Phil Pennock wrote: > On 2017-08-28 at 19:05 -0400, Rob J Hansen wrote: >>> 1. Is it possible, when transporting a message from Alice to Bob, >>> without holding any of their private keys, to do the following checks: >>> - verify the integrity of the message and make sure it is sanitized and >>> Bob can decrypt it with his private key; >> >> No. You can check the format of the message and ensure it's not >> mangled, but that's about it. A loose proof of this follows: > > Well, you can go one step further. Unless the sender is throwing the > key ids, you can look to see which keyids are given as hints in the > outermost layer, to see which people are expected to be able to decrypt > it. > > In `gpg --list-packets` output, that will be the `:pubkey enc packet:` > items. > > GNUPGHOME=/nonexistent gpg --batch --list-packets < "${INPUT_FN:?}" > > It won't confirm that Bob _can_ decrypt it, since that goes into a lot > of assumptions about competence, not lost keys, possession of devices, > whatever. But in normal use, it'll tell you if Bob should be able to > decrypt it. > > Privacy-sensitive environments concerned about metadata analysis will > set the `throw-keyids` option in their config and that would prevent > this. > > -Phil >
Hi Phil, Thanks - this is indeed _very_ useful for my use case. I don't think the second part is a problem since I can particularly request to not set the `throw-keyids` option, but let's say metadata becomes a problem at a given point and we decide to use this option, can I tell which recipient 'should' be able to decrypt a message based only on the encrypted message format if the `throw-keyids` option was used?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users