1.4.3 problem with decrypting pgp2.6.3 symmetrically encrypted message

vedaal at hush.com vedaal at hush.com
Fri May 26 17:06:59 CEST 2006 

have come across a problem with gnupg 1.4.3 having trouble 
decrypting
a pgp2.6.3 message that was symmetrically encrypted

1.4.3 has no problems decrypting the pgp2.6.3 message when it is 
encrypted to a key,
the problem happens only with symmetric encryption

(i apologize in advance,
but am using IDEA for the example below,

fwiw, 
even newer versions of PGP also *cannot* decrypt the pgp2.6.3 
symmetrically encrypted message when the cipher algo is set to 
anything else besides IDEA in Disastry's version, 
and 1.4.3 also cannot, and 'assumes' IDEA is used, and upon 
decryption, displays only a 32 character session key
and adds a 1:

if this is of any interest to anyone, 
will post an example done using twofish ;-) )

here is the symmetrically encrypted file using IDEA:

-----BEGIN PGP MESSAGE-----
Version: PGP 2.6.3ia-multi06
comment: passphrase: s

pgAAAB+a+HnEKkzsF/+y00oriwbmje5J4K69h2RHG6R+mxZT
=f1sN
-----END PGP MESSAGE-----

here is the gnupg output (using 1.4.3 in cygwin on win2k pro):

$ gpg v:\123.asc
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: PGP 2.6.3ia-multi06
gpg: armor header: comment: passphrase: s
:encrypted data packet:
        length: 31
gpg: assuming IDEA encrypted data
Enter passphrase:
gpg: [don't know]: invalid packet (ctb=10)
gpg: decryption okay
gpg: WARNING: message was not integrity protected
gpg: session key: `1:043A718774C572BD8A25ADBEB1BFCD5C'
gpg: packet(6) with unknown version 251

i don't seem to remember this problem happening with earlier 
versions
of gnupg

also, i used Disastry's version in default mode,
with the pgp2.6.3 option of no compression

can someone using an 'ordinary' pgp 2.6.x version, also try and 
confirm
if this happens in gnupg,
or is it only a 'Disastry version' problem, in something he might 
have overlooked when he was expanding the symmetric algorithms for 
2.6.3

Thanks!

vedaal





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

More information about the Gnupg-users mailing list