filenames of encrypted attachments visible ? How hard would it be to hide?

Adrian von Bidder avbidder at
Mon Jan 5 14:31:50 CET 2004

[sorry. ralf, of course I meant to answer to the lists]

On Monday 05 January 2004 14:06, Ralf Hauser wrote:
> To my understanding,
> If I send a message with attachments, the attachment filename is visible
> without cryptanalysis.
> Would it be hard to give the encrypted file a random name and only upon
> decryption, give it back its real name?
> doesn't appear state anything on this
> issue.
> Isn't that kind of giving away information that could be easily protected -
> or did I miss something?


You did miss rfc3156 (PGP/MIME). The structure of these (encrypted) emails is:

From: whatever
To: whatever
Subject: whatever
Date: whatever
Content-Type: multipart/encrypted;

Content-Type: application/pgp-encrypted

Version: 1

Content-Type: application/octet-stream

Version: GnuPG v1.2.3 (GNU/Linux)



And the encrypted part is again a full MIME message, with attachments and all. 
So the only relevant bits that go over the wire unencrypted are From/To 
(unavoidable to the extent of the email addresses) and the Subject (I have a 
proposal that could address this cooking slowly, I think I posted it in some 
places a few months ago).

-- vbi

<Knghtbrd> joeyh now has a terminal at the couch?
<Knghtbrd> That guy is wired, I swear  =3D>
<doogie> Knghtbrd: laptop
<doogie> and I don't mean the cats.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040105/1fd94cb8/attachment.bin

More information about the Gnupg-users mailing list