Subj : Re: Decoding this... To : Vk3jed From : Bbsing.Bbs Date : Thu Aug 08 2019 10:51 am -=> Vk3jed wrote to Bbsing.Bbs <=- -=> On 08-02-19 23:48, Bbsing.Bbs wrote to Vk3jed <=- -=> Vk3jed wrote to Bbsing.Bbs <=- Vk> Hmm, OK. :) So multiplie ciphertexts, each a copy of the same Vk> plaintext Bb> No.., one cyber text, but within the encoded message exists multiple Bb> public keys. Bb> I haven't tried to actually identify a public key in a cyber text Bb> message outside of the gnugp functions. .. you can imagine though, the Bb> more public keys aka recipients, the larger the cyber text message can Bb> get. Vk> But given that encryption is normally done by a combination of public Vk> and private keys in pairs, how does that work? What I haven't done is look at a few file attributes where adding more public keys increases the size of the ascii armor file. If it does increase, then you could possibly assume mathematically that the difference between the same message with 1 recipient vs 2 recipient where recipient 1 is in both messages, the difference would be recipient 2 and you would be able to obtain their public key. How to find out? .. well it may be possible via gnupg. If you are in the recipient list, .. maybe remove all your secret keys from your key ring, and attempt to decrypt using gnupg and see what keys its asking for. Once you find out, then you can re-import your key and attempt to pull the other recipients public key out. A major problem exits due to salting. Where salting makes each encrypted message unique so how to overcome that where you have the original message, your public key, and some other unknown key inside the message, the deduction starts with (the message + your public key) - (unknown recipient public key. salt .. now you have this other unknown. I will have to spin up a vm and attempt these test. I've never tried it. I'm sure someone has already thought of this and tested it, but I've never research it before. In cases of cracking .. its best to just obtain the users key ring, and attempt brute force on each secret key. Vk> Offline mail does work well for PGP/GPG. I used to have a PGP add-on Vk> for Bluewave back in the day. A similar add-on could work for GPG and Vk> Multimail. It hooked the editor, the offline reader would call the Vk> encryption system, and if you wanted to write a message, the system Vk> would then pass control to the actual editor. I will have to attempt to enable pgp for multimail. .... BBSING --- MultiMail/Linux v0.49 * Origin: Electronic Warfare BBS | bbs.ewbbs.net | CBNET HQ (21:1/138) .