-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 You can use gpg --list-packets to see exactly what OpenPGP packets are present in the ciphertext. That would show you in great detail exactly what their software sent you. -----BEGIN PGP SIGNATURE-----
iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXuaWV AAoJEGuOs6Blz7qpQUUA+wWcZe2Dod/SfyClhZW99j985S2Raji6R+0si31K7vYo AP9zynHbX0fmTIRXTelRtkxE1Tp816Dtn5FeZbjUlprzvw== =hhbz -----END PGP SIGNATURE----- On Sun, Aug 21, 2016, 6:53 AM Peter Lebbing <pe...@digitalbrains.com> wrote: > I have no experience with the software you mention. Keep that in mind > while reading my ramblings. > > On 19/08/16 17:56, Scott Linnebur wrote: > > I have a suspicion that is the cause but I can’t test it. > > My key looks like this: > > $ gpg2 -k de500b3e > pub rsa2048/DE500B3E 2009-11-12 [C] [expires: 2017-10-19] > uid [ultimate] Peter Lebbing <pe...@digitalbrains.com> > sub rsa2048/DE6CDCA1 2009-11-12 [S] [expires: 2017-10-19] > sub rsa2048/73A33BEE 2009-11-12 [E] [expires: 2017-10-19] > sub rsa2048/B65D8246 2009-12-05 [A] [expires: 2017-10-19] > > If something is encrypted to this key, gpg2 will mention the following: > > $ gpg2 test.gpg > gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12 > "Peter Lebbing <pe...@digitalbrains.com>" > > So it explicitly tells me that it was encrypted to the > encryption-capable subkey 73A33BEE. If it tells you that it was > encrypted to the primary key ID instead, I think your analysis is right. > > > I can’t find > > anyway to force the primary key to encrypt > > I don't think it is possible to force a key to be used in a way that is > not indicated as a capability for that key. If something encrypts to a > key that is not encryption-capable, that seems to me to be a major bug. > Subkeys and key capability flags have been around for practically > forever by now. Software that can't deal with this is not OpenPGP > compatible and probably ancient. > > > and I can’t figure out how to > > generate a key pair without secondary keys in it. > > It's possible, but first lets take a look if there is a different > solution. Keys that can both sign and encrypt are frowned upon. The > primary key necessarily has the Certify capability, which is a form of > signing. So it shouldn't get the Encrypt capability. > > HTH, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
