gpg - difference --encrypt-to and --recipient












1















What is the difference between --encrypt-to and --recipient and what are the advantages and disadvantages of using one over the other, which one should you use for encrypting your own files and what does the following mean?




--encrypt-to
... The key specified by name is used only
when there are other recipients given by the user or by use of the
option recipient. ...







encryption gnupg







share|improve this question





























    1















    What is the difference between --encrypt-to and --recipient and what are the advantages and disadvantages of using one over the other, which one should you use for encrypting your own files and what does the following mean?




    --encrypt-to
    ... The key specified by name is used only
    when there are other recipients given by the user or by use of the
    option recipient. ...







    encryption gnupg







    share|improve this question



























      1












      1








      1








      What is the difference between --encrypt-to and --recipient and what are the advantages and disadvantages of using one over the other, which one should you use for encrypting your own files and what does the following mean?




      --encrypt-to
      ... The key specified by name is used only
      when there are other recipients given by the user or by use of the
      option recipient. ...







      encryption gnupg







      share|improve this question
















      What is the difference between --encrypt-to and --recipient and what are the advantages and disadvantages of using one over the other, which one should you use for encrypting your own files and what does the following mean?




      --encrypt-to
      ... The key specified by name is used only
      when there are other recipients given by the user or by use of the
      option recipient. ...







      encryption gnupg




      encryption gnupg






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 30 '18 at 17:34







      Ini

















      asked Dec 30 '18 at 17:27









      IniIni

      1086




      1086






















          1 Answer
          1






          active

          oldest

          votes


















          2














          What is the difference between --encrypt-to and --recipient?



          Summary:




          With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.




          Please read the GPG Manual which explains the differences:




          --recipient name



          -r



          Encrypt for user id name. If this option or --hidden-recipient is not
          specified, GnuPG asks for the user-id unless --default-recipient is
          given.




          And




          --encrypt-to name



          Same as --recipient but this one is intended for use in the options
          file and may be used with your own user-id as an "encrypt-to-self".
          These keys are only used when there are other recipients given either
          by use of --recipient or by the asked user id. No trust checking is
          performed for these user ids and even disabled keys can be used.




          Source Using the GNU Privacy Guard: GPG Key related Options




          The documentation is not very detailed/examples may be useful



          Here is some more explanation and an example:




          "Encrypt-to-Self"



          When you encrypt a file or message with the --encrypt command, you
          are encrypting with someone else's public key. Strangely enough, even
          though you encrypted the file or message yourself, you won't be able
          to decrypt that encrypted file and access the plaintext. The only
          person who can decrypt the file is the owner of the secret key that is
          the partner of the public key used to encrypt the file. That's the
          nature of asymmetric, public key encryption: you encrypt with the
          public key and decrypt with the secret key (private key). If you don't
          keep a copy of the plaintext original file yourself (and you probably
          shouldn't for security reasons), then you face being locked out of the
          very files and messages that you have encrypted and sent to other
          people. Happily, there is a solution: the --encrypt-to option.



          You can include the --encrypt-to option in your Options file and
          specify your own public key. This option is often called the
          "encrypt-to-self" option, because it tells GPG to encrypt the message
          with your own public key as well as your recipient's public key. With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.



          To use the --encrypt-to option in your Options file, drop the
          leading dashes ( -- ) and specify your own key's Key ID. (You can get
          your own Key ID with the --list-keys command.) For example, Bob (whose
          Key ID is 0x3FAD9F1E) could include the following line in his Options
          file:



          encrypt-to 0x3FAD9F1E


          (Note that even though Bob's key includes an encryption subkey with a
          separate Key ID, he simply uses the Key ID for his master key.)



          Now Bob can encrypt a file to his friend Phil, just as he normally
          would...



          D:TEMP>gpg --recipient Phil --encrypt my-file.txt
          

          
D:TEMP>


          ...and still turn around and decrypt the file himself.



