Hi all,
I've searched the FAQ and the mailing list archives, and I don't see an answer
to this question, so I will ask it here...
I'm having trouble sending an encrypted file to a collaborator -- even though
they've sent me files that I've been able to decrypt.
Here's what they see, with their keys replaced -- TsTs = their subkey, TpTp =
their primary key.
My keys:
pub 2048R/F7A48B98 2012-05-22 usage: SC
sub 2048R/BE7A105E 2012-05-22 usage: E
And my collaborator:
pub 1024D/TpTpTpTp 1999-04-08 usage: SCA
sub 2048g/TsTstsTs 1999-04-08 usage: E
===========================================
gpg: public key is TsTsTsTs
[GNUPG:] ENC_TO xxxxxx--TsTsTsTs 16 0
gpg: using subkey TsTsTsTs instead of primary key TpTpTpTp
gpg: encrypted with 2048-bit ELG-E key, ID TsTsTsTs, created 1999-04-08
[my collaborator]
[GNUPG:] NO_SECKEY xxxxxx--TsTsTsTs
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: secret key not available [GNUPG:] END_DECRYPTION
===========================================
My question is ... what is going on here? Why can't they decrypt this file,
when they were able to send me a file that I could decrypt?
Their technical guy wrote me to say that when sending files, I should be using
primary key ID TpTpTpTp. But, so far as I can tell, everything here is
working as designed, and there's no way I *can* specifically say "use
TpTpTpTp". However, they say they haven't had any problems with anyone else,
and the system has been working for years.
Data I've gathered:
1. Using --edit-key, I did compare fingerprints and have validated the
fingerprint they sent me.
2. Early on, it appears that they had somehow used the wrong key for me. I
don't know where that came from, but once identified, I resent my key and they
processed it, and I've been able to decrypt files they've sent to me since then.
3. I have a suspicion there are two pathways for them -- an automated system
which picks up files & decrypts them, and their IT group trying to debug issues
on the other side of the connection.
4. When they sent me their key, I noticed it was exported with GnuPG 1.0.6
(SunOS). I'm using 1.4.12 on Mac and 1.4.10 on Ubuntu.
5. I accepted the default (RSA + RSA) version for key generation. Is that a
problem with an older GnuPG variant? I wouldn't think that's the issue.
What questions can I ask them which will help shed light on this situation? Is
it possible that I'm doing something wrong? I've created a test account with
its own gpg keys, and have successfully sent files both directions on my own
machine.
Many thanks,
Michael
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
