Questions about --throw-keyids

Bjarni Runar Einarsson bre at pagekite.net
Mon Feb 13 12:41:51 CET 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

Context: I am trying to figure out how much visible metadata I
can remove from an encrypted e-mail before it becomes completely
unusable.

Step one: stripping stuff from the message headers is relatively
easy; minimal messages with all recipients in BCC are easy to
create (yes, I know the SMTP envelope and SMTP logs still have
the data - this is minimization of metadata, not eliminiation).

Step two: Encrypt using gpg --throw-keyids.

This is easy on the sender's end, but whether this feature can be
used as a matter of course depends on how it impacts the
experience of the recipient. This is where I have some questions
and could use some guidance. Please feel free to correct me if
I've gotten things wrong!

(For those unfamiliar with --throw-keyids: it creates an
encrypted message without any indicators as to which keys it is
encrypted to - so the recipient has to "guess" - in practice
GnuPG will try multiple secret keys until one works or it runs
out of options.)

Using GnuPG 1.4.20 to decrypt, there appears to be a problem
where it only asks for one passphrase even if it is checking many
keys. So the user has to guess which passphrase to provide and
won't be asked again.

Using GnuPG 2.1.11 to decrypt, I do get multiple passphrase
prompts (one per key/subkey), but it doesn't seem to ask me about
expired keys. I am guessing this was a usability trade-off, so
long-time users of GnuPG don't have to answer dozens of
passphrase prompts when decrypting.

My questions:

   * Am I understanding the GnuPG 1.4 behaviour correctly? Is there a recommended workaround?
   * Will GnuPG 2.1.11 attempt to decrypt using an expired key if the message is old, or will old messages just become (effectively) inaccessible over time as keys expire?
   * Are the above behaviours different when using GnuPG non-interactively?
   * Can the caller influence these behaviours in any way? For example, can I force GnuPG to only try one specific key so my application can manage the experience and experiment with other "guessing" strategies?
   * How does GnuPG 2.0 behave?
   * Roughly when did the behaviour change between 1.4 and 2.1.11?

Thanks in advance for any and all answers. :-)

Cheers,
 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYoZuHAAoJEI4ANxYAz5SRFHUH/A/TuJEusZMZ9an3ZFMT61Mi
qLInlvqKkx4JXQ4A7gtwMhgjj4t3YMSq6n/VKzeSjUkGdnXdyJJ5JwxHtymV7ob8
3S+WGvxzipLNe94C/2Vz2OfCjaIjIQ/qjNtY96pSIodEv9/GUug3epzTSvFXQ4A3
4XM471FaI+oVbnJPsetu7Ngwn3TTSWBnO872DL0gHOmvZt9R0QyZ3YTRC3kiKYib
9F2taZ0iRpj4svvNyomiA/itayUJzjq60F5EwsNwzGU3gS3Ue0MZc8GrkVHFgTVo
ZWkygfByM0S31aI6qQkXeJbRsZTLzpgPmqFqtqwieHQLETcaYawuvLUGW7GYh3U=
=wVH1
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list