snappymail icon indicating copy to clipboard operation
snappymail copied to clipboard

Published 20 hours ago verified publisher icon the-djmaze

Auto decrypt mail

Open celogeek opened this issue 2 years ago • 6 comments
trafficstars

Is your feature request related to a problem? Please describe. When I open a crypted message, I need to click on Decrypt to see it. For example on ProtonMail, the message is decrypted, and I have an icon to tell me that's a crypted and signed message.

Describe the solution you'd like Can we have an option to automatically decrypt encrypted mail ?

celogeek avatar May 29 '23 07:05 celogeek

SnappyMail didn't store decrypt passwords, but the latest version should with the "remember option". When you use that, you don't fill in your password each time.

However, since we forget to lock our computer when we walk away. Someone can now decrypt your messages instantly and read them. Since the security is gone now, your request could be implemented when password is remembered.

the-djmaze avatar May 30 '23 12:05 the-djmaze

Indeed, if the password is remember, it will save a click on each message.

  • You see it once
  • click on decrypt
  • fill your password with remember
  • then each other encrypted message are automatically decrypted

Also what I observe on ProtonMail for example, is that the gpg key used for encryption looks like to be the one for connecting to your account. So if you can log in, then as all email are encrypted with your password, you can access to them. They are all encrypted.

celogeek avatar May 30 '23 12:05 celogeek

Perhaps this behavour should be an option? If so, it could be included in the Security Settings as a simple set of radio buttons (with the default being the current behaviour of requiring the user to click on "Decrypt" first since this should be regarded as a more secure practice):

Automatic decryption in message reader: (_) Yes / (X) No (recommended)

randolf avatar Jul 14 '23 02:07 randolf

The PGP key is store in memory after you seize it once. So I'm not sure automatic decryption is less secure as anyone can just click on decrypt.

It may be useful to loose it after a delay of inactivity instead. So you have to reenter it.

celogeek avatar Jul 14 '23 13:07 celogeek

It may be useful to loose it after a delay of inactivity

I've added a delay of 15 minutes inactivity.

Any kind of activity (sign, decrypt, export) resets the timer to 15 minutes.

Auto-decrypt could be feasible now.

the-djmaze avatar Mar 18 '24 13:03 the-djmaze

I would like to invite you also discussing the hardcoded value of 15 minutes here: #1545

I totally get that security should be taken seriously here but having a non-customizable value of 15 minutes leads to other issues like having to enter the PGP password almost every time you want to send and sign an email (which most likely happens more often than decrypting mails).

codiflow avatar Apr 23 '24 16:04 codiflow