(*** This bug was imported into bugs.kde.org ***) Package: kmail Version: KDE 2.2.1 Severity: wishlist Installed from: SuSE RPMs Compiler: Not Specified OS: Linux OS/Compiler notes: Not Specified hi. eudora has the feature to store received pgp-encrypted messages in non-encrypted form. this helps to search the messages for something. that would be a nice feature. ciao p. (Submitted via bugs.kde.org)
Actually, for security reasons the messages should be always stored in encrypted form (if, for instance, your entire partition is encrypted, any data is still readable/available while the partition is "unencrypted", e.g. while the system is running, so storing messages in encrypted form is a good idea). However, the search engine could ask for the passphrase and decrypt each message on the fly, even though this takes longer. It doesn't make much sense to store the message encrypted (original format) *and* unencrypted just to enable the search. You could then just skip the storing in encrypted form altogether.
The PGP crypto plug-in allows you to store email in unencrypted form. Does this solve your problem? Whether or not encrypted messages should also be stored encrypted is a matter of someones security needs and/or policy. Displaying an encrypted message might also reveal it to third parties and printing might even be very risky as well. It all depends. For example messages could be kept encrypted on the imap server while the local copies are decrypted. In a similar setup an index for searching could be stored locally, while the actual messages remain encrypted. Personally, I would like to have all the three configurable on a folder by folder bases: - store the messages in decrypted form (local and remote) - store the messages in decrypted form locally, but leave them decrypted on the server - keep the messages decrypted As already said, local searching can be implemented without the need for storing the messages in decrypted form (see also http://bugs.kde.org/show_bug.cgi?id=46058) - tom
*** Bug 62953 has been marked as a duplicate of this bug. ***
I want KMail to decrypt mails on the fly when I search for text strings in my mails.
*** Bug 46058 has been marked as a duplicate of this bug. ***
This is largely equivalent to bug "Bug 28261: Option to save decrypted GPG email unencrypted locally." http://bugs.kde.org/show_bug.cgi?id=28261
This is not like bug 28261, because I don't want kmail to store my mails unencrypted, but decrypt them on the fly when searching
*** Bug 80061 has been marked as a duplicate of this bug. ***
Is it possible to seach encrypted mail with kmail from KDE 3.3? A lot of my mails encrypted, so I'd really like to see this feature.
Just installed KDE 3.3 which includes KMail 1.7 - it's still not possible to find text in encrypted mails. ):
I wish, too, to be able to search in encrypted mails without storing them decrypted on the disk ! This is simply logic ! As part of the AEgypten project, KMail should render encryption management seamlessly easy !
Any news about this feature? I just tested with KMail 1.7.2, it's still not possible.
Well, I disagree. It does not make any sense at all to store mails encrypted with gpg. This "envelope encryption" is designed for mail transfer not for mail storage. If you want to have local encryption that this is easily achieved by different tools (encrypted partitions, encrypted folder). If kmail stored encrypted mails in unencrypted form, then there wouldn't be any search problem at all. People that are security sensitive generally use encrypted partitions anyway (as I do for example). To store mails gpg encrypted adds lots of overhead when reading or searching through them without any additional security benefit.
> To store mails gpg encrypted adds lots of > overhead when reading or searching through them without any additional > security benefit. My home directory is encrypted. Of course it's nearly always mounted. In this case gpg makes a difference since it forms an additional layer of security. In my opinion, wishes #28261 and #34681 are both legitimate.
I don't really care. My home partition is crypted and thats secure enough for me. I just want to search the mails ;-)
But you do realize, that your crypted partition is vulnerable during the time it's in use? (i.e. for root-kits or trojaners, even a hacked ssh login) So in my opinion there should be any option(if not already existing) that let the user choose between: [ ] store encrypted mails encrypted [ ] store encrypted mails unencrypted The first one wouldn't support search, the last one would.
The user needs the option. And it should also work, when I "Save As" eMails to a normal folder. I found out, I can't do anything with emails I stored, when they still are encrypted. I think the user must have the possibility to decide. If I want to index eMails or process them with different tools, I must be able to strip away the encryption. Otherwise at a given time the eMail will be very safe (nobody will access it ever again, least myself) For long time archivation storing things with the encryption is not feasible. Enterprise strength archivation needs to strip the encryption away too (because most people will not have the keys, the historians and auditors certainly not.
Switching product to kmail2
(In reply to comment #13) > Well, I disagree. It does not make any sense at all to store mails encrypted > with gpg. This "envelope encryption" is designed for mail transfer not for > mail storage. If you want to have local encryption that this is easily > achieved by different tools (encrypted partitions, encrypted folder). > > If kmail stored encrypted mails in unencrypted form, then there wouldn't be > any search problem at all. > > People that are security sensitive generally use encrypted partitions anyway > (as I do for example). To store mails gpg encrypted adds lots of overhead > when reading or searching through them without any additional security > benefit. This is perfectly reasonable. On the local machine, GPG encryption doesn't add much security besides the passphrase, if the private key is stored locally, which usually is the case. Still, there are a few cases where the user might want to have a decision. So while Akonadi should cache GPG encrypted mails in encrypted form by default, caching them decrypted should be an option. Wouldn't add an option to remote store the decrypted messages, though. As this would significantly ease up searching PGP encrypted mails, I mark Bug #28261 as blocking this one.