diff --git a/openpgp/packet/config.go b/openpgp/packet/config.go index 128f13b87..cc6201057 100644 --- a/openpgp/packet/config.go +++ b/openpgp/packet/config.go @@ -137,6 +137,7 @@ type Config struct { // CheckIntendedRecipients is a flag that indicates if // a decryption key for an encrypted and signed messages should be checked // to be present in the signatures intended recipient list. + // In encrypt and sign intended recipients are only included if this flag is true. // if config is nil or flag is nil, it defaults to true CheckIntendedRecipients *bool // CacheSessionKey is a flag that indicates diff --git a/openpgp/v2/write.go b/openpgp/v2/write.go index 85c9200d3..4da8bf657 100644 --- a/openpgp/v2/write.go +++ b/openpgp/v2/write.go @@ -589,7 +589,9 @@ func encrypt( var intendedRecipients []*packet.Recipient // Intended Recipient Fingerprint subpacket SHOULD be used when creating a signed and encrypted message for _, publicRecipient := range to { - intendedRecipients = append(intendedRecipients, &packet.Recipient{KeyVersion: publicRecipient.PrimaryKey.Version, Fingerprint: publicRecipient.PrimaryKey.Fingerprint}) + if config.IntendedRecipients() { + intendedRecipients = append(intendedRecipients, &packet.Recipient{KeyVersion: publicRecipient.PrimaryKey.Version, Fingerprint: publicRecipient.PrimaryKey.Fingerprint}) + } } timeForEncryptionKey := config.Now()