I’ve been playing around with GPG in Outlook for a few days now. It seems I can encrypt emails by default, or I can sign emails by default, but I can’t tell it to “encrypt emails if you have a private key for the recipient, otherwise sign them”.
Is this correct? If it’s not what am I doing wrong?
This use case it entirely new to me.
What work flow does it reflect?
Is this really usual?
I want to encrypt messages if possible to protect my privacy, but even more than that I don’t want the really secret stuff to be conspicuous. If I only sent one message a year that was encrypted, it would have to be a very interesting email. By encrypting boring stuff, my secret stuff is less of a target.
I want to sign messages I can’t encrypt so people know the message is authentic, but also so people know I use PGP, and so people have a record of my public key.
Suppose someone wanted to use a man-in-the-middle attack to impersonate me. They intercept my message, copy the body of them email and sign it with a different key. To the recipient it looks authentic and it looks secure because the email is signed. Again if the recipient downloads a key (which isn’t really my key) and checks the signature against it, it still looks secure. The impersonator wins.
But if I’d been corresponding with the person for the past 3 years, and signing all the messages, I would have a long paper trail of using a different key. Assuming the person saved the correspondence and checked the false key against the old messages, it would be evident that the message was being signed with someone else’s key.
In brief, it means anyone who wants to impersonate me needs to start doing so well in advance, and that greatly complicates any impersonation attempt.