key lookup strategies
John at Mozilla-Enigmail.org
Tue Nov 30 17:06:13 CET 2010
>>> I know that it uses the first key to which the pattern applies and that
>>> i could force the correct lookup using -r "<oo at bar.com>" but still it
>>> seems somehow strange.
>> As stated in the manual the default is a substring search and thus you
>> get what you asked for.
> Ok, i see that. But the strange thing is not that it does a substring
> search. The strange thing is that, when i do "gpg --encrypt -r oo at bar"
> (and "-r" apparently stands for *recipient*, not "search string") it
> just picks the first match and encrypts the mail with this key.
Actually, the syntax is -r <recipient name>. That name may be a fingerprint, a
long or short Key ID, or a search string. A fuller explanation of the different
ways to specify an ID is in the gpg man page near the bottom. For example,
<oo at bar> specifies an exact match on the email address instead of the default
case-insensitive substring match.
> It doesn't even say: "Warning: there were 6 matches, i'm now picking a
> random (*) key from those six, even though one would fit perfectly..."
> no it just silently takes one, which is quite strange as a user-experience.
It is documented behavior that with multiple matching keys for signing or
encryption, GnuPG will use the first usable key it finds in the keyring for the
If you wish to use a specific key, it is best to select it by the hexadecimal
key ID or fingerprint.
> (*) well not random, but since i cannot influence the ordering on my
> keyring there's not much difference.
Well, you can, but it's rather a bother. At present, keys are stored in the
order in which they are imported. A key ring is just a serial collection of key
This behavior is subject to change in future versions.
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 499 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel