Double encryption ??

[Michael Nahrath]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Hankeln <oliver@hankeln-online.de> schrieb am 2003-04-05 14:14:

> a friend of mine and me were just starting using GPG.
> He encrypted a text for me an sent it to me. I was able to decrypt it.
> BUT: He was also able to decrypt the encrypted message with his own
> secret key.

He should check his ~/.gnupg/gpg.conf file (or ~/.gnupg/options if he is
running an older version of GPG) for the entries

default-recipient-self      or
default-recipient $MY_KEY_ID

Usually you _want_ to be able to decrypt messages you encypted to someone
else's key yourself.

To prevent this you may try the option '--no-default-recipient' on the
command-line or uncomment the lines in the config file.

> The only reason why this could happen as seen by us is that the text has
> been encrypted twice  - with my and with his public key.

Probably it was encypted only once, but for the two keys.

> We just want to be sure we didn=B4t make any mistakes. Is our assumption
> right?

I guess, the --default-recipient-self may be a default option in your GPG
installation. So I don't see any mistakes on your side.

Greeting, Michi

-----BEGIN PGP SIGNATURE-----
Comment: http://www.biglumber.com/x/web?qs=3D0x9A4C704C

iEYEARECAAYFAj6Rd5sACgkQ19dRf5pMcEyQIQCbBQDRz2pzDx2QUt5d0n7lVsJD
QVAAoLh6Yw/zHxINBW0fKZV95SninCsp
=3DQk/W
-----END PGP SIGNATURE-----