gpg/gpg2 encrypted for multiple recipients BUT only one key accepted for decryption?

jtwdyp · 07-22-2015, 05:38 PM

I've been minimalistically using gpg and/or gpg2 in a few scripts for years.
But I never tried to encrypt for multiple recipients before now. At the
moment I'm using Mageia 5 Linux where both gpg2 and the stand alone gpg
packages are installed.

I have two valid personal gpg keys installed on my keyring. And I wanted to
modify a certain script to encrypt so that either key could be used to
decrypt it. I did a web search, and I found a few links to instructions
that suggested that all I had to do was insert the --recipient ID option
for each intended recipient on the command line:
http://stackoverflow.com/questions/5...different-keys

First I tried this:

Code:

JtWdyP ->  /home/jtwdyp/tmp
> gpg --output ~/tmp/tst.asc -e -r 0xF8549389 -r 0x6C2163DE ~/tmp/tst.txt
gpg: 0x6C2163DE: skipped: public key already present
JtWdyP ->  /home/jtwdyp/tmp
>

But when I tried to decrypt it with:

Code:

JtWdyP ->  /home/jtwdyp/tmp
> gpg --output ~/tmp/tstout.txt ~/tmp/tst.asc

You need a passphrase to unlock the secret key for
user: "Joe Philbrook <jtwdyp@gmx.com>"
3072-bit RSA key, ID 113C4D71, created 2014-05-09 (main key ID F8549389)

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "Joe Philbrook <jtwdyp@gmx.com>"
3072-bit RSA key, ID 113C4D71, created 2014-05-09 (main key ID F8549389)

gpg: encrypted with 1024-bit ELG-E key, ID 225FDC6D, created 2004-05-17
      "Joe(theWordy)Philbrook (JtWdyP) <jtwdyp@ttlc.net>"
gpg: encrypted with 3072-bit RSA key, ID 113C4D71, created 2014-05-09
      "Joe Philbrook <jtwdyp@gmx.com>"
JtWdyP ->  /home/jtwdyp/tmp
>

It wouldn't accept the passphrase for the 0x6C2163DE (jtwdyp@ttlc.net) key
Though the passphrase for 0xF8549389 (jtwdyp@gmx.com) worked. Though you can see
from the output, that the file was encrypted with both keys...

I even tried listing the key ID's in the reverse order:

Code:

gpg --output ~/tmp/tst.asc -e -r 0x6C2163DE -r 0xF8549389 ~/tmp/tst.txt

But the results were the same.

When I tried to do it with gpg2, I got the same results.
Though retesting took a lot longer because gpg2 has the annoying habit of
just remembering that I recently entered the passphrase it's looking for.
So I had to wait for that "feature" to time out...

What am I missing here?