Page MenuHome GnuPG
Create Task
Maniphest T3832

Encrypting to a specifc recipient also encrypts to an unwanted one
Closed, InvalidPublic
Actions

Description

While playing around with new test key I found out a weird behavior. If I generate a new RSA2048 bit key and encrypt a text for that new key then the text is encrypted for that new key but also for a recipient for which a have a public key for in my keychain.

Generate a basic RSA2408 key

# gpg --version
gpg (GnuPG) 2.2.5
libgcrypt 1.8.2

# gpg --gen-key
# gpg --list-secret-keys

sec   rsa2048/0x29969EB210C060E7 2018-03-09 [SC] [expires: 2020-03-08]
      Key fingerprint = F5D3 B260 4597 1B7F 28C6  52E3 2996 9EB2 10C0 60E7
uid                   [ultimate] Rsa Test <rsa@test.org>
ssb   rsa2048/0xC38736A7DF9D89FC 2018-03-09 [E] [expires: 2020-03-08]

Encrypt a text for that RSA keys

# echo "ABCD" > test5.me
# gpg -e -armor -r 0x29969EB210C060E7 test5.me

Decrypt the result

# gpg -d test5.me.asc
gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27
      "Douglas Eugene Morris <doug@onewebplace.com>"
gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09
      "Rsa Test <rsa@test.org>"
ABCD

More details

# gpg --list-packets test5.me.asc
gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27
      "Douglas Eugene Morris <doug@onewebplace.com>"
gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09
      "Rsa Test <rsa@test.org>"
# off=0 ctb=85 tag=1 hlen=3 plen=1038
:pubkey enc packet: version 3, algo 16, keyid 2A7FA384BC46FB30
	data: [4095 bits]
	data: [4096 bits]
# off=1041 ctb=85 tag=1 hlen=3 plen=268
:pubkey enc packet: version 3, algo 1, keyid C38736A7DF9D89FC
	data: [2048 bits]
# off=1312 ctb=d2 tag=18 hlen=2 plen=58 new-ctb
:encrypted data packet:
	length: 58
	mdc_method: 2
# off=1325 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
# off=1327 ctb=ac tag=11 hlen=2 plen=19
:literal data packet:
	mode b (62), created 1520637559, name="test5.me",
	raw data: 5 bytes

Get more information about the pub key that is used in addition to the one I specified

# gpg --list-keys 0x2A7FA384BC46FB30
pub   dsa1024/0xAFB5238802E2F4BD 2005-02-27 [SCA]
      Key fingerprint = 07DB FD88 8A1C 5E0D 3623  E5AC AFB5 2388 02E2 F4BD
uid                   [  full  ] Douglas Eugene Morris <doug@onewebplace.com>
uid                   [  full  ] Douglas Eugene Morris <doug@kenohki.com>
uid                   [  full  ] GSWoT:1:309:02E2F4BD
sub   elg4096/0x2A7FA384BC46FB30 2005-02-27 [E]

Details

Version
2.2.5

Event Timeline

alphazo created this task.Mar 10 2018, 12:37 AM
alphazo updated the task description. (Show Details)Mar 10 2018, 11:39 AM
alphazo updated the task description. (Show Details)
werner added a subscriber: werner.Mar 13 2018, 12:13 PM

Please add -v to all gpg invocations to increase the verbosity. I would also like to see your gpg.conf.

werner added a project: gnupg (gpg22).Mar 13 2018, 12:14 PM
alphazo added a comment.Mar 13 2018, 4:52 PM

Here is more details. One thing to notice is that the default key mentioned in my config files no longer has valid subkeys since they have all recently expired. I'm in a process of updating them but since I'm only encrypting (and not signing) for a different key I thouhgt it wouldn't be an issue.
I could just delete the offending pub key or clean up my pub keyring but I think it would be good to understand that issue in case there is a weird parsing error.

