GPG leaks public key info with encrypted files. Depending on the use case this could be a security threat.
Following command reveals the recipient’s public key id from the
encrypted_file.gpg.
gpg --pinentry-mode cancel --list-packets encrypted_file.gpg
gpg: encrypted with 4096-bit RSA key, ID 9633E09E840608DE, created 2013-08-03
"John Doe <johndoe@email.com>"
# off=0 ctb=85 tag=1 hlen=3 plen=524
:pubkey enc packet: version 3, algo 1, keyid 9233E09E843608DE
data: [4096 bits]
# off=527 ctb=d2 tag=18 hlen=2 plen=65 new-ctb
:encrypted data packet:
length: 65
mdc_method: 2
# off=548 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=2
# off=550 ctb=cb tag=11 hlen=2 plen=12 new-ctb
:literal data packet:
mode b (62), created 1492808216, name="",
raw data: 6 bytes
This can be prevented by using -R or --hidden-recipient flag instead of
-r or --recipient flag while encrypting.
So, instead of encrypting files as follows by leaking recipient information:
gpg --encrypt --recipient elon@tesla.com
We can use the following to keep Elon annoymous from such a threat.
gpg --encrypt --hidden-recipient elon@tesla.com