filenames of encrypted attachments visible ? How hard would it
be to hide?
Brian G. Peterson
brian at braverock.com
Mon Jan 5 07:40:49 CET 2004
Ralf Hauser said:
>
> To my understanding,
>
> If I send a message with attachments, the attachment filename is visible
> without cryptanalysis.
> Would it be hard to give the encrypted file a random name and only upon
> decryption, give it back its real name?
>
> http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
> issue.
>
> Isn't that kind of giving away information that could be easily protected
> -
> or did I miss something?
>
> Rgds
> Ralf
Ralf,
This is totally an implementation detail.
Many mail programs that integrate PGP or GnuPG already *do* obfuscate the
filename, calling it encrypted.dat.asc or data.asc or
somerandomstring.asc. If the asc file has an embedded filename, any
OpenPGP compatible client should be able to retrieve the file name upon
decryption.
There are times when knowing the filenmae may be more important than
obfuscating it for security reasons. The reverse is most certainly true
as well.
In my opinion, it should probably be left as an implementation detail for
each OpenPGP compatible mail client to decide on.
Regards,
- Brian
More information about the Gnupg-users
mailing list