Release: 0.9.10 (May 30 2006)
Environment
Windows XP SP2
Description
Encrypt new messages by default is checked in options and all other options are not checked (default?). Now if I send email to user who I do not have a GPG key, key selection dialog pops up and I cannot abort message anyway sending. It will be send in cleartext to target user(s).
Now lets assume this message would have been a really important but I selected wrong target email, now message would be sent cleartext to wrong user. Or if user's key has expired already (haven't tested this though), it would be really unfortunety if it would be sent in cleartext.
In example Enigmail plugin for Thunderbird allows you to select keys and when pressing 'Cancel' it would go back to message editing. I would like to see similar functionality in gpgol to increase security.
How To Repeat
- Write email message
- Set To: -field to email address where you don't have a key
- Press send button
- Try to abort message without sending it in cleartext
Fix
Unknown