Exception if package contains multiple recipients and current recipient does NOT have other recipient's public keys in his keyring

Up to Robin, this issue does NOT relate to keyserver migration.

On decrypt, we compare the real keys (being part of the package) with the ones specified in the metadata file. During this step, every missing key with be downloaded from the keyserver, BUT by key ID (look for decrypt_archive in decrypt.py file):

        with extract(archive_file, DATA_FILE_ENCRYPTED) as f_data:
            keys = retrieve_refresh_and_validate_keys(
                key_identifiers=gpg.extract_key_id(f_data),
                config=config,
            )

retrieve_refresh_and_validate_keys is a libbiomedit method which only accepts fingerprint (and NOT key ID) as identifier (look for assert_is_pgp_fingerprint invocation).

Statements

• Other recipient's keys should NOT be automatically downloaded
• As recipient, you private/public key is part of the keyring and can NOT be removed.
• Recipient's fingerprints are specified in the metadata file.