Hi Dirk, thanks for all your suggestions!
If I can, I want to avoid creating another key. I prefer getting the issue resolved and have bugs reported/fixed along the way. I had it once before that I could not decrypt a document encrypted by a big German company with my private key. These enterprise “solutions” seem to have issues. On Mon, Jul 30, 2018 at 5:14 PM, Dirk Gottschalk via Gnupg-users <gnupg-users@gnupg.org> wrote: > The last packet mentions your signature key as used for encryption, > this is an error for sure. I now removed my signature key BEF6EFD38FE8DCA0 from the encrypted message: $ gpg --dearmor encrypted.asc $ gpgsplit encrypted.asc.gpg $ ls -1 000001-001.pk_enc 000002-001.pk_enc 000003-001.pk_enc 000004-001.pk_enc 000005-018.encrypted_mdc encrypted.asc encrypted.asc.gpg $ pgpdump 000001-001.pk_enc New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes) New version(3) Key ID - 0xBEF6EFD38FE8DCA0 Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(4096 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 $ pgpdump 000002-001.pk_enc New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes) New version(3) Key ID - 0x04FDF78D1679DD94 Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(4095 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 $ pgpdump 000003-001.pk_enc New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes) New version(3) Key ID - 0x92663E7CA68E4EC6 Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(4096 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 $ pgpdump 000004-001.pk_enc New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes) New version(3) Key ID - 0x9D8C454A43A6D2DE Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(4094 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 $ pgpdump 000005-018.encrypted_mdc New: Symmetrically Encrypted and MDC Packet(tag 18)(1718 bytes) Ver 1 (plain text + MDC SHA1(20 bytes)) $ cat 000002-001.pk_enc 000003-001.pk_enc 000004-001.pk_enc \ 000005-018.encrypted_mdc >new.gpg Decryption still fails: $ gpg -d new.gpg gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee <felix.k...@inka.de>" gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key $ gpg --list-packets new.gpg gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE gpg: encrypted with RSA key, ID 92663E7CA68E4EC6 gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created 2016-12-17 "Felix E. Klee <felix.k...@inka.de>" gpg: public key decryption failed: Missing item in object gpg: decryption failed: No secret key # off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94 data: [4095 bits] # off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6 data: [4096 bits] # off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb :pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE data: [4094 bits] # off=1581 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb :encrypted data packet: length: 1718 mdc_method: 2 As before, the reason given for “public key decryption failed” depends on the card reader used: * SCM SPR332 v2: “Missing item in object” * Cherry ST-2000: “Invalid value” * REINER SCT cyberJack: “Missing item in object” It seems like the card reader cannot decrypt the session key. *Is that correct?* I also tried removing all keys except for my encryption key 04FDF78D1679DD94. This does not make a difference, i.e. encryption fails as above. / Felix _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users