OK, so I made this real simple.
I deleted all certificates from Kleopatra and made sure there were no keys in the public or private keyrings (gpg2 -k and gpg2 -K).
I created a new certificate and export the public key to ASCII armored file.
Put that public key on another machine and used a .NET app we wrote (not Kleopatra) to encrypt a file using the public key.
Then I delete my certificate in Kleopatra on my machine and ensure there are no public or private keys.
I even reboot to make sure none of the agents in memory are caching anything.
I then am able to decrypt the file using the passphrase successfully.
I’m using Windows and right clicking on the file then choosing “Decrypt and Verify”.
It starts Keopatra in the background to do the Decryption as expected
If I close Kleopatra and decrypt the file again, it does not challenge me for the passphrase as expected.
One of the running daemons must be caching it.
The other processes I see running are gpg-agent.exe, dbus-daemon.exe and scdaemon.exe.
When I kill those and decrypt the file again, it asks me for the passphrase.
My original problem had been deleting and creating a new cert and before replacing the public key in our .NET app on the other machine, I had it encrypt and send me a file again.
That file was decrypted and I had expected it to fail.
I replaced the public key in the .NET app on other machine and had it encrypt a file which I then decrypted on my machine successfully as expected.
Then I deleted the new certificate on my machine, imported the old one and was able to decrypt the new file encrypted with the second public key using the old cert (so it seemed).
Perhaps something had been cached in a daemon initially as i was not killing them between changing out certificates when I originally started this thread.
Now I just think the problem is that the original cert/private key are still being kept even after deleting them and killing all memory resident programs.
Not sure where the problem is here.
Anyone have a suggestion?