GPGME recipients Q: is this a bug or a feature?

Werner Koch wk at
Fri Jun 28 10:42:01 CEST 2002

On Thu, 27 Jun 2002 16:44:16 -0500 (CDT), Robert J Hansen said:

> Now, I've looked in the manual, and so far I haven't been able to find any 
> passage which clearly states whether this is a bug or a feature.  Can 
> someone please refer me to what the expected behavior is, and how I can 
> force encryption to an untrusted key?

That interface is currently somewhat limited.  The reason is that the
validity check is done as part of the actual encryption function and
thus we are not able to spot untrusted keys while willing the
recipient set.  We will change this in the future to return better
indications for untrusted recipients.

There are two cases in the current implementation: All keys are marked
as ultimately or fully trusted by using the
gpgme_recipients_add_name_with_validity (which is designed - but not
implemented - to actually override any validity calculation by gpg on
a per recipient base), or all keys are consider fully trusted by gpg.

In general it does not make sense to encrypt something to a recipeint
you don't trust.  The way to overcome this is by signing the
recipeints key locally.



More information about the Gnupg-devel mailing list