MUA option "encrypt to self" weakness in certain situations?

Malte Gell malte.gell at
Sun Apr 25 15:49:13 CEST 2004

Hash: SHA1

Many MUA's or plugins allow to encrypt a message not only to the 
recipient's key, but to your own key to keep the sent message secret on 
your own machine.

But, can this strategy be a possible weakness? When using such an option 
the message is now encrypted to 2 keys with the same session key: an 
attacker can now chose which key to attack to restore the message. 

Example: I have a 2048 bit ELG-E subkey and send a message to a person 
whose encryption key has 4096 bit, I have enabled the MUA's "encrypt to 
self" option. So the encrypted message contains the session key twice, 
encrypted to 2 keys. The overall security is now limited to the shorter 
key. The recipient is confident his long key protects the message to 
him, but actually the "encrypt to self" option limits this protection 
to the shorter key.

This could mean that if someone (=recipient) uses a long key it may be 
rendered "useless" without intention if the sender has a short(er) key 
and uses such an "encrypt to self" option in his MUA. Is this thought 

Version: GnuPG v1.2.4 (GNU/Linux)


More information about the Gnupg-users mailing list