          D:TEMP>gpg --decrypt my-file.gpg
          

          
You need a passphrase to unlock the secret key for
          
user: "Bob Bone <bobbone@cowtownu.edu>"
          
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)
          

          
Enter passphrase: My_31337_Passphrase
          

          
gpg: encrypted with 2048-bit ELG-E key, ID 42F0A0A0, created 1997-04-07
          
      "Philip R. Zimmermann <prz@pgp.com>"
          
gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
          
      "Bob Bone <bobbone@cowtownu.edu>"
          

          
This is my file.
          

          
I have many such files.
          

          
But this is the file I'm working with now.
          

          
D:TEMP>



          Source GnuPG Commands - Examples






          share|improve this answer


























          • The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

            – Ini
            Dec 30 '18 at 17:41













          • Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

            – Ini
            Dec 30 '18 at 17:54








          • 1





            @Ini Answer updated.

            – DavidPostill
            Dec 30 '18 at 18:36











          • I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

            – Ini
            Dec 30 '18 at 19:39













          • 3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

            – Ini
            Dec 30 '18 at 19:39













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389024%2fgpg-difference-encrypt-to-and-recipient%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          What is the difference between --encrypt-to and --recipient?



          Summary:




          With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.




          Please read the GPG Manual which explains the differences:




          --recipient name



          -r



          Encrypt for user id name. If this option or --hidden-recipient is not
          specified, GnuPG asks for the user-id unless --default-recipient is
          given.




          And




          --encrypt-to name



          Same as --recipient but this one is intended for use in the options
          file and may be used with your own user-id as an "encrypt-to-self".
          These keys are only used when there are other recipients given either
          by use of --recipient or by the asked user id. No trust checking is
          performed for these user ids and even disabled keys can be used.




          Source Using the GNU Privacy Guard: GPG Key related Options




          The documentation is not very detailed/examples may be useful



          Here is some more explanation and an example:




          "Encrypt-to-Self"



          When you encrypt a file or message with the --encrypt command, you
          are encrypting with someone else's public key. Strangely enough, even
          though you encrypted the file or message yourself, you won't be able
          to decrypt that encrypted file and access the plaintext. The only
          person who can decrypt the file is the owner of the secret key that is
          the partner of the public key used to encrypt the file. That's the
          nature of asymmetric, public key encryption: you encrypt with the
          public key and decrypt with the secret key (private key). If you don't
          keep a copy of the plaintext original file yourself (and you probably
          shouldn't for security reasons), then you face being locked out of the
          very files and messages that you have encrypted and sent to other
          people. Happily, there is a solution: the --encrypt-to option.



          You can include the --encrypt-to option in your Options file and
          specify your own public key. This option is often called the
          "encrypt-to-self" option, because it tells GPG to encrypt the message
          with your own public key as well as your recipient's public key. With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.



          To use the --encrypt-to option in your Options file, drop the
          leading dashes ( -- ) and specify your own key's Key ID. (You can get
          your own Key ID with the --list-keys command.) For example, Bob (whose
          Key ID is 0x3FAD9F1E) could include the following line in his Options
          file:



          encrypt-to 0x3FAD9F1E


          (Note that even though Bob's key includes an encryption subkey with a
          separate Key ID, he simply uses the Key ID for his master key.)



          Now Bob can encrypt a file to his friend Phil, just as he normally
          would...



          D:TEMP>gpg --recipient Phil --encrypt my-file.txt
          

          
D:TEMP>


          ...and still turn around and decrypt the file himself.



          D:TEMP>gpg --decrypt my-file.gpg
          

          
You need a passphrase to unlock the secret key for
          
user: "Bob Bone <bobbone@cowtownu.edu>"
          
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)
          

          
Enter passphrase: My_31337_Passphrase
          

          
gpg: encrypted with 2048-bit ELG-E key, ID 42F0A0A0, created 1997-04-07
          
      "Philip R. Zimmermann <prz@pgp.com>"
          
gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
          
      "Bob Bone <bobbone@cowtownu.edu>"
          

          
This is my file.
          

