encryption negotiation like pidgin-otr but for email

August 20, 2008

Dear LazyWeb,

I’ve recently been using pidgin-otr a lot and I have to say, I love it. The setup is straightforward, I’ve watched the XMPP as it goes and I feel pretty good that google can’t see my stuff. Yay.

However, it makes me want to have a similar feature for evolution or tbird. Something so I can say “send this person an email and confirm encrytped communication between us”

I did some searching and I found nothing.

Any thoughts?

13 Responses to “encryption negotiation like pidgin-otr but for email”

  1. Thruhike98 Says:

    Oh, when you write “OTR” you mean “Off the Record.”
    I went another direction with that acronym and wasn’t sure why one would want _that_ in an instant messenger. 😉

    Cool feature. Thanks for the tip.

  2. Onkar Says:

    Can you please explain is OTR for IM is different from GPG for email?

  3. Jochen Says:

    Yes, you might check GPG or S/MIME. I prefere S/MIME with a certificat from thawte.com. They have a good interface and their certificats are more accepted, but you can use whatever you want.

    You can find more infos here:
    http://en.wikipedia.org/wiki/S/MIME

  4. greg Says:

    i think you guys are missing out on the ease of setup part of the question. almost anyone can install and use OTR, including non-techies. GPG is still a techie thing. Having to get a cert from thawte is still a techie thing. I agree w/ him completely, easily utilized encrypted e-mail would be amazing. But at this point in time, the techie factor practically kills the ability to use it with all your contacts.

    One of the big problems (and its the same problem as with IM) is synching your keys across multiple clients. Web clients would be an issue as well cause storing your private key on your provider’s server removes one of the reasons you want it encrypted.

  5. Stephen Smoogen Says:

    Well one of the factors with OTR is that it doesn’t encrypt your local keys. Thats part of the ease of using it. It also does some stuff to see if your contact has OTR set up. So for email it would require the following:

    EMAIL 1: Albert to Betty email 1
    do you have OTR-EMAIL. Here is my public key.
    EMAIL 2: Betty to Albert
    yes, here is my public key
    EMAIL 3: Albert to Betty
    here is my OTR-EMAIL
    EMAIL 4: Betty to Albert
    here is my reply.

    Of course if the person does not have OTR, you are going to get things like this:

    EMAIL 5: Betty to Albert
    can you send me your key again.. I just reinstalled and cant ready your old email.

    EMAIL FROM VP JOE:
    WHY ARE YOU SPAMMING ME EVERYTIME YOU SEND ME EMAIL!#!#!#
    WHY THE FU do I need OTR crap? I just want to know the budget numbers

    EMAIL FROM SPAMMER:
    Do you want viagra!? And thanks for using OTR-EMAIL. Your spam software cant read it so I don’t have to use V 1 A g r 4 any more… oh by the way, I just sent your private key to my .ru site because its unencrypted and you are using Tbirt-OTR which had a buffer overflow.. you might want to fix that…

  6. Peter Says:

    I am using pgp for email all the time. It goes like this: A user sends me an email which is signed with his key, I review the key (basically ask him is this your key ?) and add it, then I can send an encrypted email because I have the public key and I can sign it with my key so he can have mine public key and also send me encrypted emails.
    It is very nicely integrated with evolution – you just select from the menu Security – encrypt with PGP / sign with PGP. Also seahorse is now part of the Gnome desktop (I think) and it allows very easy creation of your own key and management of other ppl public keys.


  7. […] will begin Saved by sadashiv on Thu 18-12-2008 OTR 8-11-08 Saved by satyatdr on Sun 14-12-2008 encryption negotiation like pidgin-otr but for email Saved by thiago701 on Sat 13-12-2008 7th Annual Allen Cognitive Symposium – Boston 2008 Saved by […]


  8. […] – bookmarked by 1 members originally found by kapo1999 on 2008-12-16 encryption negotiation like pidgin-otr but for email https://skvidal.wordpress.com/2008/08/20/encryption-negotiation-like-pidgin-otr-but-for-email/ – […]

  9. sushiosoyum Says:

    I love Pidgin+OTR! Sadly only 2 of my 40 or so contacts use OTR😦 If you’d like to add me, AIM SN —> sushiosoyum. I also use GnuPG/Enigmail and my address is sushiosoyum[at]gmail[dot]com.

  10. Nikola M. Says:

    Be smart!
    Use Mozilla Thunderbird/Seamonkey with OpenPGP addon (Enigmail.mozdev.org) and instal gpg from gpg.org
    It Very easy to import, export, make, publish, sign and revoke certificates and manage them from built in GUI.

    You can encrypt your mail messages in a way that will make it unable to any casual observer to monitor your conversations and e-mail exchange.

    Moreover, Thunderbird, Seamonkey, GPG and Enigmail are all Open source, free of charge, free software and are MULTIPLATFORM, available on Any mainstream OS you may think of (MS Windows, Linux -distrowatch.org-, *BSD and (Open)Solaris/OpenIndiana)
    E.G. You can trasfer your GPG/PGP keys, mail and news archives, settings etc, from one software platform to another, too.
    Use it.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: