determining recipient of an encrypted message

Brian Warner warner at
Sat Aug 8 00:43:25 CEST 1998


I'm working on enhancing mailcrypt (the emacs+pgp package) to use GPG. I've
got most of it working so far.. nice job on the command syntax, it's much
easier to control than pgp ever was. I've got one problem though. I need a way
to determine the keyid of an encrypted message's intended recipient from within
the --batch mode.

Mailcrypt tries to figure out which key the message is encrypted to so it can
ask the user for the passphrase that goes along with the right key. It managed
this with PGP by running pgp on the message but not supplying a passphrase;
pgp would happen to emit an error message that included the necessary
keyid. mailcrypt would watch for that message, pull out the keyid, ask the
user for the associated passphrase, and try the decryption a second time.

(I tried a hack involving --list-packets and scanning for the keyid of the
encrypted packet, but the keyid it returns can be a subkey for separate
sign/encrypt key pairs and you can't easily use one to look up the other)

When decrypting interactively (without --batch), the user is prompted for a
passphrase with the right keyid. But it would be nice to avoid the hassle of
allocating a pty and doing expect-like stuff when we've got this great --batch
mode available..

So, the error message that is printed when the secret key is not available
is cool (and convenient), but is there a way to indicate which key is needed,
either in response to some special command, or perhaps embedded in an error
message, possibly one emitted when you try to decrypt a message in --batch mode
but do not provide a --passphrase-fd ?

   warner at

PS: When I get it working, I'll be sending my enhancements to Len Budney for
incorporation into the new mailcrypt (he's adding PGP5.0 to it now). See
<> for details.

More information about the Gnupg-devel mailing list