How can I know all the recipients of a GPG encrypted message

Daniel Kahn Gillmor dkg at
Tue Nov 1 18:20:03 CET 2011

On 10/31/2011 04:04 PM, vivarto wrote:
> Is there a command line option for displaying all recipients to whom the
> message was encrypted.

feed the message body (not decrypted) itself through gpg --list-packets.

You should see output like this:

dkg at pip:~$ gpg --list-packets 2>/dev/null < .mail/msg.12345
:pubkey enc packet: version 3, algo 1, keyid 77A0D9461321E649
	data: [4095 bits]
:pubkey enc packet: version 3, algo 1, keyid 1FE3FFC22D967C01
	data: [4096 bits]
:encrypted data packet:
	length: 64
	mdc_method: 2
dkg at pip:~$

Each of the "pubkey enc packet" stanzas identifies a particular key to
which the message was ostensibly encrypted.  You may find that you need
to fetch the relevant keys to learn more about the identity of the

Without holding the corresponding secret keys, of course, you can't tell
for sure that the message has been actually encrypted to the listed key.
 It's possible to create a pubkey enc packet with bogus data in it, so
that it looks like the message has been encrypted to DEADBEEFDEADBEEF,
but in fact it cannot be decrypted by the holder of that secret key.

Note also that it's possible (e.g. with --throw-keyids or
--hidden-recipient) to craft messages that don't advertise the people to
whom the message was encrypted.  These kind of messages are a hassle for
the intended recipients, however, because a recipient needs to try each
of their secret keys against each pubkey enc packet to see if any
decryption is possible.

In short: there's no way to be absolutely sure of all the intended
recipients; but in common practice you can have a reasonable guess.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111101/378f00a5/attachment.pgp>

More information about the Gnupg-users mailing list