability to read the encrypted messages that I was sending to my friends.

In a brief explanation, when you send an encrypted message GnuPG looks at the recipients of the message (i.e., the people that will receive it, listed in the “From:”, “Cc:” and “Bcc:” fields) and encrypts it according to each recipient’s public key, which must be present in your local keyring. But when you send a message to someone, you are not (usually) present in the original recipients list, so GnuPG does not encrypt the message using your public key, and therefore you are unable to read the message later. In fact, this example can be used to illustrate how secure this system really is, when not even the sender can read his/her message again!

Anyway, this behavior was mostly unnoticed by me because I rarely look at my “Sent/” IMAP folder. Until today. And it kind of pissed me off, because I wanted to read what I wrote, damn it! So, after looking for a solution, I found a neat GnuPG setting called hidden-encrypt-to. It basically tells GnuPG to add a hidden recipient in every message it encrypts. So, all I had to do was to provide my key’s ID and ask GnuPG to always encrypt the message to myself too.

You basically have to edit your $HOME/.gnupg/gpg.conf file and put this setting there:

hidden-encrypt-to ID

That’s it. Now, whenever I send an encrypted message, GnuPG encrypts it for me as well, so I just need to go to my “Sent/” folder, and decrypt it to read.

I hope this tip helps you the same way it helped me!

Have a comment? Start a discussion in my public inbox by sending an email to ~sergiodj/public-inbox@lists.sr.ht [mailing list etiquette], or see existing discussions.