multiple recipients encryption and decryption in gpgsm

Werner Koch wk at
Thu Nov 28 13:12:56 CET 2019

On Thu, 28 Nov 2019 10:57, Yves T said:

>   1.  is B able to decrypt the file if he has not the secret key from A

Yes.  As long as the secret key (aka private key) is available

Quick test:

  $ fortune | gpgsm -ev  -r 0xE297583E -r  0xCA89261C >/tmp/testenc

The first -r ist for s/n 1A02 and the secon for 1A04.  Now switching to
another account where we have only the secret part for 1A04:

  $ gpgsm -vd </tmp/testenc
  gpgsm: DBG: recp 0 - issuer: '1.2.840.113549.1.9.1=#696E666F4[...]
  gpgsm: DBG: recp 0 - serial: 1A02
  gpgsm: error decrypting session key: No secret key
  gpgsm: decrypting session key failed: No secret key
  gpgsm: DBG: recp 1 - issuer: '1.2.840.113549.1.9.1=#696E666F4[...]
  gpgsm: DBG: recp 1 - serial: 1A04
  Nothing endures but change.
                 -- Heraclitus

The first recipient can't be decrypted because the secret key is
missing.  For the second recipient the secret key is available and
decryption succeeds.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list