--encrypt-to ambiguous with a expired and revoked key
Open, NormalPublic


Since gnupg 2.1.10 the option --encrypt-to checks for for ambigious keys. But
this also fails, when there are two keys, where one key is valid and the other
one is expired and revoked.

This is a common case. When someone creates a new key, it is a good practise to
keep the old one to decrypt old data.

$ LC_ALL=C gpg --encrypt --encrypt-to mail@oshahn.de -r 0x5334752442830117 --armour
gpg: key specification 'mail@oshahn.de' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: 'mail@oshahn.de' matches at least:
gpg: B953A7355F1149ABCA8F2B2AE4835646BDE8EA81
gpg: 6D3A9AB887A6229308D9C007E72581B1FE9F104C

See also:


ostcar set Version to 2.1.10.
ostcar added a subscriber: ostcar.
neal added a subscriber: neal.Dec 15 2015, 9:00 AM

This is a good suggestion. Thanks.

I've implemented this in fc010b6. If you get a chance to test it, I'd
appreciate any feedback! Thanks!

werner added a subscriber: werner.May 6 2016, 8:31 PM

iirc, we removed the patch from 2.1 due to some problems. We plan to work on it
in 2.3.

werner removed a project: Testing.
marcus edited projects, added gnupg (gpg23); removed gnupg.Jul 13 2017, 4:17 PM