Ingo Klöcker kloecker at
Fri Apr 11 22:59:21 CEST 2014

On Thursday 10 April 2014 18:03:17 Nicolai Josuttis wrote:
> Can anybody answer/explain whether there is or might be a problem or
> risk if using encryption combined with bcc addresses with GPG?
> And if so, what should I do/avoid to run into this problem?
> I am especially interested in an answer which helps me to understand
> WHY there is or might be a/no problem.
> In fact:
> - Does GPG reveal the number of BCC rcipients?
> - Does GPG reveal BCC identities (partially)?

Those questions have already been answered by the others.

> If the answer depends on the browser or other components, please tell
> me.
> The reason I ask is because for a UI to be programmed on top of GPG
> I want to understand which warnings I should raise or
> what I should deny
> when users try to send encrypted emails also to bcc receivers.

Apart from using the '--throw-keyids' option you could send multiple 
copies of the message. One copy for the public recipients which is 
encrypted with the keys of all public recipients (To, Cc). And n copies 
for the n Bcc recipients where each copy is encrypted with the key of 
one Bcc recipient. That's what KMail does.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140411/fafea897/attachment.sig>

More information about the Gnupg-users mailing list