On Tue, 19 Dec 2023 14:42, Andrew Gallagher said: > Transparently decrypting inline messages opens you up to all sorts of > smuggling attacks, where it is not clear from the output which parts
Right. > while true; do > IFS= read -r line > while [[ $line != “-----BEGIN PGP MESSAGE-----” ]]; do > echo “$line” > IFS= read -r line > done > echo “<<<<<BEGIN DECRYPTED MESSAGE>>>>>" FWIW, here we get into the first trouble. Inserting a plaintext followed by some pages of white space or several FF after the BEGIN header followed by another BEGIN header allows to push something else underneath a signed (and encrypted) message. That is also why PGP/MIME is a better way to send mails than inline PGP. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
