hey, and thanks for all the info. indeed it only happens in decrypting. and yes, i also use 'throw-keyids' in gpg.conf. while testing by emailing myself : :pubkey enc packet: version 3, algo 1, keyid 0000000000000000 like you said... removing that option , works as expected on decrypting.. :pubkey enc packet: version 3, algo 1, keyid $THE-RIGHT-KEY and the passphrase is asked correctly on decrypting, only for that key.
others had similar effects in tb, i guess we all just copied the throw-keyids tip from somewhere :-) anyway, i guess you can close this one, it is a matter of settings in ~/.gnupg/gpg.conf and not a real bug.. thanks, d. On 03/11/2014 03:53 PM, Daniel Kahn Gillmor wrote: > Control: tags -1 + moreinfo > > hi dpdt1-- > > On 03/10/2014 10:28 AM, dpdt1 wrote: >> i have 7-8 private keys in my gpg keyring, 3 of those just for email >> accounts. >> when i decrypt with default key(set in gpg.conf) everything's allright. when >> i >> try to decrypt another account, gpg-agent asks for all other private >> keys/subkeys's passphrases, untill it reaches the particular one.. and not >> asking for that particular one in the first place.. that's really annoying on >> tb/enigmail since i get 8 pop-ups asking for different passphrases >> everytime... >> i've set mail accounts to use specific key for those, and see no difference.. >> still asking passphrase for all of them... > > You seem to be asking about decryption specifically, and not signing. i > think that makes sense, i'm just double-checking to make sure, since > there are two operations enigmail is capable of doing with a secret key. > > The choice of which key to use for decrypting any given message is based > on the PK-ESK OpenPGP packet stored in the message itself: > > https://tools.ietf.org/html/rfc4880#section-5.1 > > Normally, this packet contains the OpenPGP keyID of the target to whom > the message is encrypted, but some people use a keyID of > 0x0000000000000000 to hide the target (this is done by enigmail by > default when Bcc'ing someone on a message, and some people make it > happen by default by adding "throw-keyids" to ~/.gnupg/gpg.conf, using > --hidden-recipient arguments, or other gpg options. > > When the keyID is hidden like this, gpg just tries all secret keys. > Perhaps this is what is happening for you? You can find out, for any > given message, by choosing "view source" on any given message, and then > pasting the source into "gpg --list-packets". If there is a hidden > keyid, you'll see: > > :pubkey enc packet: version 3, algo 1, keyid 0000000000000000 > > I agree this is super annoying, but i'm not sure that enigmail is the > place to fix it, or how you would fix it in engimail as well. Maybe you > can ask your correspondents not to hide your keyid when they send you mail? > >> i thought it was a problem with gpg-agent and maybe it is (?), but other apps >> recognize correctly each key and ask only for that passphrase.... > > which other apps? decrypting what sort of data? > > --dkg >
signature.asc
Description: OpenPGP digital signature
