GpgOL: If no key is selected for a recipient GpgOL tries to encrypt to the complete keyring
Closed, ResolvedPublic


When GpgOL does not find a key for a recipient it offers the option to ignore this recipient and only encrypt to the other keys.

If this is selected since rev it f70faebc this leads to a keylisting with empty parameters. So a full keylisting is done to select the keys for this recipient.

All versions since GpgOL 2.4.6 are affected by this. Meaning all Versions released in 2020.

The impact of this might be low as it has not been reported and we can expect that it is a rare case were you select no key for a recipient in a mail. And with a normal size keyring you would have key s in there that are expired and would cause the operation to fail.

But encrypting to unselected / possibly untrusted certificates is of course highly critical!

aheinecke created this task.Thu, Jan 7, 2:19 PM
aheinecke created this object in space Restricted Space.
aheinecke created this object with visibility "g10code (Project)".
werner shifted this object from the Restricted Space space to the S1 Public space.EditedMon, Jan 18, 12:21 PM
werner changed the visibility from "g10code (Project)" to "Public (No Login Required)".
werner closed this task as Resolved.
werner added a subscriber: werner.

Fix released with gpg4win 3.1.15 (T5236)