gpg - difference --encrypt-to and --recipient
Stefan Claas
sac at 300baud.de
Mon Dec 31 13:57:18 CET 2018
On Mon, 31 Dec 2018 12:45:44 +0000, Damien Goutte-Gattat wrote:
> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users wrote:
> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> > this purpose. That prevents the disclosure of the communication paths
> > with pure GPG-Packet analysis.
>
> You do realize that, in the case of e-mail, the communication paths are
> already disclosed by the SMTP protocol (command "RCPT TO") and the mail
> headers ("From", "To", and the like), which both are outside the scope
> of OpenPGP protection?
>
> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP message
> itself) without the surrounding metadata.
But it is imho good if you use anonymous remailers, either for email
or Usenet postings. In the case of email Mallory would only see that
Bob received a message, but does not know from whom it originated
and in case of proper Usenet usage nobody would know who send
the message and who is the recipient.
Regards
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181231/38439d83/attachment-0001.sig>
More information about the Gnupg-users
mailing list