I've been tasked to monitor our user's usage of PGP keys (ie: how many emails are sent/received using PGP). How can I go about doing this? We all use Ubuntu and the Thunderbird email client and Postfix/Dovecot.
I believe the standard mail.log generated by postfix doesn't contain information about email content and it is impossible to determine whether an email was encrypted by Thunderbird.
We have an internal Ubuntu keyserver but I'm not sure where the logs are for that. Or maybe I could look at when the key was last accessed on a user's laptop in ~/.gnupg? Or look for the gpg-agent process?