Setting a default key should force gpg to try it first. Add this to gpg.conf: default-key <key ID> In any case, testing all the keys should take less than a second. Here's what the decryption process looks like, along with the processing time: $ time gpg -d anon_message.pgp gpg: anonymous recipient; trying secret key [REDACTED] ... gpg: anonymous recipient; trying secret key [REDACTED] ... gpg: anonymous recipient; trying secret key [REDACTED] ... gpg: anonymous recipient; trying secret key [REDACTED] ... gpg: anonymous recipient; trying secret key [REDACTED] ... gpg: okay, we are the anonymous recipient. gpg: encrypted with RSA key, ID 00000000 gpg: encrypted with RSA key, ID 00000000 gpg: encrypted with RSA key, ID 00000000 It worked! real0m0.513s user 0m0.508s sys0m0.004s So, half a second in this case. It will take less time if the message has been decrypted with fewer keys, or you have fewer private keys to test, or it hits a match sooner. If you don't encrypt the message with your key, then your key ID won't be in it. 2 is automatic without 1. Comments are just that, you can make a comment about the message, yourself, whatever, but they are usually used to advertise for the PGP program, like this: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org The greeting is a splash screen with copyright info that looks like this: gpg (GnuPG) 1.4.11 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Now why would you want to see that every time you run the program?