Subj : openpgp.js vulnerability
To   : digimaus
From : August Abolins
Date : Mon May 26 2025 08:51:00

Hello digimaus!

** On Sunday 25.05.25 - 18:39, digimaus wrote to August Abolins:

 AA>> People using Mailvelop, Flowcrypt, Mymail-crypt, UDC,
 AA>> Encrypt.to, PGP Anywhere, passbolt  ..should be wary.

 d> Mailvenlope allows you to use an installed version of GPG instead of the
 d> JS script.  That's much more secure.

Hmmm..


"Key management by GnuPG

"If you have selected GnuPG as your preferred backend for
encryption in Options -> General -> OpenPGP Preferences, the
keys will be managed by your local GnuPG program (usually
GPG4Win or GPGTools).

OK.. That's for the "key management" part.  But I'm not sure if  
that is the same thing as avoiding the security issue talked  
about.

-- 
  ../|ug

--- OpenXP 5.0.64
 * Origin: (} Pointy McPointface (618:250/1.9)

.