On Mon, 20 Aug 2012 09:38:49 -0400 Jens Lechtenboerger <clou...@informationelle-selbstbestimmung-im-internet.de> wrote:
> if a message M is encrypted to you and other >recipients using RSA, then you are of course able to obtain the >session key K. Now, if you suspect Alice to be a recipient then >you download her public key from a key server and encrypt the session >key K under her public key. If the result matches one of the >encrypted session keys contained in M, then Alice is a recipient >of M. ===== The one sending the message really is in control here ;-) The sender can use hidden encrypt to ANY public key. i.e. if Alice is sending the message and wants to hide her identity, nothing prevents her from using throw-keyid with Bob's public key instead of her own, or NIST's, or PGP Corporation's, or any onyone else's. If the message is unsigned, the receiver cannot tell, (assuming it's sent from an appropriately anonymized e-mail address), and if it is signed, then the throw -keyid doesn't hide the sender's identity from the receiver. vedaal (sorry about thread-breaking ;-(( sent from a site that doesn't allow e-mail clients) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users