-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks for the replies everyone. I think it's pretty clear what I
need to do!
All the best,
- Bjarni
- --
PageKite.net lets your personal computer be part of the web.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAEBAgAGBQJWrmFUAAoJEI4ANxY
On Fri, 29 Jan 2016 19:32, b...@pagekite.net said:
> a) I use --hidden-recipient
Never. You leak the information that there is a BCC, so it is only
half-blind.
> b) I send them their own separate copy of the mail, encrypted only to them
That is how all proper MUAs do it.
> How does this w
On 31/01/16 13:20, Andrey Utkin wrote:
> Leakage of exact number of hidden recipients can be mitigated by
> adding random number of pseudo-recipients
There is a lot of literature on masking the length of packets with
random padding. It's not as straightforward as it seems. I think this
has anologu
On 30.01.2016 14:36, Peter Lebbing wrote:
> On 29/01/16 19:32, Bjarni Runar Einarsson wrote:
>> Also, if I go with a), does that leak the fact that there were
>> hidden recipients? Does it leak how many?
>
> I'd say yes and yes. Every recipient has their own Public Key Encrypted
> Session Key (PKE
On 29/01/16 19:32, Bjarni Runar Einarsson wrote:
> If the user only has one public/private key pair, I assume the
> experience isn't too bad, GnuPG will just make a guess. But if
> the user has multiple keys, do they have to enter the passphrase
> for each in succession, as gpg tries to guess how t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 29.01.16 19:32, Bjarni Runar Einarsson wrote:
> (...) Using --hidden-recipient is more efficient and easier to
> implement, but I wonder how this is handled on the receiving end?
> If the user only has one public/private key pair, I assume the
Hello GnuPG-users!
I am (still) working on Mailpile, and it was brought to my
attention that if I send encrypted mail with folks in the BCC
line, the fact that they got a copy is leaked unless:
a) I use --hidden-recipient
b) I send them their own separate copy of the mail, encrypted only to the
