Questions about --throw-keyids

Daniel Kahn Gillmor dkg at
Mon Feb 13 17:34:44 CET 2017

On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
> Step two: Encrypt using gpg --throw-keyids.
> This is easy on the sender's end, but whether this feature can be
> used as a matter of course depends on how it impacts the
> experience of the recipient.

Agreed that the recipient's side is the tough part of the problem to

You don't mention gpg's --try-all-secrets, --try-secret-keys, and
--skip-hidden-recipients options, which are all attempts to provide some
guidance to gpg about how to handle these things during decryption.
Maybe you want to read up on those too?

Unfortunately, I have yet to see a functional, non-aggravating workflow
for users who have multiple secret keys who receive encrypted messages
with hidden keyIDs.

It's almost like decryption of messages with hidden keyids and
per-decryption passphrase prompting (or even confirmation) are mutually
incompatible workflows :/

I'd love to be convinced otherwise.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170213/6c6c80fe/attachment-0001.sig>

More information about the Gnupg-users mailing list