gnupg oddities

Rob Park eocnex@hnyoregn.pn
Mon Jan 27 12:07:02 2003


Alas! David Pic=F3n =C1lvarez spake thus:
> 2) If you encrypt an e-mail to, let's say, me, you can't read it yourse=
lf
> unless you encrypt to yourself also. This is because I'm the only one
> capable to decrypt something encrypted with my pubkey. There is a tweak=
 on
> the options file, I think it's precisely default-recipient-self, which
> encrypts to your own key in addition to whatever other key, so that you=
 can
> decrypt your own e-mails. Personally.

I believe default-recipient-self will make gpg encrypt something to
yourself, ONLY if it is not encrypted to anybody else (in other words,
it is a _default_ that is overridden by the --recipient option). This
seems to be consistent with what the manpage says:

--default-recipient-self
          Use the default key as default recipient if option  --recipi-
          ent  is  not  used  and don't ask if this is a valid one. The
          default key is the first one from the secret keyring  or  the
          one set with --default-key.


If you want to have gpg encrypt to you *and* the person you're sending th=
e
email to, add 'encrypt-to YOURKEYID' to your gpg config file. Be aware th=
at if
you encrypt anything with gpg, it will then be encrypted to yourself and
whoever else you specify. That's nice for emails, but sometimes it's not =
what
you want to do ;)

It's probably better to configure your mail client to call gpg with the
option '--encrypt-to YOURKEYID' instead. That way, all your outgoing
mail will be encrypted to you and your recipient, so you can both read
the mail, but when you use gpg outside of your mail client, the files
you encrypt will only be encrypted to whoever you want them encrypted
to.

--=20
Rob Park
http://www.ualberta.ca/~rbpark
--
Don't put off for tomorrow what you can do today because if you enjoy it =
today,
you can do it again tomorrow.