| |
Known Bugs
Messages saved decrypted in Outlook
If the Automatically decrypt/verify when opening messages checkbox
under the Email tab in PGP Options is checked, encrypted messages
can silently be saved unencrypted in M$ Outlook. This occurs for example when
replying to an encrypted message.
To avoid the bug, you have to do one
of the following:
 |
Switch
off the Automatically
decrypt/verify when opening messages option (see Setting PGP Options).
Decryption will now require a click on a decrypt icon in Outlooks toolbar. |
|
Pay
USD 50 for the latest non-freeware version of PGP (sold
by Phil Zimmermann). Since the software uses an "activation
scheme", you will might end up having to buy a new license each time you
upgrade your computer (change disks, expand memory etc or even recover
from a crash), so this could be
money unwisely spent. |
|
Assemble
your own solution from bits and pieces found at Alternative
Software.
Interesting and commendable stuff, alas not for the lazy. |
The Klima/Rosa vulnerability
The Klima/Rosa attack, named after those who discovered the security hole,
can be used to snatch your signing key (signing is not covered by this guide).
However, your decryption key is perfectly safe. For details about the
vulnerability, see Key
Vulnerability on Tom McCune's PGP page. Note that the attacker needs read
and write access to your files in order to succeed. If that is the case, you're
likely to have big security problems.
|
