|Deletions are marked like this.||Additions are marked like this.|
|Line 10:||Line 10:|
|Symantec's Encryption Desktop can be configured to send ~OpenPGP/MIME. This should be preferred.\\ **Note:** The GUI settings for do not seem to work, at least for some users, a solution is to edit the config filed of PGP Desktop according to: https://support.symantec.com/en_US/article.TECH164655.html||Symantec's Encryption Desktop can be configured to send ~OpenPGP/MIME. This should be preferred.\\ **Note:** The GUI settings for it do not seem to work, at least for some users, a solution is to edit the config filed of PGP Desktop according to: https://support.symantec.com/en_US/article.TECH164655.html|
PGP Partitioned is a format optionally used by Symantec in it's Encryption Desktop.
It's not an official standard, it does not have a content type. There is just some mailing thread describing it. (partitioned) PGP Partitioned is basically a word for "PGP/Inline Mail Body and each attachment encrypted / signed separately "
It can usually be identified by a "PGPexch.htm.pgp" Attachment containing the body of the mail as a HTML Page.
Symantec's Encryption Desktop can be configured to send OpenPGP/MIME. This should be preferred.
Note: The GUI settings for it do not seem to work, at least for some users, a solution is to edit the config filed of PGP Desktop according to: https://support.symantec.com/en_US/article.TECH164655.html
Why should OpenPGP/MIME be preferred?
- PGP Partitioned is not standardized in an RFC.
- It does not properly handle encoding as it uses PGP/Inline.
- Attachments and the Text are encrypted / signed as different PGP Messages.
E.g. for a Signed and Encrypted Message with 10 Attachments a receiving MUA would have to show 10 different decryption and verification states. To do this securely and user friendly is nearly impossible.
An attacker could add or remove attachments to a mail or change the encoding specified in the mail header making this format inherently insecure.
The format was not designed with security or usability in mind but to work around Outlook and Exchange quirks. These quirks are no longer necessary as it is possible since Exchange 2010 and Outlook 2003 to send and receive proper OpenPGP/MIME messages in Outlook.
Why can't Kleopatra use at least the embedded filename of attachments?
The OpenPGP Format allows to embed a filename in an encrypted file. PGP/Partioned Mail clients use this for the original Attachment when they attach it as AttachmentX.pgp to avoid leaking the name in the mail.
Kleopatra shows this name so users can rename the file after decryption and use it. It does not do this automatically because an attacker could embed a malicious filename. For example when receiving "readme.txt.pgp" with "readme.exe" as embedded filename. Then Kleopatra would after decryption rename that file to readme.exe. By default windows would not show the file extension and when an attacker also embedded the icon for text files into the readme.exe it would look like a text file. The user would have to be cautious to detect something like that. This is why Kleopatra leaves the renaming step to the user.