On Wed, Dec 08, 2010 at 11:35:07PM +0100, Francesco de Virgilio wrote: > Hi guys, > this time I've a question devoted to paranoic privacy settings with > mutt. My machine configuration: > > - Ubuntu 10.10 > - /home encrypted with ecryptfs > - /tmp is a directory clearly readable by anyone having access to my hard > disk > > Question: when I decrypt a message sent to me using GPG, is it > immediately printed on the standard output (my shell) or is a _decrypted_ > copy created in /tmp and deleted after closing the message? > > If the latter hypothesis is correct, and considering that /tmp is not > encrypted, anyone physically removing my HD could in theory bring back > a copy of deleted messages using a recovery software from my > filesystem. > > If so, I've to > > A) encrypt my /tmp dir > B) set mutt to wipe temporary copies of decrypted messages > > Cheers, > -- > Francesco de Virgilio > *Ubuntu-it team member* > mailto:frad...@ubuntu-it.org > http://wiki.ubuntu-it.org/FrancescoDeVirgilio > *Wikimedia projects contributor* > http://en.wikipedia.org/wiki/User:Fradeve11 > *OpenStreetMap Mapper* > http://www.openstreetmap.org/user/Fradeve11 > *Blog* > http://www.fradeve.org > "Love - Peace - Freedom - Free Software"
You could try setting $TMP or $TMPDIR (which mutt may or may not respect) to a directory like $HOME/tmp, which is already encrypted. Of note, if you encrypt your /tmp directory, you might as well do the same to your swap file/partition. -- Brandon