          
I have many such files.
          

          
But this is the file I'm working with now.
          

          
D:TEMP>



          Source GnuPG Commands - Examples






          share|improve this answer


























          • The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

            – Ini
            Dec 30 '18 at 17:41













          • Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

            – Ini
            Dec 30 '18 at 17:54








          • 1





            @Ini Answer updated.

            – DavidPostill
            Dec 30 '18 at 18:36











          • I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

            – Ini
            Dec 30 '18 at 19:39













          • 3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

            – Ini
            Dec 30 '18 at 19:39


















          2














          What is the difference between --encrypt-to and --recipient?



          Summary:




          With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.




          Please read the GPG Manual which explains the differences:




          --recipient name



          -r



          Encrypt for user id name. If this option or --hidden-recipient is not
          specified, GnuPG asks for the user-id unless --default-recipient is
          given.




          And




          --encrypt-to name



          Same as --recipient but this one is intended for use in the options
          file and may be used with your own user-id as an "encrypt-to-self".
          These keys are only used when there are other recipients given either
          by use of --recipient or by the asked user id. No trust checking is
          performed for these user ids and even disabled keys can be used.




          Source Using the GNU Privacy Guard: GPG Key related Options




          The documentation is not very detailed/examples may be useful



          Here is some more explanation and an example:




          "Encrypt-to-Self"



          When you encrypt a file or message with the --encrypt command, you
          are encrypting with someone else's public key. Strangely enough, even
          though you encrypted the file or message yourself, you won't be able
          to decrypt that encrypted file and access the plaintext. The only
          person who can decrypt the file is the owner of the secret key that is
          the partner of the public key used to encrypt the file. That's the
          nature of asymmetric, public key encryption: you encrypt with the
          public key and decrypt with the secret key (private key). If you don't
          keep a copy of the plaintext original file yourself (and you probably
          shouldn't for security reasons), then you face being locked out of the
          very files and messages that you have encrypted and sent to other
          people. Happily, there is a solution: the --encrypt-to option.



          You can include the --encrypt-to option in your Options file and
          specify your own public key. This option is often called the
          "encrypt-to-self" option, because it tells GPG to encrypt the message
          with your own public key as well as your recipient's public key. With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.



          To use the --encrypt-to option in your Options file, drop the
          leading dashes ( -- ) and specify your own key's Key ID. (You can get
          your own Key ID with the --list-keys command.) For example, Bob (whose
          Key ID is 0x3FAD9F1E) could include the following line in his Options
          file:



          encrypt-to 0x3FAD9F1E


          (Note that even though Bob's key includes an encryption subkey with a
          separate Key ID, he simply uses the Key ID for his master key.)



          Now Bob can encrypt a file to his friend Phil, just as he normally
          would...



          D:TEMP>gpg --recipient Phil --encrypt my-file.txt
          

          
D:TEMP>


          ...and still turn around and decrypt the file himself.



          D:TEMP>gpg --decrypt my-file.gpg
          

          
You need a passphrase to unlock the secret key for
          
user: "Bob Bone <bobbone@cowtownu.edu>"
          
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)
          

          
Enter passphrase: My_31337_Passphrase
          

          
gpg: encrypted with 2048-bit ELG-E key, ID 42F0A0A0, created 1997-04-07
          
      "Philip R. Zimmermann <prz@pgp.com>"
          
gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
          
      "Bob Bone <bobbone@cowtownu.edu>"
          

          
This is my file.
          

          
I have many such files.
          

          
But this is the file I'm working with now.
          

          
D:TEMP>



          Source GnuPG Commands - Examples






          share|improve this answer


























          • The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

            – Ini
            Dec 30 '18 at 17:41













          • Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

            – Ini
            Dec 30 '18 at 17:54








          • 1





            @Ini Answer updated.

