Why is a password requested if the key is encrypted with gpg?

Question

Why is a password requested if the key is encrypted with gpg?

Opened this issue a year ago · 1 comments

I can forge a key that is encrypted with gpg instead of a passphrase, with:

tomb forge -g secret.tomb.key

Doing that, Tomb does not ask for a password (meaning that I cannot have both the password and the gpg key, which is fine for me).

But then when I try to unlock the secret with this key, it asks for a password. I can enter any password I want, and after that it will try to access the gpg key and unlock the secret with it.

Why does it ask for the password in that case? Is it intended? I am not sure if it hides the fact that the key is encrypted with a gpg key (e.g. it does try to access the gpg key after I enter any password), so I don't see a benefit 🤔. On the other hand, it requires a user interaction that may be annoying.

Answer 1 · 2024-01-29T06:32:28.000Z

Well spotted! we do not check if e cryptography is symmetrisch or asymmetrisch on decryption. I haven't investigated yet if that is possible, else we may:

add a tomb header to key stating is asymmetrisch
require a -g flag on decryption to avoid password asked

I presume that in both cases GPG will anyway ask for password in case the key is protected.