GPG Hidden Recipient
Jikku Jose

GPG leaks public key info with encrypted files. Depending on the use case this could be a security threat.

Following command reveals the recipient’s public key id from the encrypted_file.gpg.

gpg --pinentry-mode cancel --list-packets encrypted_file.gpg

gpg: encrypted with 4096-bit RSA key, ID 9633E09E840608DE, created 2013-08-03
      "John Doe <>"
# off=0 ctb=85 tag=1 hlen=3 plen=524
:pubkey enc packet: version 3, algo 1, keyid 9233E09E843608DE
        data: [4096 bits]
# off=527 ctb=d2 tag=18 hlen=2 plen=65 new-ctb
:encrypted data packet:
        length: 65
        mdc_method: 2
# off=548 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=2
# off=550 ctb=cb tag=11 hlen=2 plen=12 new-ctb
:literal data packet:
        mode b (62), created 1492808216, name="",
        raw data: 6 bytes

This can be prevented by using -R or --hidden-recipient flag instead of -r or --recipient flag while encrypting.

So, instead of encrypting files as follows by leaking recipient information:

gpg --encrypt --recipient

We can use the following to keep Elon annoymous from such a threat.

gpg --encrypt --hidden-recipient