filenames of encrypted attachments visible ? How hard would it
be to hide?
Adrian von Bidder
avbidder at fortytwo.ch
Mon Jan 5 14:31:50 CET 2004
[sorry. ralf, of course I meant to answer to the lists]
On Monday 05 January 2004 14:06, Ralf Hauser wrote:
> To my understanding,
> If I send a message with attachments, the attachment filename is visible
> without cryptanalysis.
> Would it be hard to give the encrypted file a random name and only upon
> decryption, give it back its real name?
> http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
> Isn't that kind of giving away information that could be easily protected -
> or did I miss something?
You did miss rfc3156 (PGP/MIME). The structure of these (encrypted) emails is:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP MESSAGE-----
And the encrypted part is again a full MIME message, with attachments and all.
So the only relevant bits that go over the wire unencrypted are From/To
(unavoidable to the extent of the email addresses) and the Subject (I have a
proposal that could address this cooking slowly, I think I posted it in some
places a few months ago).
<Knghtbrd> joeyh now has a terminal at the couch?
<Knghtbrd> That guy is wired, I swear =3D>
<doogie> Knghtbrd: laptop
<doogie> and I don't mean the cats.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 331 bytes
Url : /pipermail/attachments/20040105/1fd94cb8/attachment.bin
More information about the Gnupg-users