[tor-bugs] #7775 [TorBirdy]: cannot decrypt both encrypted & encrypted+signed emails in k9 mail+APG

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Dec 22 16:43:07 UTC 2012 

#7775: cannot decrypt both encrypted & encrypted+signed emails in k9 mail+APG
-----------------------+----------------------------------------------------
 Reporter:  johnshaft  |          Owner:  ioerror
     Type:  defect     |         Status:  new    
 Priority:  normal     |      Milestone:         
Component:  TorBirdy   |        Version:         
 Keywords:             |         Parent:         
   Points:             |   Actualpoints:         
-----------------------+----------------------------------------------------

Comment(by sukhbir):

 If you are ''not'' sending encrypted messages with Thunderbird+TorBirdy,
 then this option has no effect.

 If you are sending encrypted messages, it depends. From the GPG manual,
 having this enabled (which is the default in TorBirdy):

   Do not put the recipient key IDs into encrypted messages. This helps to
 hide the receivers of the message and is a limited countermeasure against
 traffic analysis. ([Using a little social engineering anyone who is able
 to decrypt the message can check whether one of the other recipients is
 the one he suspects.]) On the receiving side, it may slow down the
 decryption process because all available secret keys must be tried.

 To put it succinctly, if you have a key that is '''not''' public, you
 might want to leave this enabled (default behavior). To know why, follow
 the discussion on the [https://lists.torproject.org/pipermail/tor-
 talk/2012-July/024853.html tor-talk] mailing list about this topic.

 If your key is public and you plan to use APG in your case, you can
 disable this option safely. The only thing this leaks when enabled is your
 key ID and nothing else (again, assuming it is public already).

 The reason why we have this opt-out was because many users were
 complaining that they didn't want to use `--throw-keyids`, so that is why
 it is there :)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7775#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list