5 files changed, 24 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index cf02fc2f..7ad1188e 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased)
  GPGME_CREATE_NOEXPIRE       NEW.
  gpgme_subkey_t              EXTENDED: New field is_de_vs.
  gpgme_op_keylist_from_data_start NEW.
- gpgme_data_rewind                UN-DEPRECATE.
+ GPGME_ENCRYPT_THROW_KEYIDS       NEW.
+ gpgme_data_rewind                UN-DEPRECATE
  cpp: Context::revUid(const Key&, const char*)      NEW.
  cpp: Context::startRevUid(const Key&, const char*) NEW.
  cpp: Context::addUid(const Key&, const char*)      NEW.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index edcbb98c..a4ab5c4f 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -5565,10 +5565,17 @@ also expect a sign command.
 
 @item GPGME_ENCRYPT_SYMMETRIC
 The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
-output should be additionally encrypted symmetically even
+output should be additionally encrypted symmetrically even
 if recipients are provided. This feature is only supported for
 for the OpenPGP crypto engine.
 
+@item GPGME_ENCRYPT_THROW_KEYIDS
+The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
+identifiers for the decrption keys are not included in the ciphertext.
+On the receiving side, the use of this flag may slow down the
+decryption process because all available secret keys must be tried.
+This flag is only honored for OpenPGP encryption.
+
 @end table
 
 If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 4b87a8a0..6024529b 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
@@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 2cf096b6..16191ebc 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1237,7 +1237,8 @@ typedef enum
     GPGME_ENCRYPT_PREPARE = 4,
     GPGME_ENCRYPT_EXPECT_SIGN = 8,
     GPGME_ENCRYPT_NO_COMPRESS = 16,
-    GPGME_ENCRYPT_SYMMETRIC = 32
+    GPGME_ENCRYPT_SYMMETRIC = 32,
+    GPGME_ENCRYPT_THROW_KEYIDS = 64
   }
 gpgme_encrypt_flags_t;
 
diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c
index fd868368..c148e931 100644
--- a/tests/run-encrypt.c
+++ b/tests/run-encrypt.c
@@ -88,6 +88,7 @@ show_usage (int ex)
          "  --uiserver       use the UI server\n"
          "  --loopback       use a loopback pinentry\n"
          "  --key NAME       encrypt to key NAME\n"
+         "  --throw-keyids   use this option\n"
          "  --symmetric      encrypt symmetric (OpenPGP only)\n"
          , stderr);
   exit (ex);
@@ -170,6 +171,11 @@ main (int argc, char **argv)
           keyargs[keycount++] = *argv;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--throw-keyids"))
+        {
+          flags |= GPGME_ENCRYPT_THROW_KEYIDS;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--loopback"))
         {
           use_loopback = 1;