diff --git a/src/e2ee.rs b/src/e2ee.rs index 1eabbb4e1..8a1bc318f 100644 --- a/src/e2ee.rs +++ b/src/e2ee.rs @@ -46,6 +46,7 @@ impl EncryptHelper { keyring: Vec, mail_to_encrypt: MimePart<'static>, compress: bool, + anonymous_recipients: bool, ) -> Result { let sign_key = load_self_secret_key(context).await?; @@ -53,7 +54,14 @@ impl EncryptHelper { let cursor = Cursor::new(&mut raw_message); mail_to_encrypt.clone().write_part(cursor).ok(); - let ctext = pgp::pk_encrypt(raw_message, keyring, Some(sign_key), compress).await?; + let ctext = pgp::pk_encrypt( + raw_message, + keyring, + Some(sign_key), + compress, + anonymous_recipients, + ) + .await?; Ok(ctext) } diff --git a/src/mimefactory.rs b/src/mimefactory.rs index 330e99747..4d73a3e94 100644 --- a/src/mimefactory.rs +++ b/src/mimefactory.rs @@ -1178,11 +1178,28 @@ impl MimeFactory { let mut encryption_keyring = vec![encrypt_helper.public_key.clone()]; encryption_keyring.extend(encryption_keys.iter().map(|(_addr, key)| (*key).clone())); + // Do not anonymize OpenPGP recipients. + // + // This is disabled to avoid interoperability problems + // with old core versions <1.160.0 that do not support + // receiving messages with wildcard Key IDs: + // + // + // The option should be changed to true + // once new core versions are sufficiently deployed. + let anonymous_recipients = false; + // XXX: additional newline is needed // to pass filtermail at // let encrypted = encrypt_helper - .encrypt(context, encryption_keyring, message, compress) + .encrypt( + context, + encryption_keyring, + message, + compress, + anonymous_recipients, + ) .await? + "\n"; diff --git a/src/pgp.rs b/src/pgp.rs index b97889936..fab5f3c7b 100644 --- a/src/pgp.rs +++ b/src/pgp.rs @@ -166,6 +166,7 @@ pub async fn pk_encrypt( public_keys_for_encryption: Vec, private_key_for_signing: Option, compress: bool, + anonymous_recipients: bool, ) -> Result { Handle::current() .spawn_blocking(move || { @@ -178,7 +179,11 @@ pub async fn pk_encrypt( let msg = MessageBuilder::from_bytes("", plain); let mut msg = msg.seipd_v1(&mut rng, SYMMETRIC_KEY_ALGORITHM); for pkey in pkeys { - msg.encrypt_to_key_anonymous(&mut rng, &pkey)?; + if anonymous_recipients { + msg.encrypt_to_key_anonymous(&mut rng, &pkey)?; + } else { + msg.encrypt_to_key(&mut rng, &pkey)?; + } } if let Some(ref skey) = private_key_for_signing { @@ -434,6 +439,7 @@ mod tests { /// A ciphertext encrypted to Alice & Bob, signed by Alice. async fn ctext_signed() -> &'static String { + let anonymous_recipients = true; CTEXT_SIGNED .get_or_init(|| async { let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()]; @@ -444,6 +450,7 @@ mod tests { keyring, Some(KEYS.alice_secret.clone()), compress, + anonymous_recipients, ) .await .unwrap() @@ -453,14 +460,21 @@ mod tests { /// A ciphertext encrypted to Alice & Bob, not signed. async fn ctext_unsigned() -> &'static String { + let anonymous_recipients = true; CTEXT_UNSIGNED .get_or_init(|| async { let keyring = vec![KEYS.alice_public.clone(), KEYS.bob_public.clone()]; let compress = true; - pk_encrypt(CLEARTEXT.to_vec(), keyring, None, compress) - .await - .unwrap() + pk_encrypt( + CLEARTEXT.to_vec(), + keyring, + None, + compress, + anonymous_recipients, + ) + .await + .unwrap() }) .await }