Questions about --throw-keyids
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 13 17:34:44 CET 2017
On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
> Step two: Encrypt using gpg --throw-keyids.
>
> This is easy on the sender's end, but whether this feature can be
> used as a matter of course depends on how it impacts the
> experience of the recipient.
Agreed that the recipient's side is the tough part of the problem to
crack.
You don't mention gpg's --try-all-secrets, --try-secret-keys, and
--skip-hidden-recipients options, which are all attempts to provide some
guidance to gpg about how to handle these things during decryption.
Maybe you want to read up on those too?
Unfortunately, I have yet to see a functional, non-aggravating workflow
for users who have multiple secret keys who receive encrypted messages
with hidden keyIDs.
It's almost like decryption of messages with hidden keyids and
per-decryption passphrase prompting (or even confirmation) are mutually
incompatible workflows :/
I'd love to be convinced otherwise.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170213/6c6c80fe/attachment-0001.sig>
More information about the Gnupg-users
mailing list