Page MenuHome GnuPG

when dealing with --try-all-secrets, try non-expired keys first
Open, LowPublic


I have an OpenPGP key with an expired encryption-capable subkey, and a newer,
non-expired encryption-capable subkey.

if i get an encrypted message with an anonymous (all-zero) keyid subpacket in
the PSKESK, gpg 2.1.8 goes into try-all-secrets mode.

It first prompts me for a passphrase for my expired subkey, then for my
non-expired subkey.

It should default to trying the non-expired subkey first.



Event Timeline

dkg set Version to 2.1.8.
dkg added a subscriber: dkg.

Yeah, I know it is actually an old feature requests to first sort the candidate
keys and then try them in order.

werner lowered the priority of this task from Normal to Low.Sep 17 2015, 3:45 PM