I've been minimalistically using gpg and/or gpg2 in a few scripts for years.
But I never tried to encrypt for multiple recipients before now. At the
moment I'm using Mageia 5 Linux where both gpg2 and the stand alone gpg
packages are installed.
I have two valid personal gpg keys installed on my keyring. And I wanted to
modify a certain script to encrypt so that either key could be used to
decrypt it. I did a web search, and I found a few links to instructions
that suggested that all I had to do was insert the --recipient ID option
for each intended recipient on the command line:
http://stackoverflow.com/questions/5...different-keys
First I tried this:
Code:
JtWdyP -> /home/jtwdyp/tmp
> gpg --output ~/tmp/tst.asc -e -r 0xF8549389 -r 0x6C2163DE ~/tmp/tst.txt
gpg: 0x6C2163DE: skipped: public key already present
JtWdyP -> /home/jtwdyp/tmp
>
But when I tried to decrypt it with:
Code:
JtWdyP -> /home/jtwdyp/tmp
> gpg --output ~/tmp/tstout.txt ~/tmp/tst.asc
You need a passphrase to unlock the secret key for
user: "Joe Philbrook <jtwdyp@gmx.com>"
3072-bit RSA key, ID 113C4D71, created 2014-05-09 (main key ID F8549389)
gpg: Invalid passphrase; please try again ...
You need a passphrase to unlock the secret key for
user: "Joe Philbrook <jtwdyp@gmx.com>"
3072-bit RSA key, ID 113C4D71, created 2014-05-09 (main key ID F8549389)
gpg: encrypted with 1024-bit ELG-E key, ID 225FDC6D, created 2004-05-17
"Joe(theWordy)Philbrook (JtWdyP) <jtwdyp@ttlc.net>"
gpg: encrypted with 3072-bit RSA key, ID 113C4D71, created 2014-05-09
"Joe Philbrook <jtwdyp@gmx.com>"
JtWdyP -> /home/jtwdyp/tmp
>
It wouldn't accept the passphrase for the 0x6C2163DE (jtwdyp@ttlc.net) key
Though the passphrase for 0xF8549389 (jtwdyp@gmx.com) worked. Though you can see
from the output, that the file was encrypted with both keys...
I even tried listing the key ID's in the reverse order:
Code:
gpg --output ~/tmp/tst.asc -e -r 0x6C2163DE -r 0xF8549389 ~/tmp/tst.txt
But the results were the same.
When I tried to do it with gpg2, I got the same results.
Though retesting took a lot longer because gpg2 has the annoying habit of
just remembering that I recently entered the passphrase it's looking for.
So I had to wait for that "feature" to time out...
What am I missing here?