Page MenuHome GnuPG

Encrypt to all encryption subkeys
Open, NormalPublic


If a key has several encryption subkeys, data should be encrypted to all
subkeys. The assumption is that the recipient uses a different subkey on each
device but likes to decrypt mails on any device. OpenKeychain does it this way.

Event Timeline

Why is this a reasonable assumption? This proposal changes the way that GnuPG
has been working for years and will inevitably break someone's setup. It would
be much better for the receiver to use a non-critical notation to indicate the
desired behavior.

It is a hack in OpenKeychain to allow the use of several devices. Frankly, I am
not sure whether this is really a good idea: The security is limited by the key
for the least secure device.