# gpg --list-secret-keys -vv
(none all of them)

sec#  rsa4096/0xCC6F3AB7B85B5EA6 2010-10-07 [SC]
      Key fingerprint = ADE3 AEB2 4C02 BF3D C294  DE6B CC6F 3AB7 B85B 5EA6
uid                   [ultimate] Dany Nativel <dany@nativel.net>
uid                   [ultimate] Dany Nativel <dany@natzo.com>
uid                   [ultimate] Dany Nativel (GSWoT:FR86) <dany.nativel@gswot.org>
ssb>  rsa3072/0x97ACF2D02CE1386D 2010-10-07 [E] [expired: 2018-01-14]
ssb>  rsa3072/0xECF459C00CC1D482 2010-10-07 [S] [revoked: 2015-01-13]
ssb#  rsa3072/0xA99C076676FE6D28 2012-10-02 [S] [expired: 2014-10-02]
ssb#  rsa3072/0x6545F143A67AC862 2012-10-02 [E] [expired: 2014-10-02]
ssb   rsa4096/0x16E80122A4E9D842 2015-01-13 [S] [expired: 2018-01-14]

sec   rsa2048/0x29969EB210C060E7 2018-03-09 [SC] [expires: 2020-03-08]
      Key fingerprint = F5D3 B260 4597 1B7F 28C6  52E3 2996 9EB2 10C0 60E7
uid                   [ultimate] Rsa Test <rsa@test.org>
ssb   rsa2048/0xC38736A7DF9D89FC 2018-03-09 [E] [expires: 2020-03-08]
# gpg --list-keys -vv
(none all of them)

pub   dsa1024/0xF729AFD981802954 2007-10-15 [SC] [expired: 2012-10-13]
       Key fingerprint = 5B9F E750 F90D A332 FDEF  F358 F729 AFD9 8180 2954
 uid                   [ expired] Morten Gulbrandsen (Java programmer) <lordbyte7@aim.com>
 uid                   [ expired] Morten Gulbrandsen
 uid                   [ expired] Morten Gulbrandsen (GSWoT:DE64) <morten@gswot.org>
 
 pub   dsa1024/0xAFB5238802E2F4BD 2005-02-27 [SCA]
       Key fingerprint = 07DB FD88 8A1C 5E0D 3623  E5AC AFB5 2388 02E2 F4BD
 uid                   [  full  ] Douglas Eugene Morris <doug@onewebplace.com>
 uid                   [  full  ] Douglas Eugene Morris <doug@kenohki.com>
 uid                   [  full  ] GSWoT:1:309:02E2F4BD
 sub   elg4096/0x2A7FA384BC46FB30 2005-02-27 [E]
# gpg -vv -e -armor -r 0x29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: Note: signature key 0xF729AFD981802954 expired Sat 13 Oct 2012 08:25:55 PM CEST
gpg: using subkey 0x2A7FA384BC46FB30 instead of primary key 0xAFB5238802E2F4BD
gpg: This key probably belongs to the named user
gpg: reading from 'test5.me'
gpg: writing to 'test5.me.asc'
gpg: Note: key 0x2A7FA384BC46FB30 has no preference for AES
gpg: ELG/3DES encrypted for: "0x2A7FA384BC46FB30 Douglas Eugene Morris <doug@onewebplace.com>"
gpg: RSA/3DES encrypted for: "0xC38736A7DF9D89FC Rsa Test <rsa@test.org>"

~/.gnupg/gpg.conf

default-key  CC6F3AB7B85B5EA6
default-recipient-self
no-emit-version
no-comments
keyid-format 0xlong
with-fingerprint
list-options show-uid-validity
verify-options show-uid-validity
use-agent
keyserver  hkp://keys.gnupg.net
keyserver-options no-honor-keyserver-url
keyserver-options include-revoked
personal-cipher-preferences AES256 AES192 AES CAST5 3DES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
enable-dsa2
digest-algo SHA512
personal-compress-preferences ZLIB BZIP2 ZIP Z0
no-greeting
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712
force-mdc
require-cross-certification
#charset utf-8
keyserver-options auto-key-retrieve
utf8-strings
debug-level none
log-file socket:///home/alpha/.gnupg/log-socket
werner claimed this task.Mar 13 2018, 7:27 PM
werner triaged this task as High priority.

