Corrupted Files -- Need Help

Steve Butler sbutler at fchn.com
Tue Dec 2 11:24:20 CET 2003


Transmitted via FTP.  I'm presuming it wasn't ASCII since it has worked for
several months.

Have asked for an armored file.  Also suggested posting at their FTP site
and I'll pull it down (just in case the network folks here decided to do
some packet filtering at our firewall).  That way I can verify file lengths
before and after the transmission.

Pulled down the RFC 2440 and have verified that the session keys are all
different (baptism by fire!) via visual inspect of a hex dump of the file.
--show-session-key also verified that no two are the same.

If I am decoding correctly, the packets are:
1.  a8 of 3 bytes
2.  c1 of 526 bytes  (the two MPIs for Elgamal are 258 bytes each--including
length octets)
3.  c9 of [c1 b6] 630 bytes for files 1/2 and [c1 f7] 695 bytes for file 3.
4.  Which brings us to hex location 48F in file 1/2 which starts a string of
00 00 ... until location 4ff (end of file).

    For file 3 it brings us to hex location 4D0 which starts the string of
00 00 ... until location 4ff (end of file).

So, it appears that this structure is OK and it must be the encrypted
contents in hex locations hex 219-48e (or 219-4cf) that is somehow
incorrect.  Hex locations start at byte 0.

Does that sound plausible?

-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com]
Sent: Tuesday, December 02, 2003 10:19 AM

On Tue, Dec 02, 2003 at 09:18:01AM -0800, Steve Butler wrote:
> After several months of smooth operation we have received 3 different
> copies of a file that we are unable to decrypt.
> 
> AFAIK nothing has changed on either side. 

Interesting.  Those files were generated with PGP (you can tell from
the ":marker packet: 50 47 50").  How were they transferred to you?
If it was FTP, can you ensure that it wasn't ASCII mode?

Try having the user send you an ASCII armored file.  Also try having
the user zip the file before sending it, which can help establish
where the corruption is happening.

Out of curiosity, try decrypting each with the --show-session-key
flag.  Don't post the output - just tell me if the key is the same for
all three.

David


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.




More information about the Gnupg-users mailing list