Bug in GnuPG

Joe Vender jvender at owensboro.net
Wed Jan 11 06:09:16 CET 2006


>On 1/10/06 at 9:38 PM Werner Koch wrote:

>On Tue, 10 Jan 2006 12:48:34 -0600, Joe Vender said:
>
>> Then why, if instead of encrypting to myself non-anonymously, I encrypt to
>> myself anonymously along with the other anonymous recipients, I only get the
>> anonymous passphrase prompt once, and upon successful passphrase entry it goes
>> through the "anonymous recipient: trying secret key [my_secret_keyid]" as many
>> times as there
>
>That message is a diagnostic to tell that there is a hidden recipient.

Yes, I understand that the message is telling me that it's trying my secret key
on the session key that its checking, but why am I only asked once in this
situation, but once for each recipient when I'm included non-anonymously?

>You are asked for the passphrase several times because each PKDECRYPT
>operation requires a passphrase to prepare the key for the actual
>decryption.


Then this must mean that when I am encrypting to multiple anonymous recipients
including myself anonymously, GnuPG always puts my session_key at the top.
Otherwise, by this reasoning, I would keep getting anonymous prompts until it
encountered my session_key. And it also appears that GnuPG puts the known recipients
at the end. This is backwards.

>On 1/10/06 at 9:38 PM Werner Koch wrote:

Also, as an example, lets say I encrypt to 100 anonymous recipients
and include myself non-anonymously. Then, I would get 100 anonymous prompts in a
row,even if I entered my passphrase correctly each time. This isn't reasonable.

GnuPG needs to either put my session keys at the very top of the list regardless
of whether I'm including myself anonymously or non-anonymously, or have the
ability to cache the passphrase (possibly via a switch "--cache-passphrase") to
be supplied automatically for each anonymous prompt until the decryption process
either fails due to lack of decryption key, or passes, at which point the passphrase
is automatically cleared from cache.

Joe





More information about the Gnupg-devel mailing list