Order of keys attempted to decrypt

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jun 18 18:27:16 CEST 2014


On 06/18/2014 09:43 AM, Daniel Kahn Gillmor wrote:
> On 06/18/2014 04:46 AM, Richard Ulrich wrote:
>> $ gpg -d test.txt.gpg 
>> gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 …
>> gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91
>> gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E …
>> gpg: Alles klar, wir sind der ungenannte Empfänger.
>> gpg: verschlüsselt mit RSA Schlüssel, ID 00000000
>>
>> It first tries to decrypt using the primary key. And since the card with
>> the primary key is not plugged in, it outputs an error, before it tries
>> the sub key that succeeds.
> 
>> I tried using the -r option to specify the key to use, but it was
>> seemingly ignored.
>>
>> Is there a way to specify which key to try first?
> 
> see the --try-secret-key option or the --default-key option as described
> in gpg(1).

Sorry -- i think try-secret-key is only available in gnupg 2.1, but
seems to have erroneously made it into the man pages for gpg 1.4 and 2.0
somehow.

the thread from October 2013 with  "@ifset gpgtwoone macro not working
in gpg.texi?" on gnupg-devel suggests that this documentation issue was
already fixed, but it looks to me like the documentation wasn't actually
fixed.

The fix appears to have been backported into the 2.0 branch in commit
d03df688 earlier this month (not yet released) and doesn't seem to be
applied to the 1.4 branch at all.

Werner, are you ok with cherry-picking a15c35f into the 1.4 branch as well?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140618/5f72a0dc/attachment.sig>


More information about the Gnupg-users mailing list