Sign/Encrypt - Show default recipients
Open, Needs TriagePublic
Actions

Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Edit Revisions
Mute Notifications
Award Token
Flag For Later

Description

GPG supports adding default recipients in gpg.conf file, for example:

encrypt-to test1@example.com
encrypt-to test2@example.com
encrypt-to test3@example.com

Sign/Encrypt dialog of Kleopatra doesn't show any information about default recipients.
However file will be implicitly encrypted for those 3 additional recipients as well as for explicitly defined recipients.

It creates potential vulnerability: if someone adds default recipient to gpg.conf then user will never know about it.

I propose to show default recipients in Sign/Encrypt UI.

andreylegayev created this task.Apr 10 2020, 7:24 AM

I tried to test it in Thunderbird + Enigmail - same result.
Email was silently signed for me, recipient and those who are in gpg.conf
It's not just Kleopatra issue, I think it's global.

Sign/Encrypt - Show default recipientsOpen, Needs TriagePublicActions

Description

Sign/Encrypt - Show default recipients
Open, Needs TriagePublic
Actions