Questions about --throw-keyids
Bjarni Runar Einarsson
bre at pagekite.net
Tue Feb 14 00:35:17 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> how about "--try-cached-secrets", by analogy with
> --try-all-secrets or --try-secret-key?
> I like this idea.
Sounds like a nice optimization... but option bloat is a thing
Would it be better if GnuPG just checked cached keys by default
*first* before it falls back to trying anything else? Being smart
about the order in which keys are tried seems like low hanging
fruit for improving the UX. If it's not being done already, that
is. I haven't looked at the code.
OTOH, I would wish for the opposite: a mode where GnuPG is not
clever at all and *only* tries the key specified on the command
line. Currently (if I'm reading the GnuPG 2.1 man page correctly)
that is impossible since the user may have a default key in his
config that overrides anything on the command-line.
I'd like this because...
> Right, this makes sense. It's also possible that the
> combination of the tool invoking gpg and gpg itself can be
> cleverer about proposing candidate keys.
... of exactly what you just said. I'm not doing this now (and one of my original questions was whether GnuPG uses any such logic itself), but if I do start throwing away keyIDs, I'll be exploring strategies like this to ensure that at least Mailpile users have a pleasant experience.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Gnupg-users