Questions about --throw-keyids

Lukas Pitschl | GPGTools lukele at
Mon Feb 13 17:54:04 CET 2017

> Am 13.02.2017 um 17:34 schrieb Daniel Kahn Gillmor <dkg at>:
> On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
>> Step two: Encrypt using gpg --throw-keyids.
>> This is easy on the sender's end, but whether this feature can be
>> used as a matter of course depends on how it impacts the
>> experience of the recipient.
> It's almost like decryption of messages with hidden keyids and
> per-decryption passphrase prompting (or even confirmation) are mutually
> incompatible workflows :/

Just thinking out loud here, but wouldn’t it be sensible for gnupg to have a „silent“ option,
that only try keys for which a passphrase is cached in gpg-agent?
While a fallback would have to be provided in case no matching key is found,
it would make it easier for those users that cache their passphrases.
As fallback gnupg could return the information that no cached passphrase was found,
allowing the MUA or plugin to then re-try without the option that enables „silent“ checking.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20170213/41322c69/attachment.sig>

More information about the Gnupg-users mailing list