Re: Cannot decrypt file encrypted with enQsig
Hello Again. :-D Am Montag, den 30.07.2018, 12:18 +0200 schrieb Felix E. Klee: To compare the output of your packet analysis, I encrypted a file for myself and got this result with --list-packets: $ gpg -v --list-packets WoV-Logs.7z.gpg gpg: Öffentlicher Schlüssel ist CAE07B251AE3F69E gpg: der Unterschlüssel CAE07B251AE3F69E wird anstelle des Hauptschlüssels 40810B181ED8E838 verwendet gpg: der Unterschlüssel CAE07B251AE3F69E wird anstelle des Hauptschlüssels 40810B181ED8E838 verwendet gpg: verschlüsselt mit 4096-Bit RSA Schlüssel, ID CAE07B251AE3F69E, erzeugt 2018-03-01 "Dirk Gottschalk " gpg: AES256 verschlüsselte Daten # off=0 ctb=85 tag=1 hlen=3 plen=524 :pubkey enc packet: version 3, algo 1, keyid CAE07B251AE3F69E data: [irrelevant hex data snipped] # off=527 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb :encrypted data packet: length: unknown mdc_method: 2 # off=548 ctb=a3 tag=8 hlen=1 plen=0 indeterminate :compressed packet: algo=2 # off=550 ctb=90 tag=4 hlen=2 plen=13 :onepass_sig packet: keyid 40810B181ED8E838 version 3, sigclass 0x00, digest 10, pubkey 1, last=1 # off=565 ctb=ae tag=11 hlen=5 plen=191470 :literal data packet: mode b (62), created 1532964524, name="WoV-Logs.7z", raw data: 191453 bytes # off=192040 ctb=89 tag=2 hlen=3 plen=563 :signature packet: algo 1, keyid 40810B181ED8E838 version 4, created 1532964524, md5len 0, sigclass 0x00 digest algo 10, begin of digest e0 4e hashed subpkt 33 len 21 (issuer fpr v4 DDCBAF8E0132AA5420ABB86440810B181ED8E838) hashed subpkt 2 len 4 (sig created 2018-07-30) subpkt 16 len 8 (issuer key ID 40810B181ED8E838) data: [irrelevant hex data snipped] The signature key is only mentioned in the signature packet, but not in combination with the en-/decryption. I really think this is an enQsig issue and should be filed as a bug report to it's developers. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac id="-x-evo-selection-start-marker"> signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
Hi. Am Montag, den 30.07.2018, 12:18 +0200 schrieb Felix E. Klee: > Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe, > und die ich erfolgreich entschlüsseln kann: > > >gpg --list-packets foo.gpg > gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, > created 2 > 016-12-17 > "Felix E. Klee " > # off=0 ctb=85 tag=1 hlen=3 plen=524 > :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 > data: [4094 bits] > # off=527 ctb=d2 tag=18 hlen=2 plen=76 new-ctb > :encrypted data packet: > length: 76 > mdc_method: 2 > # off=548 ctb=a3 tag=8 hlen=1 plen=0 indeterminate > :compressed packet: algo=2 > # off=550 ctb=cb tag=11 hlen=2 plen=23 new-ctb > :literal data packet: > mode b (62), created 1532945681, name="", > raw data: 17 bytes As a dirty workaroung you could generate a dedicated key without subkeys with the capabilities set to [SCE] and try this key, which should work. This will not fix the Issue per se, but should get your decryption working while you try to solve the main problem. I don't npw how important the data exchange in your case is. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac id="-x-evo-selection-start-marker"> signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
Hi. Am Montag, den 30.07.2018, 11:26 +0200 schrieb Felix E. Klee: > On Sun, Jul 29, 2018 at 11:37 PM, Dirk Gottschalk via Gnupg-users > wrote: > > > My encryption key is the sub key 04FDF78D1679DD94. The private > > > key is > > > on a smart card. […] > > > > Does this key work as expected in other programs, MUAs for example? > > I use it daily for encryption/decryption of documents, though only > with > GnuPG. > > > I didn't test it mysqlf, but exporting a only a sub key should be > > no > > problem. > > *But how?* > > Your suggestion doesn’t seem to work: > > >gpg --export 04FDF78D1679DD94 | gpg --keyid-format long > gpg: WARNING: no command supplied. Trying to guess what you mean > .. Try "gpg --key-id-long -a --export 04FDF78D1679DD94". But, I just tested it and it unfortunately seems to export the whole key bundle. I'll look deeper into this. > > Have you tried to inspect the packets in the file with > > "--list-packets"? > > Here you go (again my encryption key is `04FDF78D1679DD94`): > > >gpg --list-packets encrypted.asc > # off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb > :pubkey enc packet: version 3, algo 1, keyid BEF6EFD38FE8DCA0 > data: [4096 bits] > # off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb > :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 > data: [4095 bits] > # off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb > :pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6 > data: [4096 bits] > # off=1581 ctb=c1 tag=1 hlen=3 plen=524 new-ctb > :pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE > data: [4094 bits] > gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE > gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 > gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, > created 2 > 016-12-17 > "Felix E. Klee " > gpg: public key decryption failed: Missing item in object > gpg: encrypted with 4096-bit