            – DavidPostill
            Dec 30 '18 at 18:36











          • I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

            – Ini
            Dec 30 '18 at 19:39













          • 3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

            – Ini
            Dec 30 '18 at 19:39
















          2












          2








          2







          What is the difference between --encrypt-to and --recipient?



          Summary:




          With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.




          Please read the GPG Manual which explains the differences:




          --recipient name



          -r



          Encrypt for user id name. If this option or --hidden-recipient is not
          specified, GnuPG asks for the user-id unless --default-recipient is
          given.




          And




          --encrypt-to name



          Same as --recipient but this one is intended for use in the options
          file and may be used with your own user-id as an "encrypt-to-self".
          These keys are only used when there are other recipients given either
          by use of --recipient or by the asked user id. No trust checking is
          performed for these user ids and even disabled keys can be used.




          Source Using the GNU Privacy Guard: GPG Key related Options




          The documentation is not very detailed/examples may be useful



          Here is some more explanation and an example:




          "Encrypt-to-Self"



          When you encrypt a file or message with the --encrypt command, you
          are encrypting with someone else's public key. Strangely enough, even
          though you encrypted the file or message yourself, you won't be able
          to decrypt that encrypted file and access the plaintext. The only
          person who can decrypt the file is the owner of the secret key that is
          the partner of the public key used to encrypt the file. That's the
          nature of asymmetric, public key encryption: you encrypt with the
          public key and decrypt with the secret key (private key). If you don't
          keep a copy of the plaintext original file yourself (and you probably
          shouldn't for security reasons), then you face being locked out of the
          very files and messages that you have encrypted and sent to other
          people. Happily, there is a solution: the --encrypt-to option.



          You can include the --encrypt-to option in your Options file and
          specify your own public key. This option is often called the
          "encrypt-to-self" option, because it tells GPG to encrypt the message
          with your own public key as well as your recipient's public key. With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.



          To use the --encrypt-to option in your Options file, drop the
          leading dashes ( -- ) and specify your own key's Key ID. (You can get
          your own Key ID with the --list-keys command.) For example, Bob (whose
          Key ID is 0x3FAD9F1E) could include the following line in his Options
          file:



          encrypt-to 0x3FAD9F1E


          (Note that even though Bob's key includes an encryption subkey with a
          separate Key ID, he simply uses the Key ID for his master key.)



          Now Bob can encrypt a file to his friend Phil, just as he normally
          would...



          D:TEMP>gpg --recipient Phil --encrypt my-file.txt
          

          
D:TEMP>


          ...and still turn around and decrypt the file himself.



          D:TEMP>gpg --decrypt my-file.gpg
          

          
You need a passphrase to unlock the secret key for
          
user: "Bob Bone <bobbone@cowtownu.edu>"
          
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)
          

          
Enter passphrase: My_31337_Passphrase
          

          
gpg: encrypted with 2048-bit ELG-E key, ID 42F0A0A0, created 1997-04-07
          
      "Philip R. Zimmermann <prz@pgp.com>"
          
gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
          
      "Bob Bone <bobbone@cowtownu.edu>"
          

          
This is my file.
          

          
I have many such files.
          

          
But this is the file I'm working with now.
          

          
D:TEMP>



          Source GnuPG Commands - Examples






          share|improve this answer















          What is the difference between --encrypt-to and --recipient?



          Summary:




          With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.




          Please read the GPG Manual which explains the differences:




          --recipient name



          -r



          Encrypt for user id name. If this option or --hidden-recipient is not
          specified, GnuPG asks for the user-id unless --default-recipient is
          given.




          And




          --encrypt-to name



          Same as --recipient but this one is intended for use in the options
          file and may be used with your own user-id as an "encrypt-to-self".
          These keys are only used when there are other recipients given either
          by use of --recipient or by the asked user id. No trust checking is
          performed for these user ids and even disabled keys can be used.




