Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography Leak in Enigmail / GnuPG

Fabio Pietrosanti (naif) lists at
Mon Apr 28 00:25:31 PDT 2014

Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto:
> I just wanted to notice that the mostly used encryption software like
> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages
> could represent a major risk.
> a) Enigmail, Thunderbird's PGP plugin, does send "X-Enigmail-Version:"
> header on ALL email sent, also the unencrypted one.
> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add version
> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .

An update on this issue following reports of October '13 :


- GnuPG

- EnigMail (yesterday)


- GPGTool

- Outlook Privacy Plugin

- GPG4Win: "Privacy Leak in Version: and Comment: header"

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - -

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list