Kleopatra: Fall back to included filenames for files without extension
Closed, ResolvedPublic

Description

Kleopatra should fallback to the filename included in the pgp message in case a file has no extension after decryption.
I know that this is problematic because the filename is not signed but I think that it is better then to let the user "guess" what file he received.
This is especially important for PGP/Partioned stuff sent out by symantec.

aheinecke created this task.Mar 5 2019, 9:45 AM
aheinecke changed the task status from Open to Testing.Mar 26 2019, 1:44 PM

If the filename embedded in the encrypted message differs from the filename Kleopatra uses (which is derived from the file system filename) Kleopatra will now show the filename. This should cover the case where users receive an "Attachment.pgp" and do not know what that is.

I think this is better then using the filename automatically because this would allow attacks like calling a file "README.pgp" and then having an embedded name of "README.exe".

aheinecke closed this task as Resolved.Mar 27 2019, 1:54 PM

3.1.6 is released.