On Wed, Aug 15, 2018 at 12:13 PM, Peter Lebbing
wrote:
>> So, perhaps enQsig is using 3DES.
>
> Good find! This sounds plausible.
Created a custom key pair not on a smart card, just for this single
transaction. Result:
>gpg --verbose --decrypt encrypted.asc | head
gpg: armor header:
On 16/08/18 07:52, Felix E. Klee wrote:
> PS: I’m toying with the idea of switching from my smart card to a
> Trezor hardware token. This would mean generating an entirely new key
> (only 256 bit ECC supported).
I didn't look at the Trezor to check, but I'll assume it allows usage
with GnuPG
On Wed, Aug 15, 2018 at 12:13 PM, Peter Lebbing
wrote:
> Here's the catch: unless you have an on-disk copy of your private
> encryption key, you can't. [if enQsig uses 3DES]
I do have a backup of the private key, but it’s 1. out of reach at the
moment and 2. it’s a pain to restore. So far, I’m
On 15/08/18 09:08, Felix E. Klee wrote:
> So, perhaps enQsig is using 3DES.
Good find! This sounds plausible. I myself had completely forgotten
reading about this bug.
Besides, I completely dismissed the encrypting application in this case
because it decided to encrypt the session key to your
On 03/08/18 09:16, Felix E. Klee wrote:
> As I would like to understand things a bit better, do you think it is
> possible to get some more details?
Answering this in any detail would be a lot of answer. But the basic
mechanism is --debug, --debug-level or perhaps just --debug-all and
sifting
*Update:* Yesterday, I was reading the [GnuPG wiki page on
SmartCards][1] due to another issue. At its bottom I found listed as
known bug:
* Encrypted message with 3DES can't be decrypted with OpenPGP Card
(V2.1, V3.3 without fix)
- Due to the bug, it results: Missing item in object
On Thu, Aug 2, 2018 at 2:14 PM, Peter Lebbing
wrote:
> So I think it's a safe bet they also screwed up the PKESK packet for
> your subkey, and the error is indeed related to it not representing a
> valid session key.
As I would like to understand things a bit better, do you think it is
possible
On 02/08/18 11:07, Felix E. Klee wrote:> It seems like the card reader
cannot decrypt the session key. *Is that correct?*
The fact this "enterprise solution" decided to encrypt it to your
primary, non-encryption-capable, key, is a big red flag that this
"solution" is not compatible to "modern-day"
Hi Dirk,
thanks for all your suggestions!
If I can, I want to avoid creating another key. I prefer getting the
issue resolved and have bugs reported/fixed along the way. I had it once
before that I could not decrypt a document encrypted by a big German
company with my private key. These
Hello Again. :-D
Am Montag, den 30.07.2018, 12:18 +0200 schrieb Felix E. Klee:
To compare the output of your packet analysis, I encrypted a file for
myself and got this result with --list-packets:
$ gpg -v --list-packets WoV-Logs.7z.gpg
gpg: Öffentlicher Schlüssel ist CAE07B251AE3F69E
gpg: der
Hi.
Am Montag, den 30.07.2018, 12:18 +0200 schrieb Felix E. Klee:
> Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe,
> und die ich erfolgreich entschlüsseln kann:
>
> >gpg --list-packets foo.gpg
> gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94,
> created 2
Hi.
Am Montag, den 30.07.2018, 11:26 +0200 schrieb Felix E. Klee:
> On Sun, Jul 29, 2018 at 11:37 PM, Dirk Gottschalk via Gnupg-users
> wrote:
> > > My encryption key is the sub key 04FDF78D1679DD94. The private
> > > key is
> > > on a smart card. […]
> >
> > Does this key work as expected in
On Mon, Jul 30, 2018 at 12:40 PM, Felix E. Klee
wrote:
> “Invalid value”
Same on Linux BTW (with the Cherry ST-2000).
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Now I tried a different card reader (after restarting Windows 7x64).
This time it’s a Cherry ST-2000. Previously it was a ReinerSCT
cyberJack.
With the Cherry I get a different error message! This time it’s “Invalid
value” instead of “Invalid ID”!
*What does that mean?*
>gpg --list-packets
Zum Vergleich eine Datei, die ich selbst für mich verschlüsselt habe,
und die ich erfolgreich entschlüsseln kann:
>gpg --list-packets foo.gpg
gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2
016-12-17
"Felix E. Klee "
# off=0 ctb=85 tag=1 hlen=3
On Sun, Jul 29, 2018 at 11:37 PM, Dirk Gottschalk via Gnupg-users
wrote:
>> My encryption key is the sub key 04FDF78D1679DD94. The private key is
>> on a smart card. […]
>
> Does this key work as expected in other programs, MUAs for example?
I use it daily for encryption/decryption of documents,
Hi.
Am Freitag, den 27.07.2018, 16:49 +0200 schrieb Felix E. Klee:
> From what I can tell, the file has been encrypted with four keys. My
> encryption key is the sub key 04FDF78D1679DD94. The private key is on
> a smart card. As you can see, decryption fails with an error message:
> “gpg: public
To receive a document in encrypted form, I provided my public key to the
sender. See attachment. The key contains a sub key for encryption:
sec rsa4096/BEF6EFD38FE8DCA0
created: 2016-12-17 expires: 2018-12-17 usage: SC
card-no: 0005 4980
trust: ultimate
18 matches
Mail list logo