          Source Using the GNU Privacy Guard: GPG Key related Options




          The documentation is not very detailed/examples may be useful



          Here is some more explanation and an example:




          "Encrypt-to-Self"



          When you encrypt a file or message with the --encrypt command, you
          are encrypting with someone else's public key. Strangely enough, even
          though you encrypted the file or message yourself, you won't be able
          to decrypt that encrypted file and access the plaintext. The only
          person who can decrypt the file is the owner of the secret key that is
          the partner of the public key used to encrypt the file. That's the
          nature of asymmetric, public key encryption: you encrypt with the
          public key and decrypt with the secret key (private key). If you don't
          keep a copy of the plaintext original file yourself (and you probably
          shouldn't for security reasons), then you face being locked out of the
          very files and messages that you have encrypted and sent to other
          people. Happily, there is a solution: the --encrypt-to option.



          You can include the --encrypt-to option in your Options file and
          specify your own public key. This option is often called the
          "encrypt-to-self" option, because it tells GPG to encrypt the message
          with your own public key as well as your recipient's public key. With
          an --encrypt-to key designated in the Options file, GPG
          automatically encrypts messages and files to the public keys of the
          recipients you specify with the --recipient option as well as your
          own public key. The result: both you and your recipients will be able
          to decrypt the files or messages.



          To use the --encrypt-to option in your Options file, drop the
          leading dashes ( -- ) and specify your own key's Key ID. (You can get
          your own Key ID with the --list-keys command.) For example, Bob (whose
          Key ID is 0x3FAD9F1E) could include the following line in his Options
          file:



          encrypt-to 0x3FAD9F1E


          (Note that even though Bob's key includes an encryption subkey with a
          separate Key ID, he simply uses the Key ID for his master key.)



          Now Bob can encrypt a file to his friend Phil, just as he normally
          would...



          D:TEMP>gpg --recipient Phil --encrypt my-file.txt
          

          
D:TEMP>


          ...and still turn around and decrypt the file himself.



          D:TEMP>gpg --decrypt my-file.gpg
          

          
You need a passphrase to unlock the secret key for
          
user: "Bob Bone <bobbone@cowtownu.edu>"
          
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)
          

          
Enter passphrase: My_31337_Passphrase
          

          
gpg: encrypted with 2048-bit ELG-E key, ID 42F0A0A0, created 1997-04-07
          
      "Philip R. Zimmermann <prz@pgp.com>"
          
gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
          
      "Bob Bone <bobbone@cowtownu.edu>"
          

          
This is my file.
          

          
I have many such files.
          

          
But this is the file I'm working with now.
          

          
D:TEMP>



          Source GnuPG Commands - Examples







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 30 '18 at 18:35

























          answered Dec 30 '18 at 17:37









          DavidPostillDavidPostill

          105k25227260




          105k25227260













          • The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

            – Ini
            Dec 30 '18 at 17:41













          • Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

            – Ini
            Dec 30 '18 at 17:54








          • 1





            @Ini Answer updated.

            – DavidPostill
            Dec 30 '18 at 18:36











          • I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

            – Ini
            Dec 30 '18 at 19:39













          • 3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

            – Ini
            Dec 30 '18 at 19:39





















          • The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

            – Ini
            Dec 30 '18 at 17:41













          • Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

            – Ini
            Dec 30 '18 at 17:54








          • 1





            @Ini Answer updated.

            – DavidPostill
            Dec 30 '18 at 18:36











          • I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

            – Ini
            Dec 30 '18 at 19:39













          • 3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

            – Ini
            Dec 30 '18 at 19:39



















          The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

          – Ini
          Dec 30 '18 at 17:41







          The documentation is not very detailed. As far as I know you can also your own user-id with --recipient as an "encrypt-to-self". I'm not posting a question about a quotation to get the same quotation as an answer ;|. I mean what does it mean "to be used only when there are other recipients given..." That statement is not even a correct, because you can specify no recipient at all and the name that is specified at --encrypt-to will be used. That's why I have no idea what this --encrypt-to documentation actually tries to convey.

