Ingo Klöcker wrote: > On Saturday 25 April 2009, John Clizbe wrote: >> >> The message will be encrypted once with a symmetric cipher and >> session key. Then the session key is encrypted to each recipient's >> public key and the encrypted session keys are attached to the >> message. >> >> For each recipient the first valid key with matching email address is >> the one selected. If this is not the preferred key, then Enigmail's >> Per-recipient rules may be setup to specify the correct key to use. > > How does Thunderbird/Enigmail handle bcc'd recipients? Does it create > several differently encrypted copies of the message in case of bcc'd > recipients, i.e. one copy of the message encrypted with the keys of all > public recipients and additional copies of the message (one per bcc'd > recipient) encrypted only with the key of the corresponding bcc > recipient (and probably with the sender's key)?
Enigmail passes GnuPG a list of recipients to encrypt to. It does not
generate separate messages, only the one. This is a constraint of
Thunderbird's architecture.
BCCed recipients are treated as just another recipient. There is only
one copy of the message and one set of encrypted session keys.
If one is going to encrypt *and, at the same time*, use BCC, he should
seriously look at using GnuPG's throw-keyids option. From the man page:
--throw-keyids
--no-throw-keyids
Do not put the recipient key IDs into encrypted messages.
This helps to hide the receivers of the message and is a lim-
ited countermeasure against traffic analysis. On the receiv-
ing side, it may slow down the decryption process because all
available secret keys must be tried. --no-throw-keyids dis-
ables this option. This option is essentially the same as
using --hidden-recipient for all recipients.
The other alternative is to manually manage BCC copies. Personally, I'm
not a big fan of BCC.
PS: Rob's comments about how TB's architecture forces Enigmail's
behavior and the suggestion that it should probably be moved are both
correct.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-k...@gingerbear.net?subject=help
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
