Oh man.. check a few of the previous list emails on this subject. They're fairly detailed.
Farhan On Wed, May 16, 2018 at 3:04 AM, eira wahlin <pan...@nonbinary.me> wrote: > Hi. > I've been looking at a vulnerability in mail clients using pgp, described > at efail.de. It is a technique where an attacker would inject a HTML IMG > tag in an email, enveloping the encrypted text. This would send the > cleartext message to the server inticated in the IMG tag. > > To me, it seems that this attack would be defeated by signing the > encrypted message, which (to my knowledge) most email clients does by > default. > > Am I missing something here? How do clients generally handle partially > signed messages? Would they decrypt an encrypted message, if it would be > enveloped in a cleartext IMG tag? > > Panina, malmö, sweden > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
