Re: gpg - difference --encrypt-to and --recipient

2019-01-06 Thread vedaal via Gnupg-users 


On 1/3/2019 at 10:14 PM, "MFPA"  wrote:> [3] only for the overly
paranoid who revel in tedious
> work-arounds  8^) :

> (a)  Encrypt to both yourself and the recipient
> (b)  Remove your own id packet from the ciphertext,
> (c)  Re-calculate  the crc of the ciphertext
> (d)  Send the 'hacked' ciphertext along to the
> original recipient
> (e)  Store the first ciphertext from (a) along with
> the one from (d), in your sent folder
> (f)   now you will always be able to decrypt and
> retrieve the original plaintext

Would the ciphertext at (d) be much different than encrypting to the
recipient and hidden-encrypt-to your own key?

=

Yes.
The ciphertext in (d) would have no indication that it was being
encrypted to anyone else.

Using 'hidden-encrypt' to your own key, would show that it was
encrypted to another key, but undetectable to whom.
As a concrete difference, if you used the command:   gpg
--try-all-secrets  
on the file encrypted to the recipient and hidden-encrypt-to your own
key,
it would decrypt to your own key.

Even from the ciphertext, it is detectable because it is 'longer'
(i.e., has another key-packet).

Try encrypting to only one recipient, and the encrypting the same
plaintext to the same recipient, while also using hidden-encrypt to,
and look at the difference in length.

vedaal___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2019-01-03 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 3 January 2019 at 12:02:39 AM, in
, vedaal via
Gnupg-users wrote:-


> [2] encrypt only to the sender, but also encrypt the
> plaintext only
> to you, and store the encrypted file in your sent or
> other
> convenient folder, with the date and the recipient.

I guess if you had an MUA that encrypted separately to BCC recipients,
you could achieve this by BCC-ing yourself.



> [3] only for the overly paranoid who revel in tedious
> work-arounds  8^) :

> (a)  Encrypt to both yourself and the recipient
> (b)  Remove your own id packet from the ciphertext,
> (c)  Re-calculate  the crc of the ciphertext
> (d)  Send the 'hacked' ciphertext along to the
> original recipient
> (e)  Store the first ciphertext from (a) along with
> the one from (d), in your sent folder
> (f)   now you will always be able to decrypt and
> retrieve the original plaintext

Would the ciphertext at (d) be much different than encrypting to the
recipient and hidden-encrypt-to your own key?


- --
Best regards

MFPA  

He's an environmentalist - his arguments are 100% recycled
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCXC7OkV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw
Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju
+oXLAP9VS4KkIcC46uXVbRrxMMnMb3uU3DnyWlQAN3BnerHiXQD+Mew6XBCf1Vsy
arODK2wCXESbLQGsX+zXveX+bNpzegyJApMEAQEKAH0WIQRSX6konxd5jbM7JygT
DfUWES/A/wUCXC7Okl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw
REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/139EACpg6S+lm2f56sqJzF4pWkosYFm
XzkgfMSIFgL241vmewDNAb54RsDtQ7sxZvy9jhIYVA0BFsRhmYmWNHjUWqEvb+iO
Q59yngpjJJkueCfVW6WiC1iCIURVZQ+wrSaQqks1/UyIk8JfwNPMntcjHbMPJt+M
hXxsxpBzy3wgbFfIxjNEx9XdcMOkt6wZHt1SmJQIhP2nw8QydqQAphcKEyBp7T/k
vRKOxExv6PgCWs93dCVWHhO/ek2BDBm5oDMZ0aFz/ZehhtRQapdQYZ5upWXBFcQc
DZgr/G+gDFtEmHjVyYugnBMT9sITau9WYZ+NedhIndwFNHmbd5EfI+i7KNd67kN0
zn0YT21Lh37IMBeki87XcDMiTvNfmejs3ogUgiNwbsr8SGcHpwojKStWJdzlw381
leN5VpLC921BojCgna+2k+xrx+z1+s6b5SZx3FV4118KuXoixRtfWTB52CB9KnzX
MRzfTy4IpjKjdpjqoLrQg7H+VlwVgHzU4p52OA0fWJHxDaYDZpl0mWA2ffL1qn4w
G2cMJKvOQacu2Me241z/tQ7FvLpZ6oKmeaFNM8wzN0vK2bYlh1PTrEE5hEDbWgIm
/J8Qmlg94QqPy7S/lB6BqaWb1lqe48AkdfjFiFwQYcw+3ibsnmhDmQyPe0OkWgqC
1fjyulUQXjXBkJ19bg==
=yhZM
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2019-01-02 Thread vedaal via Gnupg-users 


On 1/2/2019 at 3:59 PM, "justina colmena via Gnupg-users"  wrote:
>My opinion is that should be the case. However, most MUAs I've used
>include the BCC recipients' keys in the encryption along with the To
>and CC recipients' keys, so any email addresses in the user-IDs of
>these keys are visible to all recipients.

