multiple recipients encryption and decryption in gpgsm
Werner Koch
wk at gnupg.org
Thu Nov 28 13:12:56 CET 2019
On Thu, 28 Nov 2019 10:57, Yves T said:
> 1. is B able to decrypt the file if he has not the secret key from A
Yes. As long as the secret key (aka private key) is available
Quick test:
$ fortune | gpgsm -ev -r 0xE297583E -r 0xCA89261C >/tmp/testenc
The first -r ist for s/n 1A02 and the secon for 1A04. Now switching to
another account where we have only the secret part for 1A04:
$ gpgsm -vd </tmp/testenc
gpgsm: DBG: recp 0 - issuer: '1.2.840.113549.1.9.1=#696E666F4[...]
gpgsm: DBG: recp 0 - serial: 1A02
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
gpgsm: DBG: recp 1 - issuer: '1.2.840.113549.1.9.1=#696E666F4[...]
gpgsm: DBG: recp 1 - serial: 1A04
Nothing endures but change.
-- Heraclitus
The first recipient can't be decrypted because the secret key is
missing. For the second recipient the secret key is available and
decryption succeeds.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191128/9b77a391/attachment.sig>
More information about the Gnupg-users
mailing list