Unable to abort message sending when there are no valid encryption key for target user
Closed, ResolvedPublic

Description

Release: 0.9.10 (May 30 2006)

Environment

Windows XP SP2

Description

Encrypt new messages by default is checked in options and all other options are not checked (default?). Now if I send email to user who I do not have a GPG key, key selection dialog pops up and I cannot abort message anyway sending. It will be send in cleartext to target user(s).

Now lets assume this message would have been a really important but I selected wrong target email, now message would be sent cleartext to wrong user. Or if user's key has expired already (haven't tested this though), it would be really unfortunety if it would be sent in cleartext.

In example Enigmail plugin for Thunderbird allows you to select keys and when pressing 'Cancel' it would go back to message editing. I would like to see similar functionality in gpgol to increase security.

How To Repeat

  1. Write email message
  2. Set To: -field to email address where you don't have a key
  3. Press send button
  4. Try to abort message without sending it in cleartext

Fix

Unknown

This is fixed in the current SVN code.

twoaday closed this task as Resolved.Aug 16 2006, 10:00 AM