GPG and BCC
nb.linux
nb.linux at xandea.de
Fri Apr 11 12:03:20 CEST 2014
p.h.delgado at xoxy.net:
> On 04/10/2014 04:03 PM, Nicolai Josuttis wrote:
>> Recently I was reading
>> http://crypto.stanford.edu/portia/papers/bb-bcc.pdf
If the addressees aren't bored with that, you could add the
`--throw-keyids' option. For enigmail this would be the
`extensions.enigmail.agentAdditionalParam' key.
This would remove the key IDs from the message. On the other hand, the
receivers will be asked for a passphrase until a matching key (one that
can decrypt the message) is found, for every key they have.
>From the man page:
> --throw-keyids
>
> --no-throw-keyids
> Do not put the recipient key IDs into encrypted messages. This
> helps to hide the receivers of the message and is a limited
> countermeasure against traffic analysis. ([Using a little social
> engineering anyone who is able to decrypt the message can check
> whether one of the other recipients is the one he suspects.])
> On the receiving side, it may slow down the decryption process
> because all available secret keys must be tried. --no-throw-
> keyids disables this option. This option is essentially the same
> as using --hidden-recipient for all recipients.
cheers,
--nb.linux
More information about the Gnupg-users
mailing list