Please describe the problem.
When you encrypt something to a master key, gpg actually encrypts to its corresponding encryption subkey, but the id of the master key gets recorded in the remote information. It is useful to be able to see the actual subkey id to make sure everything is encrypted as expected in a multi-subkey setup.
What steps will reproduce the problem?
- Have a master key with two encryption subkeys
- Create a remote with
hybridencryption withkeyidset to the key’s email address or master key id - Use
git annex enableremote keyid+=and the!suffix to add the second encryption key. - Try to use
git annex infoto see which subkeys can be used for decryption.
What version of git-annex are you using? On what operating system?
7.20181211
Please provide any additional information below.
I managed to do this for myself by thaking the cypher from remote.log, decoding base64 and running it through gpg --list-packets, but, I guess, it would be nicer to have an easy way to do this: maybe some flag for git annex info to do this dance for me, or even just record the subkey in remote.log.
If you use "keyid!" to specify a subkey, it is shown by git-annex info:
So I don't see a bug here?
But if I do not, then it is not shown, even though there can still be multiple valid encryption subkeys and god knows which one it chose.
Right, but if you're not sure if it's encrypted to a given subkey, you can simply add the subkey with
keyid+='xxx!'and then you'll know for sure it's encrypting to it.Seems to me that users who want to do things with multiple subkeys can just do that, once, and we avoid needing to add a whole lot of complication to git-annex.