Encryption "Persistence".
Hi
My question will give this away anyway but I'm new to this and trying hard to get my head around it all.
My query concerns the "persistence" of encryption, the fact that once an email (in Mac Mail) has been decrypted it stays that way. It just seems sort of strange that if I close the messages, close mail, close GPG Keychain and then come back to the mailbox and re-open the mail message it is there to be read in it's unencrypted form.
I'm sure this is supposed to be what happens but I just thought, in my ignorance, that without PGP Keychain being open and the keys "available" the message would remain encrypted and hidden. Or are the keys just "available" to the system and decrypt the message whether or not GPG Keychain is open?
Just kind of confusing to a new user but I want to stick with this and really get properly to grips with it if I can.
Thank you for your help.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 03 Dec, 2018 10:23 PM
Hi Quentin,
any data related to your keys or GnuPG configuration is stored in
~/.gnupg
. GPG Keychain is only a graphical user interface to administrate your keys, but doesn't control access to your keys. So whether GPG Keychain is running or not does not influence any encryption or decryption processes.in order to decrypt a message, access to the secret key is necessary. If the secret key is protected with a passphrase, which it is in most cases, in two scenarios the message can be automatically decrypted without asking the user for their password/passphrase:
If 1 is configured, you will never be asked for your passphrase in order to decrypt messages (except the first time, so the passphrase can be stored in macOS Keychain)
If you want to be asked for your passphrase periodically disable the keychain option in
System Preferences › GPG Suite › General
. If you always want to be asked for your passphrase, make sure to also set the cache time to 0.Hope that helps.
2 Posted by Quentin on 04 Dec, 2018 05:14 PM
Luke Le
Thank you for your reply which has indeed been very helpful, I'm much clearer now.
Quentin.
Steve closed this discussion on 04 Dec, 2018 05:15 PM.