>As an exception, one MAU I used with an OpenPGP add-on would instead
>send an individual copy of the message to each BCC recipient,
>encrypted only to their key.

>This seems like better practice. Also I would want to encrypt the
transmitted email message only to the intended recipient, >and the
copy stored in my "Sent" folder only to myself.
>With hidden-recipient or hidden-encrypt-to or throw-keyids, it is
>clear how many keys were encrypted to, but the key IDs and user-IDs
>are not present.
I am not terribly comfortable with this situation. It almost seems
rather creepy to me to receive an encrypted message that is also
encrypted for the benefit or verification of one or more unknown and
unidentified third parties. I start suspecting things like a foreign
government mandated key escrow or secret government backdoor on behalf
of some foreign spy or law enforcement agency.

=
 you have 3 tedious options, 1 more tedious than the other  8^)   :

[1]  use default-recipient-self, and explain in an n.b. in your
plaintext that you want to have a record of what you sent, but don't
want to leave it in plaintext,  and you will have an encrypted copy in
your sent box openable by you  
(this is very common).

[2] encrypt only to the sender, but also encrypt the plaintext only to
you, and store the encrypted file in your sent or other convenient
folder, with the date and the recipient.

[3] only for the overly paranoid who revel in tedious work-arounds 
8^) :

(a)  Encrypt to both yourself and the recipient
(b)  Remove your own id packet from the ciphertext, 
(c)  Re-calculate  the crc of the ciphertext
(d)  Send the 'hacked' ciphertext along to the original recipient
(e)  Store the first ciphertext from (a) along with the one from (d),
in your sent folder
(f)   now you will always be able to decrypt and retrieve the original
plaintext

btw,

I don't recommend this, 
but it is *possible* to add a (not yet done, but not terribly
complicated either) patch to gnupg to 'display' the session key in the
terminal window, 
(while you are encrypting only to one recipient),
and then you can encrypt that session key to your key, and store it,

or

a (also not yet done, but not terribly complicated either) patch,
 to allow gnupg to use a session key supplied by the user as an entry
in the command line(i.e.  --use-session-key  (64 character string from
step (a) above)

That session key is as random as any done by gnupg, and isn't really
being 're-used', 
it's just being stored in the encrypted file from step (a) and is
being sent with the same message encrypted to the same recipient as in
step (a)

This is just to point out, that if someone wants to think paranoidly
about 'who else knows' what is encrypted in your encrypted e-mail that
was encrypted only to you, it 'can' be done,
(extremely tedious, and afaik , has not been implemented by any
open-pgp variant program out there   8^)  )
vedaal
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2019-01-02 Thread Stefan Claas 
On Wed, 02 Jan 2019 11:56:27 -0900, justina colmena via Gnupg-users wrote:
> On January 1, 2019 4:13:43 PM AKST, MFPA 
> <2017-r3sgs86x8e-lists-gro...@riseup.net> wrote:

> >With hidden-recipient or hidden-encrypt-to or throw-keyids, it is
> >clear how many keys were encrypted to, but the key IDs and user-IDs
> >are not present.  
> I am not terribly comfortable with this situation. It almost seems rather 
> creepy to me to receive an encrypted
> message that is also encrypted for the benefit or verification of one or more 
> unknown and unidentified third parties.
> I start suspecting things like a foreign government mandated key escrow or 
> secret government backdoor on behalf of
> some foreign spy or law enforcement agency.

When you receive a message which is also encrypted to hidden recipients you 
will see that
in GnuPG, when decrypting the message. It shows additional info of how many 
keys the
message was encrypted to, with key ids showing in the form of ID 
.

So nothing to worry! This very good feature was probably implemented many moons 
ago
for users of Mixmaster.

