On Thursday 10 April 2014 18:03:17 Nicolai Josuttis wrote: > Can anybody answer/explain whether there is or might be a problem or > risk if using encryption combined with bcc addresses with GPG? > And if so, what should I do/avoid to run into this problem? > I am especially interested in an answer which helps me to understand > WHY there is or might be a/no problem. > In fact: > - Does GPG reveal the number of BCC rcipients? > - Does GPG reveal BCC identities (partially)?
Those questions have already been answered by the others. > If the answer depends on the browser or other components, please tell > me. > > The reason I ask is because for a UI to be programmed on top of GPG > I want to understand which warnings I should raise or > what I should deny > when users try to send encrypted emails also to bcc receivers. Apart from using the '--throw-keyids' option you could send multiple copies of the message. One copy for the public recipients which is encrypted with the keys of all public recipients (To, Cc). And n copies for the n Bcc recipients where each copy is encrypted with the key of one Bcc recipient. That's what KMail does. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
