how vulnerable is "hidden-encrypt-to"

auto15963931 auto15963931 at hushmail.com
Sat Aug 18 04:05:32 CEST 2012


Hauke Laging:
> Am Fr 17.08.2012, 09:56:56 schrieb auto15963931:
>> Is there any way on heaven or earth for someone to discover from a
>> message, one sent to them or to another person, whether the encrypted
>> message had been made with an option "hidden-encrypt-to"
> 
> Sure.
> 
> start cmd:> LC_ALL=C gpg --list-packets test.gpg
> :pubkey enc packet: version 3, algo 1, keyid 8E75E2184AD27C5B
>         data: [4095 bits]
> :pubkey enc packet: version 3, algo 1, keyid 0000000000000000
>         data: [2046 bits]
> gpg: anonymous recipient; trying secret key 0x25D4FD8B ...
> 
> 
>> or what key ID
>> had been used in conjunction with that option? Thanks.
> 
> You need the private recipient key in order to find out that key ID. It's the 
> use of this option that you cannot get this information in another way.
> 
> 
Hello, Hauke

Apparently, that it was used could be seen, but to whom it had been
encrypted could not unless one happened to have that key. In the example
of yours it appears as though the message was encrypted to two different
keys, one of which was hidden and the other not. Is that right?

Incidentally, when I looked at your reply and noticed it was signed, I
tried verifying the signature. However, the signature appeared to be
invalid according to the message I got:

OpenPGP Security Info

Error - signature verification failed

gpg command line and output:
gpg2.exe
gpg: Signature made 08/17/12 10:16:27 Central Daylight Time
gpg:                using RSA key 5BA0F8B53A403251
gpg: BAD signature from "Hauke Laging <hauke at laging.de>" [unknown]


Why is the signature failing? Thanks.




More information about the Gnupg-users mailing list