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2019-01-02 Thread justina colmena via Gnupg-users 
On January 1, 2019 4:13:43 PM AKST, MFPA 
<2017-r3sgs86x8e-lists-gro...@riseup.net> wrote:
>Hi
>
>
>On Monday 31 December 2018 at 9:06:39 PM, in
>, justina
>colmena via Gnupg-users wrote:-
>
>
>> Shouldn't an email message (for example) be encrypted
>> separately to
>> each BCC recipient,
>
>My opinion is that should be the case. However, most MUAs I've used
>include the BCC recipients' keys in the encryption along with the To
>and CC recipients' keys, so any email addresses in the user-IDs of
>these keys are visible to all recipients.
>
>As an exception, one MAU I used with an OpenPGP add-on would instead
>send an individual copy of the message to each BCC recipient,
>encrypted only to their key.

This seems like better practice. Also I would want to encrypt the transmitted 
email message only to the intended recipient, and the copy stored in my "Sent" 
folder only to myself.

>> or is this an intended all-in-one
>> multiple-recipient encryption which cannot conceal
>> from the
>> cryptanalyst the fact that the same message,
>> encrypted only once, is
>> being sent to more than one receiving party?
>
>With hidden-recipient or hidden-encrypt-to or throw-keyids, it is
>clear how many keys were encrypted to, but the key IDs and user-IDs
>are not present.
I am not terribly comfortable with this situation. It almost seems rather 
creepy to me to receive an encrypted message that is also encrypted for the 
benefit or verification of one or more unknown and unidentified third parties. 
I start suspecting things like a foreign government mandated key escrow or 
secret government backdoor on behalf of some foreign spy or law enforcement 
agency.
>
>--
>Best regards
>
>MFPA  
>
>Never trust a dog with orange eyebrows


-- 
A well regulated Militia, being necessary to the security of a free State, the 
right of the people to keep and bear Arms, shall not be infringed.

https://www.colmena.biz/~justina/

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2019-01-01 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Monday 31 December 2018 at 9:06:39 PM, in
, justina
colmena via Gnupg-users wrote:-


> Shouldn't an email message (for example) be encrypted
> separately to
> each BCC recipient,

My opinion is that should be the case. However, most MUAs I've used
include the BCC recipients' keys in the encryption along with the To
and CC recipients' keys, so any email addresses in the user-IDs of
these keys are visible to all recipients.

As an exception, one MAU I used with an OpenPGP add-on would instead
send an individual copy of the message to each BCC recipient,
encrypted only to their key.



> or is this an intended all-in-one
> multiple-recipient encryption which cannot conceal
> from the
> cryptanalyst the fact that the same message,
> encrypted only once, is
> being sent to more than one receiving party?

With hidden-recipient or hidden-encrypt-to or throw-keyids, it is
clear how many keys were encrypted to, but the key IDs and user-IDs
are not present.

- --
Best regards

MFPA  

Never trust a dog with orange eyebrows
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCXCwQUV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw
Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju
+l+qAP4u2Ik4+zBMKk5dQuE/6ZgvBFnBjeqKt79FEQufn92LiAEArbSWuqUsRdiK
zD88bQo1AwfqVzSLZ315pCVR+Rg/MASJApMEAQEKAH0WIQRSX6konxd5jbM7JygT
DfUWES/A/wUCXCwQUV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw
REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/6f/D/0eScxxhozcB1TPwVDESl1ZdG4y
Ai6e8dmZyh9jVpEmTbiolXTw4IjWkuq26KMGyIdZEn2vSZtHwGm6AkMIWncR8D0A
P4rQWw+6Z9evsRLKkW3+J1TyQNQfA6YZ+gxTK6BLoyVqbp520CTNyfibq9PNN+mg
HqlxboA61ti2oMzQ0YhIq6H+RKbo7AhfpgQsN/NmVLa1tqbja1gQxbdmXV1axdmQ
EHn0VUKTaCYSiC9ulDAnoBVgg6h4zbxxawwa6NJQ03T5YBRzu3aLmlcpHaOj7DKZ
9LM3JTY+HlPWoAwLQhuLVKmDrt60GFobn3SDhgDlrwu1WVT+98jlCr3J+5BJlyOs
bAA8vCYpS6gEGtHa00JAd3qnnBfdGvxzs1wa88eHRqHkG6HWUj1qfxE5OCpGqcpy
Av4rfyANiRYAGnPb3+48kMCvLEGLyHTWyewrRc4tGbyxIIjjhH/N41Uz8FbjNCuT
/baoXoOzHoyzH+O78N8mn+IPyaN5sEwezUFeBZARYS6El9LU5+UsxGM4bW8wKwe+
f4GcKMGFFffQ0BEO5rIZPMwnP0X1HEVLnyOCmS+idUUCdBZ12OyEjApD1EH0B24Y
qTwxNAbT6538DhAYFzHi8EJHxUOsQBLMtYKuzTpqZnpBxK6rYDXqdhc17zXylu5U
a+4py/6A/kfU7UlBEA==
=tUMh
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread justina colmena via Gnupg-users 
On December 31, 2018 5:38:10 AM AKST, Dirk Gottschalk via Gnupg-users 
 wrote:
>Hello Damien.
>
>Am Montag, den 31.12.2018, 12:45 + schrieb Damien Goutte-Gattat:
>> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-
>> users wrote:
>> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient
>
>> > for this purpose. That prevents the disclosure of the communication
>> > paths with pure GPG-Packet analysis.
>
>> You do realize that, in the case of e-mail, the communication paths
>> are already disclosed by the SMTP protocol (command "RCPT TO") and
>> the mail headers ("From", "To", and the like), which both are outside
>> the scope of OpenPGP protection?
>
>Yes, sure I do. But referencing the command line options, I thought he
>was speaking about encryption of files. In this case, it could be of
>(even if small) benefits to avoid the disclosure of the path.
>
>
>> Using --hidden-recipient only protects against an hypothetic attacker
>> who is somehow only able to obtain the email body (the OpenPGP
>> message itself) without the surrounding metadata.
>
>That's correct. As told, I was talking about encrypted files. If you
>upload en encrypted file to a cloud service, for example, it could be a
>good idea to encrypt only to hidden recipients. Security my obscurity
>is not everytime a bad thing. ;)
>
>Regards,
>Dirk

