Page MenuHome GnuPG

Kleopatra: Fall back to included filenames for files without extension
Closed, ResolvedPublic

Description

Kleopatra should fallback to the filename included in the pgp message in case a file has no extension after decryption.
I know that this is problematic because the filename is not signed but I think that it is better then to let the user "guess" what file he received.
This is especially important for PGP/Partioned stuff sent out by symantec.

Revisions and Commits

Event Timeline

aheinecke changed the task status from Open to Testing.Mar 26 2019, 1:44 PM

If the filename embedded in the encrypted message differs from the filename Kleopatra uses (which is derived from the file system filename) Kleopatra will now show the filename. This should cover the case where users receive an "Attachment.pgp" and do not know what that is.

I think this is better then using the filename automatically because this would allow attacks like calling a file "README.pgp" and then having an embedded name of "README.exe".