Secret Key required for encryption?
When I use GPGServices to encrypt a file on my Mac, the Choose Recipients dialog box also prompts me to select a Secret Key, with the options ‘Sign’ and ‘Add to Recipients’ available.
What is this Secret Key used for, if selected? My understanding is that an encrypt operation only uses the Public Keys of the recipients, so I don’t understand why it would ask for a Secret Key.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Steve on 04 Jul, 2012 03:41 PM
Hey Kevin,
to get an idea of how signing and encrypting works please have a look at our getting started guide.
That explains which key is used for what.
Add to Recipients is there as an option because you might wanna create an encrypted file to which also you yourself have access to and are able to decrypt. Thus you'd need your own pub key to the list of keys with which the file will be encrypted. All people who's pub key you used for encryption will be able to decrypt the file with the according sec key and their own correct passphrase.
Does this answer your question?
All the best,
steve
Please consider a donation. We do all this in our spare time.
2 Posted by Kevin Yank on 04 Jul, 2012 10:49 PM
Thanks for the reply, Steve. It doesn’t quite answer my question, but I think I’ve worked it out. Can you tell me if the following is correct?
When encrypting a file, you may also wish to sign it using your Secret Key, so that the recipient(s) can verify that it came from you, and arrived unmodified. To provide this facility, therefore, the Choose Recipients dialog box lets you select your Secret Key and check the ‘Sign’ checkbox.
As for the ‘Add to Recipients’ checkbox, this is simply a convenience feature that, when selected, will add the Public Key associated with the Secret Key you selected (whether you opted to use it to sign the encrypted file or not) to the list of recipients. Selecting your Secret Key and checking only the ‘Add to Recipients’ checkbox does the exact same thing as selecting your Public Key from the list above.
Is that right? If so, I would suggest that the drop-down menu could be labeled ‘Sender Key Pair:’ instead of ‘Secret Key:’ to avoid confusion.
Support Staff 3 Posted by Steve on 06 Jul, 2012 08:00 AM
What you write about signing is correct.
Also the other part is perfectly correct. The issue with sec key /pub key / key pair terminology is currently a shortcoming.
It also exists in GPG Keychain Access where you only see sec or pub key as type but indeed sec key also has a pub key included. We are thinking about improving this already. But I think Key Pair makes sense in the case of GPGServices.
Cheers, steve
4 Posted by Kevin Yank on 07 Jul, 2012 04:15 AM
Thanks, Steve!
Support Staff 5 Posted by Steve on 07 Jul, 2012 01:02 PM
Cheers, let us know if you need further help. Closing this discussion for now.
Steve closed this discussion on 07 Jul, 2012 01:02 PM.