I need to look closer at some details. However it seems that because your default-key has no valid encryption key, --default-recipient-self tells gpg to encrypt to the first usable key in the keyring. This is clearly a bug.

alphazo added a comment.EditedMar 13 2018, 8:31 PM

I went ahead and modified my ~/.gnupg/gpg.conf to use the valid RSA2048 key I want to use for the recipient:

default-key 29969EB210C060E7
default-recipient-self
default-recipient 29969EB210C060E7

But the problem remains the same:

gpg -vv -e -armor -r 0x29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: Note: signature key 0xF729AFD981802954 expired Sat 13 Oct 2012 08:25:55 PM CEST
gpg: using subkey 0x2A7FA384BC46FB30 instead of primary key 0xAFB5238802E2F4BD
gpg: This key probably belongs to the named user
gpg: reading from 'test5.me'
gpg: writing to 'test5.me.asc'
gpg: Note: key 0x2A7FA384BC46FB30 has no preference for AES
gpg: ELG/3DES encrypted for: "0x2A7FA384BC46FB30 Douglas Eugene Morris <doug@onewebplace.com>"
gpg: RSA/3DES encrypted for: "0xC38736A7DF9D89FC Rsa Test <rsa@test.org>"

I also commented all the default-* lines but that didn't change anything.

#default-key 29969EB210C060E7
#default-recipient-self
#default-recipient 29969EB210C060E7

Maybe I should backup my .gnupg directory and try to remove some public and private keys to see if it does something.

alphazo added a comment.EditedMar 13 2018, 8:58 PM

Even more weirdness here. So on my test .gnupg directory I just removed the public key of the unwanted recipient.

# gpg --delete-keys 0xAFB5238802E2F4BD
pub  dsa1024/0xAFB5238802E2F4BD 2005-02-27 Douglas Eugene Morris <doug@onewebplace.com>

Delete this key from the keyring? (y/N) y

And this time I cannot even encrypt anything anymore!

gpg -vv -e -armor -r 0x29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: Note: signature key 0xF729AFD981802954 expired Sat 13 Oct 2012 08:25:55 PM CEST
gpg: mor: skipped: No public key
gpg: test5.me: encryption failed: No public key

As a side note I tried to encrypt for other pub keys but the result is the same.
I also tried to remove the 0xF729AFD981802954 pub key but it gave the same result (no encryption possible).

alphazo added a comment.Mar 14 2018, 12:55 AM

All right. It might not be that bad. I messed up with between --armor and -armor but they lead to different results:

# gpg -vv -e -armor -r 29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: Note: signature key 0xF729AFD981802954 expired Sat 13 Oct 2012 08:25:55 PM CEST
gpg: using subkey 0x2A7FA384BC46FB30 instead of primary key 0xAFB5238802E2F4BD
gpg: This key probably belongs to the named user
gpg: reading from 'test5.me'
gpg: writing to 'test5.me.asc'
gpg: Note: key 0x2A7FA384BC46FB30 has no preference for AES
gpg: ELG/3DES encrypted for: "0x2A7FA384BC46FB30 Douglas Eugene Morris <doug@onewebplace.com>"
gpg: RSA/3DES encrypted for: "0xC38736A7DF9D89FC Rsa Test <rsa@test.org>"

The output file is actually armored! Althought it is encrypted for an unwanted recipient.

Now with --armor

gpg -vv -e --armor -r 29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: reading from 'test5.me'
gpg: writing to 'test5.me.asc'
gpg: RSA/AES256 encrypted for: "0xC38736A7DF9D89FC Rsa Test <rsa@test.org>"

It just works with the right recipient. Not using armor switch at all also works.

