Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Peter Lebbing peter at
Tue Aug 29 16:24:28 CEST 2017

On 29/08/17 15:24, Shawn K. Quinn wrote:
> All you're supposed to be
> able to tell when using that option, is that none of your keys will
> decrypt the message

... which you can only do by trying each private key on the encrypted
session key packet and seeing whether the resulting plaintext (which
contains the session key) makes sense.

There isn't any information that can be learned without actually trying
out a particular private key. At least for RSA, it's the only algorithm
I know enough by heart about to make this claim with confidence.

You don't need to decrypt the data though, just the encrypted session
key, to see if it's the correct private key.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170829/46a3a221/attachment-0001.sig>

More information about the Gnupg-users mailing list