Page MenuHome GnuPG

--encrypt-to ambiguous with a expired and revoked key
Open, LowPublic


Since gnupg 2.1.10 the option --encrypt-to checks for for ambigious keys. But
this also fails, when there are two keys, where one key is valid and the other
one is expired and revoked.

This is a common case. When someone creates a new key, it is a good practise to
keep the old one to decrypt old data.

$ LC_ALL=C gpg --encrypt --encrypt-to -r 0x5334752442830117 --armour
gpg: key specification '' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: '' matches at least:
gpg: B953A7355F1149ABCA8F2B2AE4835646BDE8EA81
gpg: 6D3A9AB887A6229308D9C007E72581B1FE9F104C

See also:



Event Timeline

ostcar set Version to 2.1.10.
ostcar added a subscriber: ostcar.

This is a good suggestion. Thanks.

neal added a project: Restricted Project.Dec 16 2015, 2:45 PM

I've implemented this in fc010b6. If you get a chance to test it, I'd
appreciate any feedback! Thanks!

iirc, we removed the patch from 2.1 due to some problems. We plan to work on it
in 2.3.

werner removed a project: Restricted Project.
werner lowered the priority of this task from Normal to Low.Feb 10 2021, 11:01 AM
werner edited projects, added Feature Request; removed Stalled, Bug Report.