Problem with Encryption of Mails

gabriel rosenkoetter gr at eclipsed.net
Tue Oct 28 09:49:33 CET 2003


On Fri, Oct 24, 2003 at 06:53:53PM +0200, Torsten Villnow wrote:
> ... I can encrypt a file (using the file manager of WinPT) with both my
> buddy's public key and my own key. That one single file I can decrypt
> afterwards again, after having entered my own passphrase. The same is
> possible with mails I generate.

You're right, and that's certainly possible. I think you were taken
too literally, but I didn't pay attention to the conversation till
just now.

What happens when you go through the motions you describe is that a
temporary key (symmetric, I think, but I've never actually looked at
GnuPG's implementation) is generated, the message enciphered with
that key, the key enciphered separately with each of recipients' keys,
and the whole mess sent along.

> From: Neil Williams [mailto:linux at codehelp.co.uk]
> Sent: Monday, October 20, 2003 9:02 AM
> > When people encrypt to themselves and to the recipient it is normally a
> > SEPARATE process. e.g. if I was to encrypt to you, the message
> > sent to you
> > would only be encrypted with your public key. A COPY of the
> > message before
> > encryption is then encrypted using my public key and stored in
> > Sent Items -
> > it never leaves my machine. The mail client handles this transparently.

That's not an accurate description of what GnuPG does. (That is,
viewing messages that I have composed in mutt and enciphered to
more than one recipient, it is still possible to see to what
recipients it was enciphered, and it is possible for those recipients
to take the PGP block on my hard drive and decipher it.) Please,
Neil, don't assert statements like this unless you actually know how
the software works, because it really is confusing to people who
don't.

Torsten, it's hard to help you without knowing more about what your
PGP software your communicant is using. You might investigate the
compatibility options (--openpgp, --rfc1991, --pgp{2,6..8}) when
decoding on your end. It's possible that it's some unnecessary
option he has set on his end that would make you need to use one of
these options, and if he really doesn't need it, he could probably
unset it to make your life easier.

If all else fails, have him encipher a message to both your key and
mine (0x0cf9091a; get it from subkeys.pgp.net, please) and set that
to me privately and I'll see if I can figure out what's wrong.

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20031028/254f6eca/attachment.bin


More information about the Gnupg-users mailing list