From kmail-devel  Mon Jul 31 21:14:24 2000
From: Stefan Suchi <suchi () gmx ! de>
Date: Mon, 31 Jul 2000 21:14:24 +0000
To: kmail-devel
Subject: Bug#7016: No encryption in case of missing secret key for signing
X-MARC-Message: https://marc.info/?l=kmail-devel&m=96507912021584

Package: kmail
Version: 1.0.29.2

If I try to send a message SIGNED and ENCRYPTED and the "PGP User Identity"
is not found in my secret keyring (for example because my email-address has
changed) the message is sent unsigned and unencrypted without any warning.

To me this behavior looks like a mayor security problem.

I would suggest that in this case an error message pops up like itīs doing
in the case a recipient key could not be found or that the message is at
least sent unsigned, but encrypted.

My system: SuSE-6.1, KDE-1.1.2, kmail-1.0.29.2, PGP-2.6.3i.

Stefan

-- 
Stefan Suchi  <suchi@gmx.de>
PGP 2.6.3i; Key 5135 3EF1, Fingerprint:
26 1A 72 E9 33 57 67 30  63 AB 4F A1 A7 D4 29 2A
KDE Linux Packaging Project http://kde.tdyc.com/