#183 do not store ticked recipients from last encryption - GPGServices

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#183 ✓released

do not store ticked recipients from last encryption

Reported by steve | February 24th, 2014 @ 12:16 PM | in 1.10b1 (closed)

This is both a usability and potential low security problem.

Reproduce:

encrypt a file to 5 recipients
encrypt another file
those previous 5 recipients are still ticked off

Issues with this:

my main complaint about this is, that with large keyrings 500+x entries and the very narrow GPGServices window, even if you scroll through the recipients list, chances are you will not spot that 5 entries which are still ticked off
how does the user know if any recipient at all is still ticked?
worst case: send out a symmetric encrypted file (which the user thinks is only going to be encrypted with a phassphrase) and still have recipients from last encryption included
that would reveal with whom you are communicating, and the party this is revealed maybe should not have that info

Thus I suggest, to start GPGServices with all recipients unticket whenever the GPGServices window is launched.

Comments and changes to this ticket

steve April 30th, 2014 @ 03:35 PM
- State changed from “new” to “verified”
- Assigned user set to “Mento”
- Milestone set to “1.10b1”
We now have a checkbox to select / deselect all. If any recipient is checked, users will see the standard "-" checkbox indicating that some but not all items are active. Click that "-" to deselect any previous recipients.

I like this implementation, since if you have a group of let's say 10 people you often encrypt to, removing previous recipients as a default could be a big annoyance.

Thus I think this is a nice solution. Fixed and since it worked in my tests, verified.

Thanks Mento!
steve June 18th, 2015 @ 04:27 PM
- State changed from “verified” to “released”
[bulk edit]

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins (Sort)

↓↑ drag 37 Open tickets
↓↑ drag 0 Resolved tickets
↓↑ drag 0 This week's tickets

Gpgtools GPGServices → 1.10b1

do not store ticked recipients from last encryption

Comments and changes to this ticket

steve April 30th, 2014 @ 03:35 PM

steve June 18th, 2015 @ 04:27 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages

Gpgtools GPGServices → 1.10b1

Keyword searching

do not store ticked recipients from last encryption

Comments and changes to this ticket

steve April 30th, 2014 @ 03:35 PM

steve June 18th, 2015 @ 04:27 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages