[Blue Sky]

Hi,

I've seen a few posts dated quite a few years ago, for instance:

http://forums.mozillazine.org/viewtopic.php?f=30&t=123444&p=770920&hilit=search+encrypted#p770920
http://forums.mozillazine.org/viewtopic.php?f=30&t=106164&p=679753&hilit=search+encrypted#p679753

The admins encouraged me to open a new thread instead of posting into long dead ones. Here I am.

1. Is there any way to search through encrypted mails bodies?
2. Is there any way to activate encryption of the address book?

If not:

Could anybody recommend a client (Linux and Windows) with those features?
(Ideally they should also work when the involved gpg key is stored in a smartcard like Yubikeys, without continually asking to type the passphrase or to touch the button on the key.)

[tanstaafl]

1. Not at the moment. They seem to be considering whether to eventually add the option to store unencrypted copies of messages locally so that they can be searched etc..

a) You could run manually a script that copies the encrypted messages, decrypts them using gpg and stores them locally outside of the profile. Use a separate search tool with those messages. It might be easier if your account used maildir (essentially stores each message as a .eml file) rather than mbox (stores all of the messages for a folder in one 7-bit plain text file) to store messages.

If you need to integrate it with Thunderbird install a local IMAP server, upload the decrypted messages to it and have Thunderbird connect to it.

Some of that is much easier to do under Linux due to better tools being available. But if you want a solution that runs under both Linux and Windows the Windows Subsystem for Linux (WSL2) now even supports graphical applications. So using it to run Linux applications would be easier and less risky than using Cygwin. WSL2 supports installing Ubuntu.

b) Another possibility might be to copy the encrypted messages to a ProtonMail account. "The ProtonMail Bridge is an application that runs on your computer in the background and seamlessly encrypts and decrypts your mail as it enters and leaves your computer. It allows for full integration of your ProtonMail account with any program that supports IMAP and SMTP such as Microsoft Outlook, Mozilla Thunderbird and Apple Mail."

I suggest you start with https://protonmail.com/bridge/thunderbird and https://protonmail.com/support/knowledg ... l-account/ to see if its possible.

2. Not that I'm aware of.

a) Why not just store your profile in a encrypted password protected container like VeraCrypt? VeraCrypt is easy to use and seems to be the best replacement for TrueCrypt

b) Another possibility is to use something like CardDAV to store contacts remotely and not keep a local copy.

c) There is built-in support for using a LDAP server rather than the *.mab address books (or the *.sqlite file in version 78 and later).

Are you just concerned about preventing somebody else from being to read the contacts stored in a file, or do you also care about somebody using your copy of Thunderbird to view the contacts (and possibly exporting a copy as a .csv file)?

[Blue Sky]

Hi tanstaafl,

Thanks a lot for taking the time to elaborate, your post if full of nice info I didn't have.

In the meantime I've found this client, now in release candidate 6 for their version 1.0, my first impression is very good, you might want to share thoughts if you test it:

https://www.mailpile.is/

They seem to be considering whether to eventually add the option to store unencrypted copies of messages locally so that they can be searched etc..

That can be done manually at the moment, right mouse button and "decrypt to folder".

You could run manually a script that copies the encrypted messages, decrypts them using gpg and stores them locally outside of the profile. Use a separate search tool [...]

Cool idea.

[...] Some of that is much easier to do under Linux due to better tools being available. [...]

Totally agreed.

[...]the Windows Subsystem for Linux (WSL2) [...]

Thanks, I didn't know about that, I've probably booted Windows six-seven times in the last five years (abandoning Windows software I paid some bucks for, I've become decidedly a Linux lover and Windows hater, more since Windows 10 is out and even more since Gates has started with his delirium about DNA-modifying vaccines and quantum dots).

(So, Microsoft builds a Linux kernel to add support for Linux binaries. Well... most of their servers run on Linux, too.)

Why not just store your profile in a encrypted password protected container [...]

That's probably the simplest thing you mention. And keep decrypting to folder as one receives emails.
It would be already a very nice step, although when the volume is mounted other processes might access it (maybe in Linux it could be mitigated by creating a special group).

[...] copy the encrypted messages to a ProtonMail account [...]

ProtonMail: maybe in that case one would directly use a ProtonMail account into which receive messages, or maybe Tutanota?

[...] Are you just concerned [...]

I'm helping a friend who's in a non profit group, which is why I asked about Linux and Windows.

[tanstaafl]

Tutanota doesn't have anything like the ProtonMail Bridge, so it doesn't support anything but webmail and its own apps.

I used to keep an eye on MailPile (I thought they were doing some stuff Thunderbird should consider mimicking) but stopped because its progress was agonizing slow. It initially claimed to have a team but quickly became a one man show. It still doesn't have any release for Windows. Oauth2 support for Gmail has been broken since June according to their Issue list.

The MailPile architecture is interesting but since its a one man show it seems pretty risky to me. They never managed to hire the Windows and OSX developers they posted jobs for. I suspect the project doesn't have a large enough revenue stream to support more than Bjarni.

If Thunderbird doesn't meet your needs some of the suggestions I made could be done with other email clients. Perhaps Claws Mail. See https://www.claws-mail.org/plugin.php?plugin=gpg