Enable hidden key id of OpenPGP encrypted notification and files if enabled

[fpietrosanti]

Following the ideas of securedrop https://github.com/freedomofpress/securedrop/issues/13 and the patch of @hellais at https://code.google.com/p/python-gnupg/issues/detail?id=39 this ticket is to enable hidden key id of OpenPGP encrypted notification and files if enabled.

The feature can lead to several usability problem on receiver side where unskilled adopters may not have the right knowledge/setup to handle PGP encrypted data/notification without key information.

For this reason the functionality must be disabled by default, but the admin and the receivers need to be able to enable it with a single click.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[hellais]

I disagree. I think hidden key ID is not good for receivers. On 16 Oct 2013 00:03, "Fabio (naif) Pietrosanti" notifications@github.com wrote:

Following the ideas of securedrop freedomofpress/securedrop#13https://github.com/freedomofpress/securedrop/issues/13and the patch of @hellais https://github.com/hellais at https://code.google.com/p/python-gnupg/issues/detail?id=39 this ticket is to enable hidden key id of OpenPGP encrypted notification and files if enabled.

The feature can lead to several usability problem on receiver side where unskilled adopters may not have the right knowledge/setup to handle PGP encrypted data/notification without key information.

For this reason the functionality must be enabled by default, but the admin and the receivers need to be able to enable it with a single click.

— Reply to this email directly or view it on GitHubhttps://github.com/globaleaks/GlobaLeaks/issues/675 .

[vecna]

I would implement this feature easily, but I feel like notification details needs to be shaped differently in the DB.

[vecna]

assigned to me.

@hellais I agree that hidden key is sometimes annoying, but here the subject its on a non default feature. who want it, has is.

[origliante]

@fpietrosanti outdated

[fpietrosanti]

@origliante why is outdated? An Hidden Key ID could still be useful when there is a Hidden Receiver for which you don't want to disclose his email address associated to the keyid

[origliante]

@fpietrosanti are u talking about notifications? For e2e keys are generated so can contain "fake" or GL-specific IDs

[hellais]

@origliante it is not sufficient to just comment saying "outdated" you need to argument your claim with at least 2 sentences.

That said I also think it's not a good feature to have inside of GlobaLeaks since we are anyways disclosing the network of receivers. Having hidden receivers goes against the principles of GlobaLeaks. If you are receiving the information you need to have an identity associated to it, even if this identity is just pseudonymous.

Also even if we were to have "hidden" receivers, the globaleaks node would still store their public key and must serve it to whistleblowers for them to do e2e encryption.

Moreover openpgp.js currently doesn't support hidden key IDs. I did see a ticket mention adding support for it, but I don't think it's yet implemented.

Anyways I give this a -1.