tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/73-autosaveGPGTools: Discussion 2017-09-14T12:15:05Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/117133842011-11-28T12:18:54Z2011-11-28T12:18:55Zautosave<div><p>Hi,</p>
<p>i have a question concerning the security of decrypted files
(email or otherwise) sadly i'm no computer expert myself, so i'll
bother y'all with this. Recently i heard a story about people who
did use encryption for their emails, but where the authorities did
get access to their communication due to the fact that their
computer made copies (some autosave function) of files worked on,
when decrypted. Something similar happens when someone sneds me an
encrypted email with attachement. When i open the attachment (from
a decrypted email) it gets saved on my desktop in decrypted state,
and stays that way. Normally i'd like to use something like
truecrypt to encrypt my whole disk, but, alas, that's not possible
with macs so how do i make sure my encrypted files and emails, are
not stored somewhere in decrypted state?<br>
thanx a lot in advance</p></div>teuntag:gpgtools.tenderapp.com,2011-11-04:Comment/117133842011-11-28T17:27:46Z2011-11-28T17:27:46Zautosave<div><blockquote>
<p>that's not possible with macs</p>
</blockquote>
<p>I think you might want to have a look at <a href=
"http://en.wikipedia.org/wiki/FileVault">http://en.wikipedia.org/wiki/FileVault</a>.</p></div>Alextag:gpgtools.tenderapp.com,2011-11-04:Comment/117133842011-11-28T18:22:59Z2011-11-28T18:22:59Zautosave<div><p>hi alex,</p>
<p>thanx for your reply. I know of filevault, yes. However,
there's<br>
apparently some stuff aboout it that make it's workings less
dependable<br>
than either gpg or truecrypt (i read). The main question remains
as<br>
well: if i decrypt emails/files are they then stored somewhere<br>
unencrypted, by some autosave function? If so, there would always
be a<br>
need for something like filevault and truecrypt and gpg for local
file<br>
storage would have no purpose? Or am i wrong?</p>
<p>thnx a lot</p>
<p>Op 28-11-11 18:27, Alex (via GPGTools) schreef:</p></div>teun *tag:gpgtools.tenderapp.com,2011-11-04:Comment/117133842011-11-29T07:36:40Z2011-11-29T07:37:25Zautosave<div><blockquote>
<p>there's apparently some stuff aboout it that make it's workings
less dependable</p>
</blockquote>
<p>No, I don't think so.</p>
<blockquote>
<p>if i decrypt emails/files are they then stored somewhere
unencrypted</p>
</blockquote>
<p>Mails: I guess not (@Lukas?). Files/Attachments: at least when
you decrypt and open them with another application - but you can
configure to delete them in Mail.app ("Remove unedited downloads").
But deleted files are still on your harddrive so you must securely
delete the files.</p>
<p>Again: I suggest you to use FileVault for your scenario.</p></div>Alextag:gpgtools.tenderapp.com,2011-11-04:Comment/117133842011-11-29T10:17:53Z2011-11-29T10:17:53Zautosave<div><p>Mails are only decrypted and in cache and there decrypted
content is not stored anywhere.<br>
If you create a new mail yourself though and choose to encrypt it,
the automatic save function of Mail.app will save your draft every
few minutes or so. These drafts are NOT encrypted. There is however
an option in the GPGMail settings to even encrypt the drafts, then
you're good again.</p>
<p>But as Alex already said, Filevault is the best option I think
for what you're trying to do</p></div>Luke Le