Gpg 2.1.10 - Invalid error with --encrypt-to

Neal H. Walfield neal at
Tue Dec 15 13:14:16 CET 2015

On Tue, 15 Dec 2015 04:37:03 +0100,
Daniel Kahn Gillmor wrote:
> Is it possible that the logic for stepping through the keydb
> (whether keybox or keyring) has changed subtly, particularly when the
> specification used is a fingerprint?

The problem is that a cache was not entirely transparent.

Here are the details.  Occasionally the same key is searched for
repeatedly.  This apparently happens primarily when looking up keys by
fingerprint.  We maintain a cache for this case.  When we search by
fingerprint, we first check if the cached entry matches the search
description.  If it does, we return that the resource was found.  The
mistake was to not also take into consideration the current file
position.  Thus, if we looked for ambiguous entries, we would end up
in an infinite loop.  I changed the cache management code to only
consider the cache if the current file position is less than or equal
to the cached entry's position.


:) Neal

More information about the Gnupg-devel mailing list