Page MenuHome GnuPG

Wish to add a generic comment or hint to encrypted data
Open, WishlistPublic


It would be useful to add a general text hint to symmetric and asymmetric encrypted data.

This keyword could be set and interpreted by kleopatra to display when decryption failed.

There are two use cases for this. For Asymmetric encryption this could identify a key holder or a project to which an encrypted data paket belongs. Like "Project Airplane X" as a Tag. And on decryption failed Kleopatra could show something like: "Decryption failed. No Secret Key. Keyword: Project Airplane X. It is encrypted to the following keys: <keyid> <keyid> etc."

Similarly for symmetric encryption it could be used to identify a passphrase. Like "Project Airplane X Q1 2022 Key". So that the user knows which key to enter.

This issue should document if we would want to add this. I could think of a literal data packet that is prepended before the encrypted packet. This would of course confuse other implementations. But when we only add such a comment optinal with data kept in our ecosystem and as long as it is standard compliant. I think for a different client it would look just like two data packets, one encrypted, the other one unencrypted.

Or we just enforce an outer signature with a regarding signature notation. This could also help to avoid an attack like trying to get someone to enter the "Project Airplane X Q1 2022 Key" on an insecure system by sending the person such data that indicates this in a comment.

Event Timeline

aheinecke triaged this task as Wishlist priority.Jan 14 2022, 9:53 AM
aheinecke created this task.

Using an armor header would allow for this. But well, this blows up the data and frankly, I fear that it can lead to unexpected side effects. Better to use a respective file name or MIME header.