how vulnerable is "hidden-encrypt-to"

Hauke Laging mailinglisten at
Sat Aug 18 04:24:21 CEST 2012

Am Fr 17.08.2012, 21:05:32 schrieb auto15963931:

> In the example
> of yours it appears as though the message was encrypted to two different
> keys, one of which was hidden and the other not. Is that right?

That is right. --hidden-encrypt-to needs other recipients. But you may use 
‑‑throw-keyids or --hidden-recipient instead.

> Incidentally, when I looked at your reply and noticed it was signed, I
> tried verifying the signature.

> Why is the signature failing? Thanks.

That's a bug in my MUA which is triggered by the email being encoded as ascii:

This bug (or rather: problem) has been discovered here on the list – it occurs 
almost only in English emails. I have added a non-ASCII char to my text 
signature thus forcing a charset different from ascii. Thus the signature of 
this email should be OK.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120818/cfa2175f/attachment.pgp>

More information about the Gnupg-users mailing list