Encryption "Persistence".

Quentin's Avatar

Quentin

28 Nov, 2018 12:25 AM

Hi

My question will give this away anyway but I'm new to this and trying hard to get my head around it all.

My query concerns the "persistence" of encryption, the fact that once an email (in Mac Mail) has been decrypted it stays that way. It just seems sort of strange that if I close the messages, close mail, close GPG Keychain and then come back to the mailbox and re-open the mail message it is there to be read in it's unencrypted form.

I'm sure this is supposed to be what happens but I just thought, in my ignorance, that without PGP Keychain being open and the keys "available" the message would remain encrypted and hidden. Or are the keys just "available" to the system and decrypt the message whether or not GPG Keychain is open?

Just kind of confusing to a new user but I want to stick with this and really get properly to grips with it if I can.

Thank you for your help.

  1. Support Staff 1 Posted by Luke Le on 03 Dec, 2018 10:23 PM

    Luke Le's Avatar

    Hi Quentin,

    any data related to your keys or GnuPG configuration is stored in ~/.gnupg. GPG Keychain is only a graphical user interface to administrate your keys, but doesn't control access to your keys. So whether GPG Keychain is running or not does not influence any encryption or decryption processes.
    in order to decrypt a message, access to the secret key is necessary. If the secret key is protected with a passphrase, which it is in most cases, in two scenarios the message can be automatically decrypted without asking the user for their password/passphrase:

    1. The passphrase is stored in macOS Keychain. This is the default setting.
    2. The passphrase is stored in the local cache of GnuPG (more precisely gpg-agent)

    If 1 is configured, you will never be asked for your passphrase in order to decrypt messages (except the first time, so the passphrase can be stored in macOS Keychain)

    If you want to be asked for your passphrase periodically disable the keychain option in System Preferences › GPG Suite › General. If you always want to be asked for your passphrase, make sure to also set the cache time to 0.

    Hope that helps.

  2. 2 Posted by Quentin on 04 Dec, 2018 05:14 PM

    Quentin's Avatar

    Luke Le

    Thank you for your reply which has indeed been very helpful, I'm much clearer now.

    Quentin.

  3. Steve closed this discussion on 04 Dec, 2018 05:15 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac