a newbie question on passphrase to decrypt an encrypted file

Frank Tobin ftobin@neverending.org
Thu Aug 23 02:47:01 2001

Dongping Deng, at 17:06 -0700 on Wed, 22 Aug 2001, wrote:

   I installed gpg (win32) on my machine running NT. I generated my key
   with my passphrase. When I encrypted a file, it asked me for the
   passphrase. But when I decrypted it, it didn't ask me for the
   passphrase at all. This sounds scary to me. I can't seem to find the
   answer from various documents. Don't you have to type in your
   passphrase to decrypt a file?

Since when one encrypts files, one doesn't need to to access the secret
key (and hence, enter a passphrase), I think what you did in the first
step was sign your message, not encrypt it.  Signing a message requires
access to your secret key.

Also, since verifying signed documents does not require access to your
secret key, I think that this is what you did in your second step.  That
is, you didn't decrypt, but rather verify a signature.

Frank Tobin		http://www.neverending.org/~ftobin/