decrypt : primary key or subkey ?

Charly Avital shavital at mac.com
Wed Jun 6 18:56:20 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Bruno Costacurta wrote the following on 6/6/07 5:23 PM:
> Hello,
> I'm not able to decrpyt message as I received hereafter message about using 
> subkey instead of primary key. 

This is your public key, as I have just downloaded it from the servers:
- ----------
pub  1024D/2E604D51  created: 2006-06-11  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048g/0CC897B5  created: 2006-06-11  expires: never       usage: E
[ unknown] (1). Bruno Costacurta <bruno at costacurta.org>
[ revoked] (2)  pubmb01 <pubmb01 at skynet.be>
[ revoked] (3)  pubmb02 <pubmb02 at skynet.be>
[ revoked] (4)  Bruno Costacurta <cob1 at biz.tiscali.be>
[ unknown] (5)  Bruno Costacurta <pubmb01 at skynet.be>
[ unknown] (6)  Bruno Costacurta <contract at costacurta.org>
- ----------
> 
> Is this correct ? Could it be the problem relies on the usage of this subkey ?
> If yes, how to manage my keyring regarding this 
> subkey (which is obviously used for en/decrypting not for signing) to be able 
> to decrypt ?

As you can see, your primary key 1024D/2E604D51 is used for SC (Sign,
Certify).
The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for
decrypting.

For decrypting you use your secret key (copy/paste of your own
prompt/output):
/home/bruno: gpg --list-secret-keys 0x2e604D51
sec   1024D/2E604D51 2006-06-11

The message "...using subkey...instead of primary key..." is exactly as
it should be, as pointed out by dave.smith at st.com in this forum.

The secret key required for decryption is reported to be where it should be.

The problem might be with the encryption process used by the sender of
that message.

> 
> gpg -v -v --decrypt msg.asc
> gpg: armor: BEGIN PGP MESSAGE
> gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
> :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5
>         data: [2048 bits]
>         data: [2048 bits]
> gpg: public key is 0CC897B5
> :encrypted data packet:
>         length: unknown

I am not sure this 'length: unknown' is as it should be. I have carried
out a few tests with encrypted messages, and there is always a value
after 'length: ..... As I pointed out above, *maybe* there is some
problem with the encryption process used by the sender of the message
you have not been able to decrypt.

>         mdc_method: 2
> gpg: using subkey 0CC897B5 instead of primary key 2E604D51
> gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
>       "Bruno Costacurta <bruno at costacurta.org>"
> gpg: decryption failed: secret key not available

I am sending you, separately, a encrypted test message, please let me
know if you can decrypt it.

Charly
MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRmbnCM3GMi2FW4PvAQhdAQgAg/qYzSf1pUlKt93QFArARWB3gW/BEsGT
2INSNIKbbYpeUGXMo19F5PMTFm1kxasxKUPt6GlKQKuS79qgZccqo2MHKMDRJlRi
LBvhKo73rXBOmFPXWNEAgjyMzMV2+UdO2JJSMTLKEaGihxhvx6QjnWk/p0NXTw+M
Ag1/gM++saMS6KozXortRJMzQnv14LNsG7S6tbIk7PZ76nOk2LGzwPyGPZxej5CI
FVG98pC2te8CH34ZyWO/EpZjnIMo0bGCKU6XCm71MYRkIw8ZXJTuJHqki9xQk2Oz
WiHgE/2Lms45IbtXKPro+sVbBzfJ4VII8T1K/t6AVBUmAB35ANaLwQ==
=loXj
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list