RSA key, ID BEF6EFD38FE8DCA0, > created 2 > 016-12-17 > "Felix E. Klee " > gpg: public key decryption failed: Invalid ID > gpg: decryption failed: No secret key > # off=2108 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb > :encrypted data packet: > length: 1718 > mdc_method: 2 > > I wonder what “Missing item in object” means. The file seems to be encrypted (also) for the correct subkey. I wonder about the signature key being mentioned in the first encrypted package line, but I didn't test if this is normal. Probably enQsig does not format the OpenPGP packet correctly. Missing object is an error message that I've never seen before. Your key bundle ist okay, otherwise you should habe the same problems with other encrypted files. The last packet mentions your signature key as used for encryption, this is an error for sure. Invalid ID means that the key with this ID does nor have the capabelity to encrypt or decrypt, which is correct. In this case you really have no secret key to decrypt the file. EnQsif seems really to mess up the encryption thing for unknown reasons. I'll check for a way to eyport a public subkey. This schould work because exporting a secret subkey is also possible. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac id="-x-evo-selection-start-marker"> signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
On Mon, Jul 30, 2018 at 12:40 PM, Felix E. Klee wrote: > “Invalid value” Same on Linux BTW (with the Cherry ST-2000). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
Now I tried a different card reader (after restarting Windows 7x64). This time it’s a Cherry ST-2000. Previously it was a ReinerSCT cyberJack. With the Cherry I get a different error message! This time it’s “Invalid value” instead of “Invalid ID”! *What does that mean?* >gpg --list-packets encrypted.asc # off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid BEF6EFD38FE8DCA0 data: [4096 bits] # off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 data: [4095 bits] # off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6 data: [4096 bits] # off=1581 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE data: [4094 bits] gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid value gpg: encrypted with 4096-bit RSA key, ID BEF6EFD38FE8DCA0, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid ID gpg: decryption failed: No secret key # off=2108 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb :encrypted data packet: length: 1718 mdc_method: 2 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe, und die ich erfolgreich entschlüsseln kann: >gpg --list-packets foo.gpg gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " # off=0 ctb=85 tag=1 hlen=3 plen=524 :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 data: [4094 bits] # off=527 ctb=d2 tag=18 hlen=2 plen=76 new-ctb :encrypted data packet: length: 76 mdc_method: 2 # off=548 ctb=a3 tag=8 hlen=1 plen=0 indeterminate :compressed packet: algo=2 # off=550 ctb=cb tag=11 hlen=2 plen=23 new-ctb :literal data packet: mode b (62), created 1532945681, name="", raw data: 17 bytes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot decrypt file encrypted with enQsig
On Sun, Jul 29, 2018 at 11:37 PM, Dirk Gottschalk via Gnupg-users wrote: >> My encryption key is the sub key 04FDF78D1679DD94. The private key is >> on a smart card. […] > > Does this key work as expected in other programs, MUAs for example? I use it daily for encryption/decryption of documents, though only with GnuPG. > I didn't test it mysqlf, but exporting a only a sub key should be no > problem. *But how?* Your suggestion doesn’t seem to work: >gpg --export 04FDF78D1679DD94 | gpg --keyid-format long gpg: WARNING: no command supplied. Trying to guess what you mean .. . pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 [SC] [expires: 2018-12-17] 5EF8B6017F668171259945D6BEF6EFD38FE8DCA0 uid Felix E. Klee sub rsa4096/04FDF78D1679DD94 2016-12-17 [E] [expires: 2018-12-17] > Could you provide an example file with this error, in best case > generated from the Sender? I can ask him of course. First I would like to see, though, if GnuPG can tell us what’s the problem. > Have you tried to inspect the packets in the file with > "--list-packets"? Here you go (again my encryption key is `04FDF78D1679DD94`): >gpg --list-packets encrypted.asc # off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid BEF6EFD38FE8DCA0 data: [4096 bits] # off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 data: [4095 bits] # off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6 data: [4096 bits] # off=1581 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE data: [4094 bits] gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Missing item in object gpg: encrypted with 4096-bit RSA key, ID BEF6EFD38FE8DCA0, created 2 016-12-17 "Felix E. Klee " gpg: public key decryption failed: Invalid ID gpg: decryption failed: No secret key # off=2108 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb :encrypted data packet: length: 1718 mdc_method: 2 I wonder what “Missing item in object” means. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
