Protection mail at rest

Simon Josefsson simon at
Wed Jun 4 10:24:15 EDT 2008

Victor Duchovni <Victor.Duchovni at> writes:

> On Tue, Jun 03, 2008 at 04:37:20PM -0400, Eric Cronin wrote:
>> On Jun 3, 2008, at 11:51 AM, Adam Aviv wrote:
>> >Depending on the level of protection you want, you could just add a
>> >script to your .forward to encrypt your email before delivery using
>> >PGP/GPG. However, this will leave the headers in the clear, so you
>> >will likely want to create an entirely new envelope for the message
>> >with the original message encrypted as the body or an attachment.
>> Does anybody have a recipe for this first mode handy?  plain text e- 
>> mails seem simple enough, but there needs to be a bit of MIME  
>> unwrapping and rewrapping to correctly handle attachments so that the  
>> client sees/decrypts them correctly I think.  I've searched from time  
>> to time and never found a good HowTo...
> S/MIME supports enveloped MIME objects, if PGP does not work out for MIME
> entities, you could try that. S/MIME is natively supported in Thunderbird,
> Apple Mail, and similar MUAs.

Actually, PGP/MIME uses the same high-level mechanism to wrap MIME
objects as S/MIME does:

The PGP/MIME description is in:

Specification wise both should work equally well, but implementation
quality may differ.

What is often overlooked is that the e-mail envelope (including the
Subject: header field) is not protected or even encrypted under RFC 3156
unless you forward the entire e-mail as a message/rfc822 MIME part
within the PGP/MIME (or S/MIME) message.  Interoperability of that has
historically been poor, but the more modern MUAs should handle it today.

Writing a .forward proxy that wraps incoming e-mails into PGP/MIME
encrypted message/rfc822 attachments should be simple, probably simpler
than PGP/MIME wrapping all the individual MIME parts in the incoming


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list