Page MenuHome GnuPG

Kleopatra: Improve handling of embedded filename
Closed, ResolvedPublic

Description

The use case for this is file encryption or the PGP/Partitioned "attachment.pgp" if you rename an encrypted file after encryption you loose the Information which type the file is if you remove the original extension and the filename might differ.

This is important because filenames / filetype might be confidential. As the original filename is embedded anyway (have to make sure this also happens when kleopatra is used) we can use this.

As automatic renaming the output file can have security implications e.g. if the output then is an .exe or .dll or tries some kind of path attack is problematic, my idea would be to open a message box when the output file name differs from the original filename and then ask the user if the output file should be renamed to the original filename.

Details

Version
master

Related Objects

Event Timeline

aheinecke created this task.
ikloecker edited projects, added Restricted Project; removed g10code.Jul 5 2022, 4:28 PM
ikloecker added a subscriber: ikloecker.

Move from g10code to gpgcom, as discussed with Andre.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Jul 7 2022, 9:40 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Testing.

Ready for testing.

Note that prior to the changes made for this task, Kleopatra did not embed the original file name in the encrypted files.

werner claimed this task.