Should always add myself as recipient when ecrypting?

Sergey Matveev stargrave at stargrave.org
Mon Mar 21 12:00:04 CET 2016


*** Paolo Bolzoni <paolo.bolzoni.brown at gmail.com> [Mon, 21 Mar 2016 10:44:06 +0100]:
>I was wondering if I should always add
>myself as recipient when encrypting a file, of course, in addition of
>the real recipient.
>
>Is there a reason not to?

Without yourself adding to the recipient: only remote party's key
compromising will lead to message decryption. With yourself added: at
least two keys can be compromised for message decryption. Higher risks.
Question of trust. Some people are accurate in context of security and
key management, others are absent-minded and because of them, as one of
recipients, your messages under higher risk.

-- 
Happy hacking



More information about the Gnupg-users mailing list