Why doesn’t gpg need us to specify which keys for encryption and decryption

gpg

The GNU Privacy Handbook says:

The command-line option –sign is used to make a digital signature.
The document to sign is input, and the signed document is output.

alice% gpg --output doc.sig --sign doc

You need a passphrase to unlock the private key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04

Enter passphrase:

Why doesn't it ask which private key to be used? Can't the user running the command hold multiple private keys?

A document can be encrypted with a symmetric cipher by using the
–symmetric option.

alice% gpg --output doc.gpg --symmetric doc
Enter passphrase:

Does gpg use the passphrase to symmetrically encrypt the input file?
Or does it use the passphrase just to access the key which will be used to symmetrically encrypt the input file?
If latter, why does it not ask which key to be used for symmetric encryption? Can't the user hold multiple keys which can be used for symmetric encryption?

When decrypt a symmetrically encrypted file, 

alice% gpg --descrypt doc.gpg

will succeed. why does it not ask for passphrase (and the key to decrypt)? How can others then decrypt doc.gpg after I give it to them?

Thanks.

Best Answer

GnuPG will use the first key found in the secret keyring if neither --default-user nor --local-user is specified. You may also define the default key to be used with

default-key KEYID

in ~/.gnupg/gpg.conf.

Symmetric encryption does not involve any public or private keys. The passphrase that you enter is used to both encrypt and decrypt the message (hence "symmetric").

In your example, you will not be asked for the passphrase when decrypting because the gpg-agent process has cached the passphrase that you used when encrypting the message. If you terminated the agent and tried to decrypt the message again, you would be asked for the passphrase.

If you share your doc.gpg file and if it's encrypted with symmetric encryption, you would also need to share the passphrase somehow for enabling the recipients to decrypt the message. Anyone with the passphrase would be able to decrypt the message.

When using key encryption with signing, it would be enough to share you public key (for verification of the signature). Without signing, you don't have to share your key. Using key encryption, the message would be encrypted for one or several specific recipients, so you would need to have their public keys to perform the encryption. Without access to the private keys of the specific recipients, the message would not be able to be decrypted.

Related Question