ietf-openpgp
[Top] [All Lists]

Re: filenames of encrypted attachments visible ? How hard would it be to hide?

2004-01-05 06:31:56
[sorry. ralf, of course I meant to answer to the lists]

On Monday 05 January 2004 14:06, Ralf Hauser wrote:
To my understanding,

If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?

http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.

Isn't that kind of giving away information that could be easily protected -
or did I miss something?

Hi,

You did miss rfc3156 (PGP/MIME). The structure of these (encrypted) emails is:

============================
From: whatever
To: whatever
Subject: whatever
Date: whatever
Content-Type: multipart/encrypted;
  protocol="application/pgp-encrypted";
  boundary="Boundary-02=_5Plx/pJ9Yq8C9E0"


--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/pgp-encrypted

Version: 1

--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/octet-stream

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3 (GNU/Linux)

hQEOAzLIxTMIwnnYEAP....
....
AFWzv4cn5IDmQ5A93JaApgQg6g==
=pVu5
-----END PGP MESSAGE-----
--Boundary-02=_5Plx/pJ9Yq8C9E0--

============================

And the encrypted part is again a full MIME message, with attachments and all. 
So the only relevant bits that go over the wire unencrypted are From/To 
(unavoidable to the extent of the email addresses) and the Subject (I have a 
proposal that could address this cooking slowly, I think I posted it in some 
places a few months ago).

Greetings
-- vbi


-- 
<Knghtbrd> joeyh now has a terminal at the couch?
<Knghtbrd> That guy is wired, I swear  =3D>
<doogie> Knghtbrd: laptop
<doogie> and I don't mean the cats.

Attachment: pgpSbMO6Juhaq.pgp
Description: signature