Gpgtools Libmacgpg → 0.8.4

Comments and changes to this ticket

• 

  Support May 30th, 2018 @ 12:02 PM

  • State changed from “new” to “fixed”

  (from [2fed2abe485fd11641b253a82b3d94923ef77848]) Prevent encryption spoof attack.

  Do not allow unencrypted plaintext in an encrypted message.
  UnitTests added.
  [FIX] [#162 state:fixed] https://github.com/GPGTools/Libmacgpg/commit/2fed2abe485fd11641b253...

• 

  steve May 30th, 2018 @ 09:00 PM

  • State changed from “fixed” to “started”
• 

  Support May 31st, 2018 @ 10:58 AM

  • State changed from “started” to “fixed”

  (from [ce0eff8a85f1eb6c9b86e5cba2ff2fe56036efcc]) Use a boolean to indicate a decryption failure.

  [#162 state:fixed] https://github.com/GPGTools/Libmacgpg/commit/ce0eff8a85f1eb6c9b86e5...

• 

  steve May 31st, 2018 @ 02:51 PM

  Verify steps

  https://neopg.io/blog/encryption-spoof/

  • replace -r nerd with personal email
  • create both cakes
  • open 01-pgp-inline.gpg & 02-pgp-inline.gpg with TextEdit
  • coyp the content of 01-pgp-inline.gpg into an email message and send to yourself. same wit #2 (don't encrypt or sign message) to generate eml files

  In all cases decrytion should not work.

  macOS 10.13.4
  GPG Suite 2177n
  verified

  • test1_gpgservice.png 25.9 KB
  • test2_gpgservice.png 26 KB
  • test1_gpgmail.png 104 KB
  • test1_gpgmail_error.png 45.6 KB
  • test2_gpgmail.png 13.5 KB
• 

  steve May 31st, 2018 @ 02:51 PM

  • State changed from “fixed” to “verified”
• 

  steve June 9th, 2018 @ 07:06 PM

  • State changed from “verified” to “released”

  [bulk edit]