filenames of encrypted attachments visible ? How hard would it be to hide?

Mon Jan 5 14:31:50 CET 2004

[sorry. ralf, of course I meant to answer to the lists]

On Monday 05 January 2004 14:06, Ralf Hauser wrote:
> To my understanding,
>
> If I send a message with attachments, the attachment filename is visible
> without cryptanalysis.
> Would it be hard to give the encrypted file a random name and only upon
> decryption, give it back its real name?
>
> http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
> issue.
>
> Isn't that kind of giving away information that could be easily protected -
> or did I miss something?

Hi,

You did miss rfc3156 (PGP/MIME). The structure of these (encrypted) emails is:

============================
From: whatever
To: whatever
Subject: whatever
Date: whatever
Content-Type: multipart/encrypted;
  protocol="application/pgp-encrypted";
  boundary="Boundary-02=_5Plx/pJ9Yq8C9E0"

--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/pgp-encrypted

Version: 1

--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3 (GNU/Linux)

hQEOAzLIxTMIwnnYEAP....
....
AFWzv4cn5IDmQ5A93JaApgQg6g==
=pVu5
-----END PGP MESSAGE-----
--Boundary-02=_5Plx/pJ9Yq8C9E0--

============================

And the encrypted part is again a full MIME message, with attachments and all. 
So the only relevant bits that go over the wire unencrypted are From/To 
(unavoidable to the extent of the email addresses) and the Subject (I have a 
proposal that could address this cooking slowly, I think I posted it in some 
places a few months ago).

Greetings
-- vbi

-- 
<Knghtbrd> joeyh now has a terminal at the couch?
<Knghtbrd> That guy is wired, I swear  =3D>
<doogie> Knghtbrd: laptop
<doogie> and I don't mean the cats.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040105/1fd94cb8/attachment.bin