Page MenuHome GnuPG

gpg asks for one password, tries multiple keys with anonymous recipient
Open, WishlistPublic


Steps to reproduce:

  1. Create secret keyring with multiple keys (two is fine).
  2. Set one of those keys as hidden-encrypt-to (second one best for example).
  3. Encrypt a file to someone else.
  4. Try to decrypt the file.

Expected Results:

  1. Asked for passphrase for each secret key until one decodes it.

Actual Results:

  1. Asked for one passphrase (not sure how it decides which key, first?). It

"accepts" the wrong passphrase for the key asked, but then will decrypt the
content when it tries the key it does belong to.



Event Timeline

billion set Version to 2.0.16.
billion added a subscriber: billion.
werner lowered the priority of this task from Normal to Wishlist.Jan 10 2011, 7:45 PM
werner removed a project: Bug Report.
werner added a project: Feature Request.
werner added a subscriber: werner.

GPG needs to to run trial decryptions with all available secret keys; there is
no specific order for this. This can be improved by ordering the packets so
that those with known keys are tried first and only then the wildcard keys. The
wildcards could also be more optimized. This is a actually long standing wish
by myself but I didn't found the time to implement it. Instead I implemented
the --skip-hidden-recipients in 2.1.