No Hidden-Recipient support in GPGME?

David Shaw dshaw at
Mon Sep 1 16:35:34 CEST 2008

On Sep 1, 2008, at 8:27 AM, Bernhard Reiter wrote:

> On Thursday 28 August 2008 14:59, David Shaw wrote:
>> On Aug 28, 2008, at 8:26 AM, Arturo 'Buanzo' Busleiman wrote:
>>> Werner Koch wrote:
>>>> What we could add far easier is an encryption flags which sets the
>>>> --throw-keyid option of gpg and thus all recipients would be  
>>>> hidden.
>>> That would work too! Jacob Appelbaum and I are working on the Web- 
>>> of-
>>> Trust solution to the OpenPGP
>>> for HTTP Bootstrapping issue, and we discovered that --throw-keyids
>>> would be great as a simple
>>> counter-measure against traffic analysis.
>> Emphasis on 'simple', though.  Hidden keyids do work, but read
>> for one
>> potential gotcha and workaround.
> To me understanding, using a blind carbon copy on emails requires
> the email application to send out several versions of the email:
> 1) encrypted to all visible recipients
> n invisible recipients*) encrypted to all visible recipients and one  
> out of n
> invisible.

Exactly.  This can be difficult for those mail programs that allow the  
MTA to handle all addressing, since it involves sending a message to  
user "b" (an encrypted + hidden user), but with "a" (an unencrypted  
users) in the To: list.


More information about the Gnupg-devel mailing list