https://bugs.kde.org/show_bug.cgi?id=335117
Bug ID: 335117
Summary: Information leak when using GPG on Bcc recipients
Classification: Unclassified
Product: kmail2
Version: 4.12.4
Platform: Debian unstable
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: crypto
Assignee: kdepim-bugs@kde.org
Reporter: n...@naturalnet.de
When sending e-mail to several recipients, of which some are Bcc with the
intention to hide them from the other recipients, using GPG leaks information
about those because the used encryption keys are visible on the encrypted
message.
GPG has a -R option that hides the used encryption key, and this method is most
likely also exposed through whatever KMail uses to run GPG. It should be used
for all Bcc recipients in order to not disclose their existence!
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
Kdepim-bugs@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-bugs
