GPG keeps decrypting even after the user cancelled a password request
Reported by Luke Le | July 20th, 2013 @ 01:28 AM
As it appears, if data is encrypted to multiple public keys of
which secret keys
are in the users keyring, gpg will keep decrypting, even if the
password request
was cancelled for one key. If the passphrase of another key is
already cached in
the gpg-agent or the keychain, gpg will output the decrypted
data.
While this might make sense, it's definitely not what the user
expects to happen,
so Libmacgpg should make sure, that the decryption stops once the
user cancels
a passphrase request.
Different thought, this might however break data encrypted to
hidden recipients,
where cancelling the passphrase request to the wrong key, makes
sure that
the user is prompted for a passphrase for every other key the
message is encrypted to.
If they enter the passphrase for the wrong key however, gpg will
use the same passphrase
for all other keys.
FUCK
Comments and changes to this ticket
-
Luke Le July 21st, 2013 @ 08:32 PM
On second thought, it might be possible to check if any keyID with 0 is found which means
there are bcc recipients, and in that case, continue with the normal behavior.
Otherwise, don't try to keep decrypting after the first cancel by the user. -
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Alex (via GPGTools)
Luke Le
Mento
steve