prevent leaking data through unencrypted subject

[nebulon42]

As the subject is not encrypted by PGP it could leak sensitive data. So I thought we should go all the way and also hide the subject. It is preserved in the message body. For those who find it awkward to have similar subjects for all e-mails send by Zeyple I made this configurable and off by default.

As I don't really know how to handle multipart messages the subject is currently only preserved for plaintext messages. I need a bit of help on the multipart side. Where should the old subject being injected?

[infertux]

I recently discovered https://github.com/autocrypt/memoryhole which aims to encrypt not only the Subject header but also Message-ID, Date, etc. in a standardized way. It's been working great for me so far (using Thunderbird and Enigmail).

I'm sorry to say this but I think it'd make more sense to implement this standard rather than creating yet another one. Though we need to scope out how much work is required and maybe check how it's implemented in Enigmail.

If you don't have much time, please let me know and I'll try to help :)

[nebulon42]

Yes, definitely better to use some standardized way. Didn't know about that, thanks for pointing this out. I'm closing here and move things into an issue until there is another PR. Not necessarily by me. ;)

You reference Thunderbird and Enigmail. AFAIK autocrypt support is not released for Enigmail yet. Are you running from master?

[infertux]

You reference Thunderbird and Enigmail. AFAIK autocrypt support is not released for Enigmail yet. Are you running from master?

@nebulon42 It's not enabled by default in Enigmail but you can turn it on in about:config with:

I use TorBirdy which does this automatically.