File Encrypted with Primary key
Brian Minton
brian at minton.name
Sun Aug 21 14:59:13 CEST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
You can use gpg --list-packets to see exactly what OpenPGP packets are
present in the ciphertext. That would show you in great detail exactly what
their software sent you.
-----BEGIN PGP SIGNATURE-----
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXuaWV
AAoJEGuOs6Blz7qpQUUA+wWcZe2Dod/SfyClhZW99j985S2Raji6R+0si31K7vYo
AP9zynHbX0fmTIRXTelRtkxE1Tp816Dtn5FeZbjUlprzvw==
=hhbz
-----END PGP SIGNATURE-----
On Sun, Aug 21, 2016, 6:53 AM Peter Lebbing <peter at digitalbrains.com> wrote:
> I have no experience with the software you mention. Keep that in mind
> while reading my ramblings.
>
> On 19/08/16 17:56, Scott Linnebur wrote:
> > I have a suspicion that is the cause but I can’t test it.
>
> My key looks like this:
>
> $ gpg2 -k de500b3e
> pub rsa2048/DE500B3E 2009-11-12 [C] [expires: 2017-10-19]
> uid [ultimate] Peter Lebbing <peter at digitalbrains.com>
> sub rsa2048/DE6CDCA1 2009-11-12 [S] [expires: 2017-10-19]
> sub rsa2048/73A33BEE 2009-11-12 [E] [expires: 2017-10-19]
> sub rsa2048/B65D8246 2009-12-05 [A] [expires: 2017-10-19]
>
> If something is encrypted to this key, gpg2 will mention the following:
>
> $ gpg2 test.gpg
> gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12
> "Peter Lebbing <peter at digitalbrains.com>"
>
> So it explicitly tells me that it was encrypted to the
> encryption-capable subkey 73A33BEE. If it tells you that it was
> encrypted to the primary key ID instead, I think your analysis is right.
>
> > I can’t find
> > anyway to force the primary key to encrypt
>
> I don't think it is possible to force a key to be used in a way that is
> not indicated as a capability for that key. If something encrypts to a
> key that is not encryption-capable, that seems to me to be a major bug.
> Subkeys and key capability flags have been around for practically
> forever by now. Software that can't deal with this is not OpenPGP
> compatible and probably ancient.
>
> > and I can’t figure out how to
> > generate a key pair without secondary keys in it.
>
> It's possible, but first lets take a look if there is a different
> solution. Keys that can both sign and encrypt are frowned upon. The
> primary key necessarily has the Certify capability, which is a form of
> signing. So it shouldn't get the Encrypt capability.
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160821/474d3fb6/attachment.html>
More information about the Gnupg-users
mailing list