GPG - 与多个收件人解密 [英] GPG - decrypt with multiple recipients
问题描述
我正在尝试解密使用2个收件人加密的文件(--recipient recipientA@example.com --recipient recipientB@example.com)。
但是当我尝试解密文件时,它总是请求第一个收件人的密码。当第一个收件人秘密密钥不是密钥环的一部分时,它会给出一个错误未找到密钥。
I am trying to decrypt a file that has been encrypted using 2 recipients (--recipient recipientA@example.com --recipient recipientB@example.com). However when I try to decrypt the file, it always requests the passphrase of the 1st recipient. When the 1st recipient secret-key isn't part of the key-ring, it will give an error 'secret key not found'.
如何加密文件与多个收件人,以便两者可以解密他们,而不知道彼此的钥匙&密码短语?
How can I encrypt a file with multiple recipients so that both can decrypt them without knowing eachother keys & passphrases?
(对我来说,这个问题似乎很简单,基本功能 - 但显然我无法让它工作)
(To me, the question seems simple and a basic feature - but obviously I cannot get it to work)
提前谢谢!
推荐答案
今天遇到这个问题,找到你的问题寻找答案。我已经看到很多快乐的例子,如何为多个收件人加密的东西...从来没有说/显示当尝试解密数据时会发生什么。这是我得到的:
I ran into this problem today, and found your question looking for the answer. I've seen many merry an example of how to encrypt things for multiple recipients... never saying/showing what will happen when one tries to decrypt that data. Here's what I got:
user@system ~ $ gpg --decrypt filename.pgp
You need a passphrase to unlock the secret key for
user: "SOMEBODY ELSE <somebody_else@example.com>"
2048-bit ELG-E key, ID ABC1234, created 1972-10-29 (main key ID ABC5678)
gpg: Invalid passphrase; please try again ... [I DON'T HAVE *THEIR* PASSPHRASE!]
2 more times... finally...
You need a passphrase to unlock the secret key for
user: "HEY! This is ME! <my_email@example.com>"
2048-bit ELG-E key, ID DEF1234, created 1969-02-03 (main key ID DEF5678)
gpg: encrypted with 2048-bit ELG-E key, ID ABC1234, created 1972-10-29
"NAME <email@example.com>"
gpg: public key decryption failed: bad passphrase
gpg: encrypted with 2048-bit ELG-E key, ID DEF1234, created 1969-02-03
"HEY! This is ME! <my_email@example.com>"
and then the file decrypted fine...
快速注意:只是为了澄清,出于安全原因的密码和一个私钥应该不会给予任何人永远。 密码是为了保护私钥成为妥协的安全。
Quick Note: Just to clarify, for security reasons one's passphrase and one's private key should NEVER be given to anyone else. The passphrase is to keep the private key "safe" should it become compromised. One's public key is the only thing that should be shared with others.
我的这个事实我现在只能访问版本1.4.2.2,没有能力测试这些解决方案。后来的版本有一些可能需要的选项。
I preface this with the fact I currently only have access to version 1.4.2.2, and don't have the ability to test these solutions. Later version have certain options that may well be what's needed. Please try and answer back if any of these work.
- local- user / -u 看起来很有前途。在我的版本中, - help 显示 使用此用户标识来签名或解密 但是,当尝试似乎是徒劳的时候,进一步的研究揭示了一个残酷的事实:似乎帮助是错误的,这只是一个选项使用签名。
--local-user/-u looked promising. In the version I have, --help showed use this user-id to sign or decrypt But when trying it seemed futile, further research revealed a cruel truth: seems the help is wrong, and this is ONLY an option using for "signing".
这篇文章有一个可能的解决方案,虽然我个人觉得很乱:
This post has a likely solution, though I personally find it messy:
gpg --try-all-secrets --passphrase <passphrase here> filename.pgp
- passphrase
--passphrase was apparently added in version 1.4.3. UGH!
编辑: 或许更好(可能在下面)解决方案只能在gpg2中使用? gpg2似乎有 - try-secret-key ,如果我正确阅读,可能是我们都在寻找的?
Perhaps a better (possibly, below) solution is only available in gpg2? gpg2 seems to have --try-secret-key, which if I read correctly, may be what we're both looking for?
这篇关于GPG - 与多个收件人解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
