diff options
author | Dylan Baker <dylan@pnwbakers.com> | 2017-08-15 13:17:43 -0700 |
---|---|---|
committer | Dylan Baker <dylan@pnwbakers.com> | 2017-08-17 10:59:49 -0700 |
commit | 707843b7da81e794d336eb0b9e69d62b3d6a0e02 (patch) | |
tree | 66e27f8bdd9695c9830b5398c204c8c93e13ba8c /alot/crypto.py | |
parent | 5f88b7ff8d576776c152cd8df557f372e7bcab03 (diff) |
crypto: Don't sign when encrypting
This is a missed difference between pygpgme and gpg, gpg signs by
default when encrypting with an attached signature. Since this isn't
being toggled it's bad, it's a kind of information leak, and increases
the size of the mail for no reason.
NOTE: This is the kind of signature proposed by RFC 2440, which we're
missing tests for.
Diffstat (limited to 'alot/crypto.py')
-rw-r--r-- | alot/crypto.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/alot/crypto.py b/alot/crypto.py index c73d792c..3c748162 100644 --- a/alot/crypto.py +++ b/alot/crypto.py @@ -176,7 +176,8 @@ def encrypt(plaintext_str, keys=None): :rtype: str """ ctx = gpg.core.Context(armor=True) - out = ctx.encrypt(plaintext_str, recipients=keys, always_trust=True)[0] + out = ctx.encrypt(plaintext_str, recipients=keys, sign=False, + always_trust=True)[0] return out |