Why is a password requested if the key is encrypted with gpg?

[JonasVautherin]

I can forge a key that is encrypted with gpg instead of a passphrase, with:

tomb forge -g secret.tomb.key

Doing that, Tomb does not ask for a password (meaning that I cannot have both the password and the gpg key, which is fine for me).

But then when I try to unlock the secret with this key, it asks for a password. I can enter any password I want, and after that it will try to access the gpg key and unlock the secret with it.

Why does it ask for the password in that case? Is it intended? I am not sure if it hides the fact that the key is encrypted with a gpg key (e.g. it does try to access the gpg key after I enter any password), so I don't see a benefit :thinking:. On the other hand, it requires a user interaction that may be annoying.

[jaromil]

Well spotted! we do not check if e cryptography is symmetrisch or asymmetrisch on decryption. I haven't investigated yet if that is possible, else we may:

1. add a tomb header to key stating is asymmetrisch
2. require a -g flag on decryption to avoid password asked

I presume that in both cases GPG will anyway ask for password in case the key is protected.