          – Ini
          Dec 30 '18 at 17:41















          Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

          – Ini
          Dec 30 '18 at 17:54







          Examples may be useful :). I may also be a bug, because gpg does not do what's documented there.

          – Ini
          Dec 30 '18 at 17:54






          1




          1





          @Ini Answer updated.

          – DavidPostill
          Dec 30 '18 at 18:36





          @Ini Answer updated.

          – DavidPostill
          Dec 30 '18 at 18:36













          I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

          – Ini
          Dec 30 '18 at 19:39







          I have some more questions just to be unambigous and make this complete — maybe you can incorporate the answers to those questions into your answer too: 1) So essentially specifiyng two --recipients with one being your own public key is essentially the same as one --encrypt-to with your own public key and --recipient with Bob's key? 2) Does this mean it doesen't matter which one (--encrypt-to or --recipient) you use to encrypt your own file, but it makes sense to have an encrypt-to statement with your own pub key in gpg.conf — and therefore it makes sense to use --encrypt-to?

          – Ini
          Dec 30 '18 at 19:39















          3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

          – Ini
          Dec 30 '18 at 19:39







          3) Does this mean that one sentence of the --encrypt-to documentation is wrong, because you can use the --encrypt-to option, without having to specify a --recipient or type one on prompt and the file will be encrypted with the name specified at encrypt-to option (as mentioned in question two of the above comment)? That contraticts with the documentation text "is used only when there are other recipients given by the user or by use of the option recipient"?

          – Ini
          Dec 30 '18 at 19:39




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389024%2fgpg-difference-encrypt-to-and-recipient%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Plaza Victoria

          Image
          Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l...
          Read more

          Brian Clough

          Image
          Brian Clough Datos personales Nombre completo Brian Howard Clough Apodo(s) Old Big 'Ead, Cloughie [ 1 ] ​ Nacimiento Middlesbrough, Inglaterra, Reino Unido 21 de marzo de 1935 Nacionalidad(es) Fallecimiento Derby, Reino Unido 20 de septiembre de 2004 (69 años) Altura 1,78 [ 1 ] ​ metros Carrera Deporte Fútbol Debut deportivo 1955 (Como jugador) 1965 (Como entrenador) (Middlesbrough F. C. (Como jugador) Hartlepool United F. C. (Como entrenador) ) Posición Delantero Goles en clubes 269 [ 2 ] ​ Retirada deportiva 1964 (Como jugador) 1993 (Como entrenador) (Sunderland A. F. C. (Como jugador) Nottingham Forest (Como entrenador) ) Carrera internacional Part. 2 [editar datos en Wikidata] Brian Howard Clough , OBE [ 3 ] ​ (Middlesbrough, Inglaterra, Reino Unido, 21 de marzo de 1935 – Derby, Inglaterra, Reino Unido, 20 de septiembre de 2004) fue un jugador y entrenador británico de fútbol. Es conocido por...
          Read more

          Cáceres

          Image
          Para otros usos de este término, véase Cáceres (desambiguación). Cáceres Municipio y ciudad Bandera Escudo Collage de Cáceres Cáceres Ubicación de Cáceres en España. Cáceres Ubicación de Cáceres en la provincia de Cáceres. País  España • Com. autónoma  Extremadura • Provincia  Cáceres • Partido judicial Cáceres Ubicación 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 Coordenadas: 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 • Altitud 457 [ 1 ] ​ msnm (mín.:211 [ 2 ] ​, máx.:708 [ 2 ] ​) Superficie 1750,33 km² Núcleos de población Cáceres Estación Arroyo-Malpartida Rincón de Ballesteros Valdesalor Fundación 34 a. C. Población 96 068 hab. (2018) • Densidad 54,8 hab./km² Gentilicio Cacereño/a [ 3 ] ​ Código postal 10001-10005, 10195 Alcaldesa (2015) María Elena Nevado del Campo [ 4 ] ​ Presupuesto 69.045.004€ [ 5 ] ​  (año ...
          Read more