feature request: allowing display of session key used for encryption

Peter Palfrader gnupg-users=gnupg.org at lists.palfrader.org
Sat Dec 13 02:32:01 CET 2003


On Wed, 10 Dec 2003, David Shaw wrote:

> On Thu, Dec 11, 2003 at 12:29:14AM +0100, Ingo Klöcker wrote:
> > On Wednesday 10 December 2003 23:45, vedaal at hush.com wrote:
> > > On Wed, 10 Dec 2003 14:30:46 -0800 Steve Butler <sbutler at fchn.com> 
> > wrote:
> > > >Why not always encrypt to yourself as one of the recipients?
> > >
> > > for those times when the sender wants more e-mail anonymity
> > 
> > --throw-keyid ? Sure it throws away the key id of all encryption keys. 
> > But if you want anonymity then that's what you want to use because you 
> > won't have to keep track of any session keys.
> 
> In 1.3.x you can do -r for regular recipients,, and -R for hidden
> recipients, and mix them however you please.

JFTR, AIUI --throw-keyid still does not clean the message of all traces.
At least the size of the asymmetric encrypted data would still be
visible to everybody having access to the ciphertext, which enables them
to possibly draw conclusions on the size of the modulus.  Even if the
key is not made public by sending it to keyservers, it would still allow
some kind of linkability.

In short:  don't rely on --throw-keyid to protect your anonymity.

Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031213/856d3cee/attachment.bin


More information about the Gnupg-users mailing list