Questions about --throw-keyids

Bjarni Runar Einarsson bre at pagekite.net
Tue Feb 14 00:35:17 CET 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hellos!

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> 
> how about "--try-cached-secrets", by analogy with
> --try-all-secrets or --try-secret-key?
> 
> I like this idea.

Sounds like a nice optimization... but option bloat is a thing
too.

Would it be better if GnuPG just checked cached keys by default
*first* before it falls back to trying anything else? Being smart
about the order in which keys are tried seems like low hanging
fruit for improving the UX. If it's not being done already, that
is. I haven't looked at the code.

OTOH, I would wish for the opposite: a mode where GnuPG is not
clever at all and *only* tries the key specified on the command
line. Currently (if I'm reading the GnuPG 2.1 man page correctly)
that is impossible since the user may have a default key in his
config that overrides anything on the command-line.

I'd like this because...

> Right, this makes sense. It's also possible that the
> combination of the tool invoking gpg and gpg itself can be
> cleverer about proposing candidate keys.

... of exactly what you just said. I'm not doing this now (and one of my original questions was whether GnuPG uses any such logic itself), but if I do start throwing away keyIDs, I'll be exploring strategies like this to ensure that at least Mailpile users have a pleasant experience.

 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYokLJAAoJEI4ANxYAz5SRsREIAKP4Qs/SD4+cPvws5prr+kQR
86h4BYN5dffRty022i55o7WjbZMTcB8oFzbZx4pUl05gjJ7h/fyUtFg+QTBdUfU0
HQrGJYYVgfcu8IkVbmlmrEcIApSzqZyeBLtC16I7iyvDywqLlRzP6z4M9VqJFgaP
td/lZSbr3l1vKTdSvseumhfponT/3vZMhE/PLMc6fWuTahHbn58XL3agD38ddRMG
J1YF8mIgyce4mUpt/9eIgWEC14ukXTii4CIETzTEgSXyFZB0fPNSdDP30NQLuLT+
NIDEMfL9RY7dxT27/oTVR1p17uuHCSS5A55KVCMW/vIzA+RUD0ZxfRL4l+BI/3k=
=Wce0
-----END PGP SIGNATURE-----


More information about the Gnupg-users mailing list