For some reason I'm not getting a "Reply-To:" for the whole list here...
Hidden recipients are normally given in the BCC (Blind Carbon Copy) field in 
the case of email, and the communication paths are not disclosed to other 
recipients.

Shouldn't an email message (for example) be encrypted separately to each BCC 
recipient, or is this an intended all-in-one multiple-recipient encryption 
which cannot conceal from the cryptanalyst the fact that the same message, 
encrypted only once, is being sent to more than one receiving party?

I hate to see the vast number of gpg command-line options get so carried away 
that we lose grip of the basic cryptography that we want to use GnuPG for.

And now the *secret* keys are going in "~/.gnupg/pubring.gpg" with the false 
implication by its name that the file contains only public keys which need not 
be so carefully guarded against disclosure.

-- 
A well regulated Militia, being necessary to the security of a free State, the 
right of the people to keep and bear Arms, shall not be infringed.

https://www.colmena.biz/~justina/

signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Dirk Gottschalk via Gnupg-users 
Hello Damien.

Am Montag, den 31.12.2018, 12:45 + schrieb Damien Goutte-Gattat:
> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-
> users wrote:
> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient 
> > for this purpose. That prevents the disclosure of the communication
> > paths with pure GPG-Packet analysis.

> You do realize that, in the case of e-mail, the communication paths
> are already disclosed by the SMTP protocol (command "RCPT TO") and
> the mail headers ("From", "To", and the like), which both are outside
> the scope of OpenPGP protection?

Yes, sure I do. But referencing the command line options, I thought he
was speaking about encryption of files. In this case, it could be of
(even if small) benefits to avoid the disclosure of the path.


> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP
> message itself) without the surrounding metadata.

That's correct. As told, I was talking about encrypted files. If you
upload en encrypted file to a cloud service, for example, it could be a
good idea to encrypt only to hidden recipients. Security my obscurity
is not everytime a bad thing. ;)

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Stefan Claas 
On Mon, 31 Dec 2018 12:45:44 +, Damien Goutte-Gattat wrote:
> On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users 
> wrote:
> > Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> > this purpose. That prevents the disclosure of the communication paths
> > with pure GPG-Packet analysis.  
> 
> You do realize that, in the case of e-mail, the communication paths are
> already disclosed by the SMTP protocol (command "RCPT TO") and the mail
> headers ("From", "To", and the like), which both are outside the scope
> of OpenPGP protection?
> 
> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP message
> itself) without the surrounding metadata.

But it is imho good if you use anonymous remailers, either for email
or Usenet postings. In the case of email Mallory would only see that
Bob received a message, but does not know from whom it originated
and in case of proper Usenet usage nobody would know who send
the message and who is the recipient.

