Subj : Re: Anyone using PGP/GPG in here?
To   : StackFault
From : Vk3jed
Date : Fri Nov 09 2018 09:44 am

-=> On 11-08-18 07:15, StackFault wrote to Vk3jed <=-

 St> Protecting the keys is the biggest challenge, using a good passphrase
 St> can surely help but it's more like a second stage.

Yep. :)

 St> I didn't know the offline mail files were encrypted, I tought it was
 St> just a database of some sort (which is not plaintext) but could be
 St> accessed pretty easily if you have the specifications.

Well, if you're processing GPG encrypted messages, then they will be encrypted
until you decrypt them.  If your decryption setup is built into an offline
reader, then the decryption takes place when you read the message locally, so
it's still encrypted at all point in transit.

 St> You are touching another very point, which is temp files. On most
 St> systems these are writtent in publicly available folders and most
 St> developpers don't use the right permissions, allowing anyone to read
 St> from them...

 St> Sometimes, we focus our attention at the wrong place...

Yes, that is a real issue.  Setting diurectory permissions properly will help a
lot, and that can be easily done on both Windows and Linux (and Mac as well). 
Ideally, the file's permissions should be set accordingly too, but that depends
on the developer.


.... Why does pizza get to your house faster than the police?
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
 * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

.