[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] What about GnuPG's --hidden-recipient option as default for torbirdy?
I was thinking whether it could be a good idea to have the
option for GnuPG set in torbirdy by default? (if at all possible [*])
`man gpg2' says
-R Encrypt for user ID name, but hide the key ID of this userâs
key. This option helps to hide the receiver of the message and
is a limited countermeasure against traffic analysis. If this
option or --recipient is not specified, GnuPG asks for the user
ID unless --default-recipient is given.
I don't see why I should write the key used for encryption on the
envelope.. "They" already have the email address as "meta-data", so
there's no need to tell them which key was used.
- I have a key with some UIDs, but the key is used for other email
accounts, too, that are not publicly linked to the key. Then, I could
tell a good friend to use this email address (e.g. an address that makes
it difficult to guess who I am) with my key.
- I send someone an email but want to have the possibility to say that
the message was meant for someone else and I just confused the email
addresses (ok.. this is a weak argument)
When using the CLI and encrypting a normal file, the recipient/decrypter
$ gpg -a -t --encrypt -R 0x<KEYID> -o secret_message
$ gpg -o - secret_message
gpg: anonymous recipient; trying secret key <OTHER KEYID> ...
# passphrase for the default secret key asked
gpg: anonymous recipient; trying secret key <KEYID> ...
gpg: okay, we are the anonymous recipient.
gpg: encrypted with RSA key, ID 00000000
# plaintext secret message: hello world
the two secret keys tried are my signing/encryption subkeys. I assume
that someone with more secret keys with different passphrases will be
asked for pinentry some more times. That could be annoying if you have
plenty of keys...
After I added the switch to the Enigmail options, sending the email
failed because Enigmail added the '-R' too early
enigmail> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8
--no-emit-version --no-comments --display-charset utf-8
-R --batch --no-tty --status-fd 2 -a -t --encrypt -r 0x<KEYID> -u 0x<KEYID>
so maybe this is not an issue that can be solved from within torbirdy :(
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to