simplifying the use of --throw-keyid option
David Shaw
dshaw@jabberwocky.com
Thu Apr 3 07:14:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Apr 02, 2003 at 08:17:41PM -0500, Todd wrote:
> David Shaw wrote:
> > On Wed, Apr 02, 2003 at 03:39:35AM +0200, Malte Gell wrote:
> >
> >> if one gets a message encrypted with the --throw-keyid option the
> >> receiver's GnuPG has to try all available secret keys and this can be a
> >> bit annoying if one has several secret keys.
> >> So, wouldn't it be a nice idea to have a new option "--encrypted-with"
> >> to simplify this ?
> >
> > The development branch has better handling of such messages. Instead
> > of prompting for each secret key, it prompts for a single passphrase
> > and tries it against all keys. This will be in 1.4.
>
> Pardon me for asking a question when I know very little about the subject,
> but why not display the key for which gpg is asking for a passphrase? I'm
> thinking of what ssh does, using key based authentication, it will prompt
> you something like:
>
> Enter passphrase for key '/home/user/.ssh/id_rsa':
>
> Could that be done for gpg when it's trying your various secret keys?
> Obviously, it would use either the keyid or some other identifier in place
> of the file path as ssh uses.
That is what GnuPG currently does. The problem with this method is
that when decrypting a message with a thrown (hidden) keyid, the user
must type the passphrase for every single key. For users with more
then one secret key, this is annoying. The new system asks for a
passphrase once, and then tries each secret key with that passphrase.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+i8Ne4mZch0nhy8kRAuEUAJ9sOXSxFE/YjOZYrI3FMe6/8zXV6wCcD6Wv
2WKWV2pOWkQ9gewIFlqymyE=
=bANS
-----END PGP SIGNATURE-----