Regards
Stefan


pgprvYXGaYaqg.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Damien Goutte-Gattat via Gnupg-users 
On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg-users wrote:
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.

You do realize that, in the case of e-mail, the communication paths are
already disclosed by the SMTP protocol (command "RCPT TO") and the mail
headers ("From", "To", and the like), which both are outside the scope
of OpenPGP protection?

Using --hidden-recipient only protects against an hypothetic attacker
who is somehow only able to obtain the email body (the OpenPGP message
itself) without the surrounding metadata.


- Damien


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-31 Thread Gernot Pokorny 
But isn't the documentation wrong for the edge-case when you specify
--encryp-to within gpg.conf and do not specify a recipient? According to
that documentation when you only specify --encrypt-to, but no --recipient,
then the value of --encrypt-to should also not be used and that means we
would have no valid command and that there should be an error, which is not
the case in the gpg implementation. The gpg that I have running simply
takes the name from encrypt-to as a recipient, which makes sense, but is
not in sync with the documentation.

On Mon, Dec 31, 2018 at 7:57 AM Dirk Gottschalk via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Hello.
>
> Am Sonntag, den 30.12.2018, 22:40 +0100 schrieb Stefan Claas:
> > On Sun, 30 Dec 2018 18:05:37 +0100, Gernot Pokorny wrote:
> > Hi,
> >
> > > What is the difference between --encrypt-to and --recipient and
> > > what are the advantages and disadvantages of using one over the
> > > other, which one should you use for encrypting your own files and
> > > what does the following mean?
>
> > > --encrypt-to ... The key specified by name is used only when there
> > > are other recipients given by the user or by use of the option
> > > recipient. ...
>
> > Simply said you put encrypt-to, with your key-id, in your gpg.conf
> > and when you do a gpg --recipient yourfriend it encrypts to your
> > friend and also to you.
>
> Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
> this purpose. That prevents the disclosure of the communication paths
> with pure GPG-Packet analysis.
>
> Regards,
> Dirk
>
> --
> Dirk Gottschalk
> Paulusstrasse 6-8
> 52064 Aachen, Germany
>
> GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
> Keybase.io: https://keybase.io/dgottschalk
> GitHub: https://github.com/Dirk1980ac
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-30 Thread Dirk Gottschalk via Gnupg-users 
Hello.

Am Sonntag, den 30.12.2018, 22:40 +0100 schrieb Stefan Claas:
> On Sun, 30 Dec 2018 18:05:37 +0100, Gernot Pokorny wrote:
> Hi,
> 
> > What is the difference between --encrypt-to and --recipient and
> > what are the advantages and disadvantages of using one over the
> > other, which one should you use for encrypting your own files and
> > what does the following mean?

> > --encrypt-to ... The key specified by name is used only when there
> > are other recipients given by the user or by use of the option
> > recipient. ...

> Simply said you put encrypt-to, with your key-id, in your gpg.conf
> and when you do a gpg --recipient yourfriend it encrypts to your
> friend and also to you.

Yes, that's correct. Anyways, I prefer using the --hidden-recipient for
this purpose. That prevents the disclosure of the communication paths
with pure GPG-Packet analysis.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg - difference --encrypt-to and --recipient

2018-12-30 Thread Stefan Claas 
On Sun, 30 Dec 2018 18:05:37 +0100, Gernot Pokorny wrote:
Hi,

> What is the difference between --encrypt-to and --recipient and what are
> the advantages and disadvantages of using one over the other, which one
> should you use for encrypting your own files and what does the following
> mean?
> 
> --encrypt-to ... The key specified by name is used only when there are
> other recipients given by the user or by use of the option recipient. ...
> 
> 
> I also posted that question under stackoverflow:
> https://superuser.com/questions/1389024/gpg-difference-encrypt-to-and-recipient/1389030#1389030

Simply said you put encrypt-to, with your key-id, in your gpg.conf and when
you do a gpg --recipient yourfriend it encrypts to your friend and also to
you.

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg - difference --encrypt-to and --recipient

2018-12-30 Thread Gernot Pokorny 
What is the difference between --encrypt-to and --recipient and what are
the advantages and disadvantages of using one over the other, which one
should you use for encrypting your own files and what does the following
mean?

--encrypt-to ... The key specified by name is used only when there are
other recipients given by the user or by use of the option recipient. ...


I also posted that question under stackoverflow:
https://superuser.com/questions/1389024/gpg-difference-encrypt-to-and-recipient/1389030#1389030

Thank you
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users