gpg - difference --encrypt-to and --recipient

justina colmena justina at colmena.biz
Mon Dec 31 22:06:39 CET 2018


On December 31, 2018 5:38:10 AM AKST, Dirk Gottschalk via Gnupg-users <gnupg-users at gnupg.org> wrote:
>Hello Damien.
>
>Am Montag, den 31.12.2018, 12:45 +0000 schrieb Damien Goutte-Gattat:
>> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-
>> users wrote:
>> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient
>
>> > for this purpose. That prevents the disclosure of the communication
>> > paths with pure GPG-Packet analysis.
>
>> You do realize that, in the case of e-mail, the communication paths
>> are already disclosed by the SMTP protocol (command "RCPT TO") and
>> the mail headers ("From", "To", and the like), which both are outside
>> the scope of OpenPGP protection?
>
>Yes, sure I do. But referencing the command line options, I thought he
>was speaking about encryption of files. In this case, it could be of
>(even if small) benefits to avoid the disclosure of the path.
>
>
>> Using --hidden-recipient only protects against an hypothetic attacker
>> who is somehow only able to obtain the email body (the OpenPGP
>> message itself) without the surrounding metadata.
>
>That's correct. As told, I was talking about encrypted files. If you
>upload en encrypted file to a cloud service, for example, it could be a
>good idea to encrypt only to hidden recipients. Security my obscurity
>is not everytime a bad thing. ;)
>
>Regards,
>Dirk

For some reason I'm not getting a "Reply-To:" for the whole list here...
Hidden recipients are normally given in the BCC (Blind Carbon Copy) field in the case of email, and the communication paths are not disclosed to other recipients.

Shouldn't an email message (for example) be encrypted separately to each BCC recipient, or is this an intended all-in-one multiple-recipient encryption which cannot conceal from the cryptanalyst the fact that the same message, encrypted only once, is being sent to more than one receiving party?

I hate to see the vast number of gpg command-line options get so carried away that we lose grip of the basic cryptography that we want to use GnuPG for.

And now the *secret* keys are going in "~/.gnupg/pubring.gpg" with the false implication by its name that the file contains only public keys which need not be so carefully guarded against disclosure.

-- 
A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

https://www.colmena.biz/~justina/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 683 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181231/967d530c/attachment.sig>


More information about the Gnupg-users mailing list