On Wed, Nov 3, 2010 at 11:55 AM, Hassan Schroeder < hassan.schroeder at gmail.com> wrote: > On Wed, Nov 3, 2010 at 8:47 AM, Joel D Canfield <joel at bizba6.com> wrote: > > > We didn't decrypt the emails themselves; nothing was left in email form > > other than the encrypted data. Once it's offline, it's no more or less > > vulnerable than anything else, methinks. > > OK, so how did the end user see the unencrypted data then? Just > curious about the process, as I've never fiddled with encrypting mail. two options: data to be offloaded and stored came as attachments, moved offline and decrypted there data as email content was, in fact, decrypted on the fly, but it's more of a 'looking inside the archive' concept, not actually removing the shell around the nut. so, forwarded, it was still decrypted. it's five years with zero hands-on time with the tool, so my memories are a mite fuzzy, but I've got notes should it ever interest you enough for me to dig them up.