Questions about --throw-keyids

Justus Winter justus at g10code.com
Tue Feb 14 11:28:07 CET 2017


Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> [ Unknown signature status ]
> On Mon 2017-02-13 11:54:04 -0500, Lukas Pitschl | GPGTools wrote:
>>> Am 13.02.2017 um 17:34 schrieb Daniel Kahn Gillmor <dkg at fifthhorseman.net>:
>>> 
>>> On Mon 2017-02-13 06:41:51 -0500, Bjarni Runar Einarsson wrote:
>>>> Step two: Encrypt using gpg --throw-keyids.
>>>> 
>>>> This is easy on the sender's end, but whether this feature can be
>>>> used as a matter of course depends on how it impacts the
>>>> experience of the recipient.
>>> 
>>> It's almost like decryption of messages with hidden keyids and
>>> per-decryption passphrase prompting (or even confirmation) are mutually
>>> incompatible workflows :/
>>
>> Just thinking out loud here, but wouldn’t it be sensible for gnupg to have a „silent“ option,
>> that only try keys for which a passphrase is cached in gpg-agent?
>
> how about "--try-cached-secrets", by analogy with --try-all-secrets or
> --try-secret-key?
>
> I like this idea.

I don't.  I strongly believe that adding command line switches should be
the absolute last resort.

Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170214/80d0b8eb/attachment.sig>


More information about the Gnupg-users mailing list