[kmail2] [Bug 335117] Information leak when using GPG on Bcc recipients
Sandro Knauß
bugzilla_noreply at kde.org
Tue Jan 23 10:48:35 GMT 2018
https://bugs.kde.org/show_bug.cgi?id=335117
Sandro Knauß <sknauss at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WAITINGFORINFO
Status|CONFIRMED |NEEDSINFO
CC| |sknauss at kde.org
--- Comment #5 from Sandro Knauß <sknauss at kde.org> ---
At least for me, I can't reproduce it with 17.08.3, but it is fixed for longer.
I used BCC from time to time and I can see in send folder, that Kmail created
different mails. One encrypted for all shown recipients and additinal ones for
each BCC recipient. I also analyzed the two encrypted mails with gpg cmd line,
that the BCC key is not leaked in the mail.
$ gpg /tmp/msg-normal.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: encrypted with 4096-bit ELG key, ID 0xXXXX, created 2010-06-29
"recipient 1"
gpg: encrypted with 2048-bit ELG key, ID 0xXXXX, created 2015-07-04
"recipient 2"
gpg: encrypted with 4096-bit RSA key, ID 0xXXXX, created 2017-07-13
"sender"
$ gpg /tmp/msg-bcc.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: encrypted with 4096-bit RSA key, ID 0xXXXX, created 2017-07-13
"sender"
gpg: encrypted with 4096-bit ELG key, ID 0xXXXX, created 2016-07-01
"BCC recipient"
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list