On 03/12/16 18:21, MFPA wrote: > If the recipients are hidden, doesn't GnuPG first try the key set > with --default-key, followed by any keys set with --try-secret-key?
Hey, I didn't know that! Thanks! > That is sufficient for your smartcard and known-hidden-key examples, > but not for Caro's situation. The smartcard case seems to work anyway, in a test it seems to be tried only after the on-disk keys. It is indeed sufficient for the known-hidden-key example, but not for the case with known recipients. I just tried, if there are two secret keys that are encrypted to and they are named, it will try them in order, no matter --default-key. Perhaps --default-key could be extended to always try that first? > And I don't think --try-secret-key can be followed by > --skip-hidden-recipients to mean "try this/these key(s) and if they > won't decrypt it, give up on hidden recipients". I think in fact --default-key is enough... I just tried with GnuPG 2.1, and it only tried that secret key. Any additional keys need to be added via --try-secret-key or --try-all-secrets. So it seems to complete solve the hidden recipient problem, only the known multiple recipients problem remains. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users