[Tickets #9493] GPG encryption chooses wrong key.
bugs at horde.org
bugs at horde.org
Wed Jan 5 15:34:49 UTC 2011
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: http://bugs.horde.org/ticket/9493
------------------------------------------------------------------------------
Ticket | 9493
Erstellt Von | ans+horde at immerda.ch
Zusammenfassung | GPG encryption chooses wrong key.
Warteschlange | IMP
Version | 4.3.9
Typ | Bug
Status | Unconfirmed
Priorität | 3. High
Milestone |
Patch |
Zuständige |
------------------------------------------------------------------------------
ans+horde at immerda.ch (2011-01-05 10:34) hat geschrieben:
If user o at bar.com writes an encrypted email to foo at bar.com imp uses
the publickey of o at bar.com instead of foo at bar.com.
I suspect (but did not yet try this) that this would happen also if
user someone at bar.com writes an email to o at bar.com but has the key of
foo at bar.com in his keyring and this key is above the key of o at bar.com.
As this is a potential security issue, i marked this bug as high.
most probably you do not escape the email address properly before
searching the key. in gpg the default lookup strategy is string match.
if you want to lookup an emailadress, you should use <foo at bar.com>
More information about the bugs
mailing list