filenames of encrypted attachments visible ? How hard would it be to hide?

Brian G. Peterson brian at
Mon Jan 5 07:40:49 CET 2004

Ralf Hauser said:
> To my understanding,
> If I send a message with attachments, the attachment filename is visible
> without cryptanalysis.
> Would it be hard to give the encrypted file a random name and only upon
> decryption, give it back its real name?
> doesn't appear state anything on this
> issue.
> Isn't that kind of giving away information that could be easily protected
> -
> or did I miss something?
> Rgds
> 	Ralf


This is totally an implementation detail.

Many mail programs that integrate PGP or GnuPG already *do* obfuscate the
filename, calling it encrypted.dat.asc or data.asc or
somerandomstring.asc.  If the asc file has an embedded filename, any
OpenPGP compatible client should be able to retrieve the file name upon

There are times when knowing the filenmae may be more important than
obfuscating it for security reasons.  The reverse is most certainly true
as well.

In my opinion, it should probably be left as an implementation detail for
each OpenPGP compatible mail client to decide on.


   - Brian

More information about the Gnupg-users mailing list