1

From my research I have found out that you can easily send encrypted messages to one another using Enigmail.

If first I encrypted a file,then attached it to an email, sending it through Enigmail to a recipient who was also using Enigmail.

When the recipient clicked on the file to open it, would its contents be decrypted?

Kōdo no musō-ka
  • 315
  • 4
  • 11
  • This isn't the correct way to use `Enigmail`. `Enigmail` will encrypt the full content of an E-mail including any format of attachment. – dan Mar 16 '16 at 14:31

2 Answers2

3

If you decide to send an attachment over with Enigmail install on Thunderbird, you are prompted to encrypt the attached file using Enigmail, which would then be decrypted once the recipient decrypts the email using Enigmail.

If you decide to encrypt that attachment on your own, and then attach and encrypt and send it using Enigmail, then no, Enigmail will only be able to decrypt it as deep as it's own encryption goes; Enigmail isn't able to automatically decrypt files encrypted by other means outside of Enigmail. Your recipient would still be left with an encrypted file after downloading the attachment (eg. putting a locked box inside of a locked box).

WorseDoughnut
  • 761
  • 5
  • 18
  • What if the file was encrypted using GPG before hand.Then an individual attaches it to Enigmail? – Kōdo no musō-ka Mar 16 '16 at 15:13
  • @Kōdonomusō-ka from what I can tell, unless it was signed with the same key that Enigmail used to encrypt the email (which would defeat the purpose of encrypting it prior to attaching it), Enigmail won't automatically decrypt it. – WorseDoughnut Mar 16 '16 at 15:18
  • So is this correct, If Bob and Alice regularly exchange encrypted emails. Alice puts files on a server encrypted with her public key. An attacker gets access to the encrypted file. An attacker gets access to Bobs computer. The attacker sends Alices file to Bob, The attacker opens up the attachment on Bobs machine. It will have been decrypted? – Kōdo no musō-ka Mar 16 '16 at 15:25
  • @Kōdo no musō-ka: Not at all. To decrypt Alices's files, the attacker would need the private key of Alice. – dan Mar 16 '16 at 21:51
2

Enigmail is based on GnuPG, and encrypts attached files automatically. The recipient can decrypt the file with their private key.

The Enigmail wiki has some information to check your configuration.

Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
  • What if the attached file encrypted using GPG with the public key of someone in your contacts list, was found, already encrypted on a server, And then you sent it through Enigmail, would the recipient still be able to read it? – Kōdo no musō-ka Mar 16 '16 at 15:18
  • @Kōdonomusō-ka: yes, if the recipient has the key to decrypt the file. – Benoit Esnard Mar 16 '16 at 15:47