Page MenuHome GnuPG

cannot specify secret key to decrypt msg with multiple recipients
Closed, ResolvedPublic

Description

When a message has been encrypted to multiple recipients (-r user1 -r user2 ...)
decryption tries to use the available secret keys in arbitrary order.
Apparently there is no clean of specifying which secret key should be used,
especially if only the passphrase of a single key is currently known.
see also
http://stackoverflow.com/questions/19562185/gpg-decrypt-with-multiple-recipients

Is there any good reason why one cannot specify the key for decoding with -u or -r?

Details

Version
2.0.26

Event Timeline

tanner set Version to 2.0.26.
tanner added a subscriber: tanner.

You have the problem only if hidden recipients are used. With 2.1 you
may use this option:

  --try-secret-key name

    For hidden recipients GPG needs to know the keys to use for trial
    decryption.  The key set with --default-key is always tried first,
    but this is often not sufficient.  This option allows to set more
    keys to be used for trial decryption.  Although any valid user-id
    specifica- tion may be used for name it makes sense to use at
    least the long keyid to avoid ambiguities.  Note that gpg-agent
    might pop up a pinentry for a lot keys to do the trial decryption.
    If you want to stop all further trial decryption you may use
    close-window button instead of the cancel button.

This won't be backported to 2.0.

werner lowered the priority of this task from Normal to Wishlist.Jan 28 2015, 11:23 AM
werner added projects: Feature Request, Won't Fix.
werner removed a project: Bug Report.
neal claimed this task.

The reporter wasn't to specify the secret key to use. Werner indicated that
--try-secret-key does what the reporter wants in 2.1, but that this won't be
backported to 2.0. As such, I'm marking this issue as resolved.