diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 5c335cb2..223404ed 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1717,12 +1717,15 @@ gpg_decrypt (void *engine, strlen (override_session_key), 1); if (!err) { - /* We add --no-keyring because a keyring is not required - * when we are overriding the session key. It would + /* When we are not trying to verify signatures as well, + * we add --no-keyring because a keyring is not required + * for decryption when overriding the session key. It would * work without that option but --no-keyring avoids that * gpg return a failure due to a missing key log_error() * diagnostic. --no-keyring is supported since 2.1.14. */ - err = add_arg (gpg, "--no-keyring"); + + if (!(flags & GPGME_DECRYPT_VERIFY)) + err = add_arg (gpg, "--no-keyring"); if (!err) err = add_arg (gpg, "--override-session-key-fd"); if (!err)