I also tried with and without ;

default-key 29969EB210C060E7
default-recipient-self
default-recipient 29969EB210C060E7

in my config file but the above behavior stays the same.

Now if I remove that special pub key

gpg --delete-key 0x2A7FA384BC46FB30
pub  dsa1024/0xAFB5238802E2F4BD 2005-02-27 Douglas Eugene Morris <doug@onewebplace.com>

Delete this key from the keyring? (y/N) y

then I have a complete different behavior.

with -armor

gpg -vv -e -armor -r 29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: mor: skipped: No public key
gpg: test5.me: encryption failed: No public key

and with --armor it just works!

gpg -vv -e --armor -r 29969EB210C060E7 test5.me
gpg: using subkey 0xC38736A7DF9D89FC instead of primary key 0x29969EB210C060E7
gpg: using pgp trust model
gpg: key 0xB28457F952A3111E: accepted as trusted key
gpg: key 0xCC6F3AB7B85B5EA6: accepted as trusted key
gpg: key 0x79D145678E2EF349: accepted as trusted key
gpg: key 0x566969D1570EDCFE: accepted as trusted key
gpg: key 0xE575ADFAE8AB2F11: accepted as trusted key
gpg: key 0x82E1CECD314C73E3: accepted as trusted key
gpg: key 0x8C3F2866E41D1910: accepted as trusted key
gpg: key 0xC51159F01AE3F9ED: accepted as trusted key
gpg: key 0xA1F2033A34D9066E: accepted as trusted key
gpg: key 0xAAE99F8C96AB206D: accepted as trusted key
gpg: key 0xA7602D46E5522FE6: accepted as trusted key
gpg: key 0xCAAA28D21A6666A5: accepted as trusted key
gpg: key 0x4496D2449FC8C97F: accepted as trusted key
gpg: key 0x8571B6EF57183624: accepted as trusted key
gpg: key 0xAE50073449F311D6: accepted as trusted key
gpg: key 0xEE9F4A20FEDEBBC2: accepted as trusted key
gpg: key 0x432466853D534928: accepted as trusted key
gpg: key 0x50BE126F1C39B079: accepted as trusted key
gpg: key 0x631CDA3B6EB6BCF2: accepted as trusted key
gpg: key 0x75BC4F1B21D52217: accepted as trusted key
gpg: key 0x6AA3F171544F986E: accepted as trusted key
gpg: key 0x6A81DE0B8A09CD0C: accepted as trusted key
gpg: key 0x83C213FD4663BE59: accepted as trusted key
gpg: key 0xC2A231E76D1F1CEA: accepted as trusted key
gpg: key 0x9334249F9953DE45: accepted as trusted key
gpg: key 0x29969EB210C060E7: accepted as trusted key
gpg: key 0xEEFCDD3974021C70: accepted as trusted key
gpg: This key belongs to us
gpg: reading from 'test5.me'
gpg: writing to 'test5.me.asc'
gpg: RSA/AES256 encrypted for: "0xC38736A7DF9D89FC Rsa Test <rsa@test.org>"
alphazo added a comment.EditedMar 14 2018, 10:09 AM

Ok the problem really seems to be how parameters are parsed.

When using:

gpg -vv -e -armor -r 29969EB210C060E7 test5.me

The r in -armor is recognized like another recipient is required so my keychain is scanned to look for the characters after the initial r, which translate to mor. Since I have someone named Morris the message also gets encrypted for him. If I remove that pub key I can no longer encrypt since his pub key is not found.

Maybe it should not be accepted to have the recipient name (mor in my case) if no space is found after the initial switch r.

werner closed this task as Invalid.Apr 9 2018, 10:22 AM

Oh, you used a single dash and not a double dash in --armor. That is obviously the problem. As per Unix history all option characters may be combined unless they take an option arg; in that case the arg for the option may go directly after the option letter. We can't change that because lots of people and scripts use -rRECIPIENT.