Just a thought

John Clizbe John at Mozilla-Enigmail.org
Sun Apr 26 00:14:30 CEST 2009

Ingo Klöcker wrote:
> On Saturday 25 April 2009, John Clizbe wrote:
>> The message will be encrypted once with a symmetric cipher and
>> session key. Then the session key is encrypted to each recipient's
>> public key and the encrypted session keys are attached to the
>> message.
>> For each recipient the first valid key with matching email address is
>> the one selected. If this is not the preferred key, then Enigmail's
>> Per-recipient rules may be setup to specify the correct key to use.
> How does Thunderbird/Enigmail handle bcc'd recipients? Does it create 
> several differently encrypted copies of the message in case of bcc'd 
> recipients, i.e. one copy of the message encrypted with the keys of all 
> public recipients and additional copies of the message (one per bcc'd 
> recipient) encrypted only with the key of the corresponding bcc 
> recipient (and probably with the sender's key)?

Enigmail passes GnuPG a list of recipients to encrypt to. It does not
generate separate messages, only the one.  This is a constraint of
Thunderbird's architecture.

BCCed recipients are treated as just another recipient. There is only
one copy of the message and one set of encrypted session keys.

If one is going to encrypt *and, at the same time*, use BCC, he should
seriously look at using GnuPG's throw-keyids option. From the man page:


         Do not put the recipient key  IDs  into  encrypted  messages.
         This helps to hide the receivers of the message and is a lim-
         ited countermeasure against traffic analysis.  On the receiv-
         ing side, it may slow down the decryption process because all
         available secret keys must be tried.  --no-throw-keyids  dis-
         ables  this  option.   This option is essentially the same as
         using --hidden-recipient for all recipients.

The other alternative is to manually manage BCC copies. Personally, I'm
not a big fan of BCC.

PS: Rob's comments about how TB's architecture forces Enigmail's
behavior and the suggestion that it should probably be moved are both
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 678 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090425/50e69f3f/attachment.pgp>

More information about the Gnupg-users mailing list