Project

General

Profile

Bug #17372

Seahorse always encrypts files including for the most recently added/created private key

Added by numbat 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:

Description

Using the file browser, when doing "right click" -> "Encrypt" and choosing a recipient that is not me, for example "Tails bug squad", the result file is still encrypted with my key. When I right click, "decrypt", Seahorse-tool will ask for my passphrase and successfully decrypt the file.

History

#1 Updated by intrigeri about 2 months ago

Hi numbat!

Using the file browser, when doing "right click" -> "Encrypt" and choosing a recipient that is not me, for example "Tails bug squad", the result file is still encrypted with my key. When I right click, "decrypt", Seahorse-tool will ask for my passphrase and successfully decrypt the file.

First, let's keep in mind that GnuPG can encrypt data for multiple recipients (only the symmetric session encryption key is encrypted asymmetrically with the recipient(s)' key).

What you tell us shows that the file was encrypted at least for your personal key. I did not check but I would not be surprised if Seahorse always "encrypted for self" (many GnuPG frontends do this).

But it could be that the file was also encrypted for the recipient you've selected in the UI.

I think you can verify if that's the case by running gpg PATH/TO/ENCRYPTED/FILE: it should tell you for which key(s) the file is encrypted.
Could you please try this?

And by the way, do you have default-key, encrypt-to, or local-user configured in your ~/.gnupg/gpg.conf?
Or anything else in there that points to your personal email address or key?

#2 Updated by numbat about 2 months ago

  • Subject changed from Seahorse encrypt files with wrong key to Seahorse always encrypts files including for the most recently added/created private key

You are correct. Seahorse, by default, will encrypt for your personal key as well as the one selected. So encrypting a file for Tails-bugs means the file will be readable by Tails-bugs and one of the private keys.

I have made a second private key, and now Seahorse always seems to encrypt files using that one, even if I select my first private key and Tails-bugs.

So the new title should be "Seahorse always encrypts files including for the most recently added/created private key"

Also available in: Atom PDF