Tails

#1 Updated by intrigeri 2019-12-28 16:03:45

Hi numbat!

> Using the file browser, when doing “right click” -> “Encrypt” and choosing a recipient that is not me, for example “Tails bug squad”, the result file is still encrypted with my key. When I right click, “decrypt”, Seahorse-tool will ask for my passphrase and successfully decrypt the file.

First, let’s keep in mind that GnuPG can encrypt data for multiple recipients (only the symmetric session encryption key is encrypted asymmetrically with the recipient(s)’ key).

What you tell us shows that the file was encrypted at least for your personal key. I did not check but I would not be surprised if Seahorse always “encrypted for self” (many GnuPG frontends do this).

But it could be that the file was also encrypted for the recipient you’ve selected in the UI.

I think you can verify if that’s the case by running gpg PATH/TO/ENCRYPTED/FILE: it should tell you for which key(s) the file is encrypted.
Could you please try this?

And by the way, do you have default-key, encrypt-to, or local-user configured in your ~/.gnupg/gpg.conf?
Or anything else in there that points to your personal email address or key?

#3 Updated by intrigeri 2020-03-26 11:45:58

Hi numbat,

sorry for the delay!

> I have made a second private key, and now Seahorse always seems to encrypt files using that one, even if I select my first private key and Tails-bugs.
>
> So the new title should be “Seahorse always encrypts files including for the most recently added/created private key”

Thank you for testing and clarifying!

Now, I’d like to humbly ask: what’s wrong with this behavior?

Unless I missed something:

• This behavior makes quite some sense as a default.
• I suspect that advanced OpenPGP users who need to tweak this behavior can do it via default-key, encrypt-to, or local-user in their ~/.gnupg/gpg.conf.