simplifying the use of --throw-keyid option

David Shaw
Sat Apr 5 03:10:01 2003

Hash: SHA1

On Thu, Apr 03, 2003 at 12:19:44PM -0600, David Champion wrote:
> * On 2003.04.03, in <>,
> *	"David Shaw" <> wrote:
> > 
> > I have 63 secret keys on my current keyring, and that's the ring I
> > used to test the feature ;)   The check to see whether a given key is
> > the right one is actually extremely quick.
> Ah, ok -- unfamiliar with the specifics of 2440, I thought it must
> take as long as decrypting the whole message, and then some. But I can
> imagine that's not necessary.

It's a pretty neat system - there are short checksums that are used to
throw out clearly wrong decryptions so GnuPG doesn't need to continue.
It also doesn't proceed to decrypt the message if the secret key can't
be decrypted.

> > I'm also not sure that -u would be the appropriate option here, since
> > -u is designed and documented to work in an options file, which would
> > make thrown keyid messages more or less unusable in those cases unless
> > the -u value happened to match the key in use.
> I wondered whether that might be a problem.
> In this case, then, would it be appropriate to change the help text
> associated with -u? It currently says "use this user-id to sign or
> decrypt", but it sounds like that user-id is *never* used to decrypt. Or
> is there another case where a user can profitably specify the decryption
> key?

Hmm.  I don't know what the original intent was with that help text.
I can't think of any place where -u can actually be used to specify a
decryption key.  Maybe something in an earlier version that was

It is unfortunately difficult to change the help text in 1.2.2 as
it'll break all of the translations. :(

Version: GnuPG v1.2.2rc1 (GNU/Linux)