Re: cannot decrypt file symmetric encrypted

[Dirk Gottschalk via Gnupg-users]

Hi.

Am Donnerstag, den 02.08.2018, 14:11 +0200 schrieb Stefano
Tranquillini:
> Hi all,
> last year I encrypted some files, today i tried to decrypt them but
> the
> decryption fails

> stefano@~/Downloads/words$ gpg -d words.1.gpg
> gpg: AES256 encrypted data
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: Bad session key

> can it be the difference between 1.4 (i guess in july 2017 that was)
> and
> the current one

I don't now if there's any difference in symmetric encryption between
1.4.X and 2.2.X.

> stefano@~/Downloads/words$ gpg --version
> gpg (GnuPG/MacGPG2) 2.2.8
> libgcrypt 1.8.3

> what can I do?
> (i'm on a mac)

You could download and build the legacy version of GPG and give it a
try.

Are you sure you used the correct passphrase to decrypt?

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

cannot decrypt file symmetric encrypted

[Stefano Tranquillini]

Hi all,
last year I encrypted some files, today i tried to decrypt them but the
decryption fails

stefano@~/Downloads/words$ gpg -d words.1.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

can it be the difference between 1.4 (i guess in july 2017 that was) and
the current one

stefano@~/Downloads/words$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.8
libgcrypt 1.8.3

what can I do?
(i'm on a mac)

-- 
Stefano
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot decrypt file encrypted with enQsig

[Peter Lebbing]

On 02/08/18 11:07, Felix E. Klee wrote:> It seems like the card reader
cannot decrypt the session key. *Is that correct?*
The fact this "enterprise solution" decided to encrypt it to your
primary, non-encryption-capable, key, is a big red flag that this
"solution" is not compatible to "modern-day" OpenPGP. So I think it's a
safe bet they also screwed up the PKESK packet for your subkey, and the
error is indeed related to it not representing a valid session key.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Cannot decrypt file encrypted with enQsig

[Felix E. Klee]

Hi Dirk,

thanks for all your suggestions!

If I can, I want to avoid creating another key. I prefer getting the
issue resolved and have bugs reported/fixed along the way. I had it once
before that I could not decrypt a document encrypted by a big German
company with my private key. These enterprise “solutions” seem to have
issues.

On Mon, Jul 30, 2018 at 5:14 PM, Dirk Gottschalk via Gnupg-users
 wrote:
> The last packet mentions your signature key as used for encryption,
> this is an error for sure.

I now removed my signature key BEF6EFD38FE8DCA0 from the encrypted
message:

$ gpg --dearmor encrypted.asc
$ gpgsplit encrypted.asc.gpg
$ ls -1
01-001.pk_enc
02-001.pk_enc
03-001.pk_enc
04-001.pk_enc
05-018.encrypted_mdc
encrypted.asc
encrypted.asc.gpg
$ pgpdump 01-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0xBEF6EFD38FE8DCA0
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4096 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 02-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x04FDF78D1679DD94
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4095 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 03-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x92663E7CA68E4EC6
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4096 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 04-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x9D8C454A43A6D2DE
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4094 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 05-018.encrypted_mdc
New: Symmetrically Encrypted and MDC Packet(tag 18)(1718 bytes)
Ver 1
(plain text + MDC SHA1(20 bytes))
$ cat 02-001.pk_enc 03-001.pk_enc 04-001.pk_enc \
05-018.encrypted_mdc >new.gpg

Decryption still fails:

$ gpg -d new.gpg
gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE
gpg: encrypted with RSA key, ID 92663E7CA68E4EC6
gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created
2016-12-17
  "Felix E. Klee "
gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key
$ gpg --list-packets new.gpg
gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE
gpg: encrypted with RSA key, ID 92663E7CA68E4EC6
gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created
2016-12-17
  "Felix E. Klee "
gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key
# off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94
data: [4095 bits]
# off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6
data: [4096 bits]
# off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE
data: [4094 bits]
# off=1581 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb
:encrypted data packet:
length: 1718
mdc_method: 2

As before, the reason given for “public key decryption failed” depends
on the card reader used:

  * SCM SPR332 v2: “Missing item in object”

  * Cherry ST-2000: “Invalid value”

  * REINER SCT cyberJack: “Missing item in object”

It seems like the card reader cannot decrypt the session key. *Is that correct?*

I also tried removing all keys except for my encryption key
04FDF78D1679DD94. This does not make a difference, i.e. encryption fails
as above.

/ Felix

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users