gpg - difference --encrypt-to and --recipient

justina colmena justina at colmena.biz
Wed Jan 2 21:56:27 CET 2019 

On January 1, 2019 4:13:43 PM AKST, MFPA <2017-r3sgs86x8e-lists-groups at riseup.net> wrote:
>Hi
>
>
>On Monday 31 December 2018 at 9:06:39 PM, in
><mid:6A39FC9C-3105-451B-BB5E-6D6757337600 at colmena.biz>, justina
>colmena via Gnupg-users wrote:-
>
>
>> Shouldn't an email message (for example) be encrypted
>> separately to
>> each BCC recipient,
>
>My opinion is that should be the case. However, most MUAs I've used
>include the BCC recipients' keys in the encryption along with the To
>and CC recipients' keys, so any email addresses in the user-IDs of
>these keys are visible to all recipients.
>
>As an exception, one MAU I used with an OpenPGP add-on would instead
>send an individual copy of the message to each BCC recipient,
>encrypted only to their key.

This seems like better practice. Also I would want to encrypt the transmitted email message only to the intended recipient, and the copy stored in my "Sent" folder only to myself.

>> or is this an intended all-in-one
>> multiple-recipient encryption which cannot conceal
>> from the
>> cryptanalyst the fact that the same message,
>> encrypted only once, is
>> being sent to more than one receiving party?
>
>With hidden-recipient or hidden-encrypt-to or throw-keyids, it is
>clear how many keys were encrypted to, but the key IDs and user-IDs
>are not present.
I am not terribly comfortable with this situation. It almost seems rather creepy to me to receive an encrypted message that is also encrypted for the benefit or verification of one or more unknown and unidentified third parties. I start suspecting things like a foreign government mandated key escrow or secret government backdoor on behalf of some foreign spy or law enforcement agency.
>
>--
>Best regards
>
>MFPA                  <mailto:2017-r3sgs86x8e-lists-groups at riseup.net>
>
>Never trust a dog with orange eyebrows


-- 
A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

https://www.colmena.biz/~justina/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 683 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190102/b2efcb37/attachment.sig>

More information about the Gnupg-users mailing list