Page MenuHome GnuPG

Second key decrypts messages it shouldn't
Closed, ResolvedPublic


Bug report originally posted here:

I wrote a very simple example provided in the link above showing a confusing result I encountered. I create 2 keys and encrypt 3 messages with the first key and another 3 messages with the second key. I then try to decrypt all of the messages with each key. What I expect is that the first key can only decrypt the first 3 messages and the second key can only decrypt the second 3 messages. However, what happens is that the first key can only decrypt the first 3 messages (as expected) yet the second key can decrypt all of the messages. Why is this happening and how do I produce the expected results?

I am using Ubuntu 5.4.0-88-generic, Python 3.8.10, GnuPG 2.2.19, libgcrypt 1.8.5, python-gnupg 0.4.7

Event Timeline

werner claimed this task.
werner edited projects, added Support; removed Bug Report.
werner added a subscriber: werner.

That looks like a support question. Please ask on a mailing list for help. Sorry, we can't do individual support here.

I'm pretty sure that the first 3 messages are always decrypted with the first key because the passphrase of the first key is still cached. I don't think you can tell gpg to only use a specific key for decryption. The only way to make sure that gpg does not try to use the first key for decryption is to remove the private key of the first key. Alternatively, clear the cache after using the first key, but gpg might still ask the user for the passphrase of the first key.