Page MenuHome GnuPG

--encrypt-to ambiguous with a expired and revoked key
Open, LowPublic

Description

Since gnupg 2.1.10 the option --encrypt-to checks for for ambigious keys. But
this also fails, when there are two keys, where one key is valid and the other
one is expired and revoked.

This is a common case. When someone creates a new key, it is a good practise to
keep the old one to decrypt old data.

$ LC_ALL=C gpg --encrypt --encrypt-to mail@oshahn.de -r 0x5334752442830117 --armour
gpg: key specification 'mail@oshahn.de' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: 'mail@oshahn.de' matches at least:
gpg: B953A7355F1149ABCA8F2B2AE4835646BDE8EA81
gpg: 6D3A9AB887A6229308D9C007E72581B1FE9F104C

See also:
https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2015-December/003563.html

Details

Version
2.1.10

Event Timeline

ostcar set Version to 2.1.10.
ostcar added a subscriber: ostcar.

This is a good suggestion. Thanks.

I've implemented this in fc010b6. If you get a chance to test it, I'd
appreciate any feedback! Thanks!

iirc, we removed the patch from 2.1 due to some problems. We plan to work on it
in 2.3.

werner lowered the priority of this task from Normal to Low.Feb 10 2021, 11:01 AM
werner edited projects, added Feature Request; removed Stalled, Bug Report.