Hello, chris.p...@gmx.de wrote: > With GnuPG 2, signing, encrypting and decrypting a file works without > any problems. With 1.4, I can encrypt and sign a file, but I can't > decrypt it. It's failing with the message: [...] > > gpg: public key decryption failed: general error > gpg: decryption failed: secret key not available [...] > sec# rsa4096/E728903D created: 2014-04-12 expires: never > ssb> rsa4096/3A07266F created: 2014-04-12 expires: never > card-no: 0005 00005031 > ssb> rsa4096/43F27C98 created: 2017-01-24 expires: never > card-no: 0005 00005031
I located the cause of this issue. It is not the issue of scdaemon incompatibility of GnuPG 2.1, which I addressed yesterday. With GnuPG 1.4 for smartcard can't work well for RSA 4096-bit keys. (I think that it can also occur with the combination of GnuPG 1.4 and GnuPG 2.0.) In the code of g10/cardglue.c, the buffer length is 1002-byte by the definition of ASSUAN_LINELENGTH [0], but this length is not enough for the checking at [1]. (To represent encrypted value of 4096-bit itself, it requires 1024-byte by hex string.) [0] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=include/assuan.h;h=1170f959df353f33373565c729981891dcd0100c;hb=refs/heads/STABLE-BRANCH-1-4#l91 [1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/cardglue.c;h=809b315e564831aac8727d3c905e53016749f76e;hb=refs/heads/STABLE-BRANCH-1-4#l1395 -- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users