On Tue, 20 Sep 2005 08:53:46 +0200, Daniel A Nagy said:
4. Some implementations give up before trying all possible ways of
decrypting a message. For example, GnuPG gives up if it encounters a
passphrase-derived symmetric key specifier and the entered passphrase is
wrong, even if it is followed by an asymmetrically encrypted symmetric key
for which it does have access to the corresponding private decryption key.
There are actually two problems:
There is no way to cancel the input of a passphrase when using the
CLI, so that gpg can continue with other keys. When using the
gpg-agent, this is possible but a bug inhibited this - I just fixed
that one.
The other problem is that we can't reliable decide whether the
passphrase is correct. The only way to do this is by looking at the
algorithm byte to check whether this gives a valid algorithm. This is
far form being reliable. Due to gpg's streaming based design with only
a very limited look-ahead we can't do a test decryption and roll back
if it does not work out.
A way to check early that the decryption worked would be needed to
solve the problem - I am not sure whether this is really needed given
the security implications of such a check.
Salam-Shalom,
Werner