libgcrypt and decrypting Session Key of Symmetrically Encrypted Messages

Okhin okhin at okhin.fr
Wed Jan 20 16:05:40 CET 2016 

Hello list,

I'm currently working on a library to be able to encrypt/decrypt data
server side in python. I've already binded (using python cffi) the
libgcrypt code (code is available on https://git.okhin.fr/?p=okhin/pygc
rypt.git).

I can decrypt messages Symmetrically Encrypted (tag 9 or 18 according
to RFC4880), I can also symmetrically encrypt and decrypt random bytes
of text using the libgcrypt function :

gcry_error_t gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t data,
gcry_sexp_t skey)

(from the online documentation: https://www.gnupg.org/documentation/man
uals/gcrypt/Cryptographic-Functions.html#Cryptographic-Functions).

I'm using GnuPG 2.1.0 and libgcrypt 1.6.4.

My issue is that, when I try to decrypt the public key encrypted essage
(message_ok.asc attached, private_key_ok.asc attached, protected with
passphrase 'passphrase') I cannot manage to extract the session key
from the packet tagged 1.

I can extract the session key from teh command line
$ gpg --show-session-key testdata/message_ok.asc 
gpg: encrypted with 2048-bit RSA key, ID 0x0162F5906FA9F361, created
2015-11-10
      "test at example.com"
gpg: session key:
'9:83DBAB3308B34C1A0ABB6B0C086EF822E3ECC52AAC5A8F17EE69EF2317617A01'

But I cannot extract it from the code. If I'm reading the RFC4880
correctly, the session key is EME PKC1 v1.5 encoded. So it should start
with a 0x00 and followed by a 0x02 which is not. The decryption gave me
the following S-Expression, and I do not understand how to convert it
into a session-key.

(value
#00CDB5663396D77319CD6CD76A34A254946A88B6932808D4BA975984F3340364090BED
E92460288E162976113EB499A0C35B86C2F9560C7BCE201081E5A49CF434093D4304831
E1AA5EDB1D4F15C61ABD9615F707E6BE694C1E7E9D764514900A8AC47575566BBE8205F
D885E5146164BD04D77F1D1EC2F2BF4F1B5AD5A55E75A44911941097CF8AEC5C28FB4F9
DD2647DA60C59317601F3832DD845E51F06EB7753C0C1449E32E164B339182261613070
3F21E09979D0CE270B6684DF510064427B101D19AC820B3363E784F238A7A0C5AF787A6
3B060DE74C77F243C770E05704941185D26E63464AFD6F10DD751CDF1F7429A614DD0A1
E91173E0C83CE08646#)

The gcry_pk_encrypt is called with those two S-Expression:
data = (enc-val 
 (flags)
 (rsa 
  (a
#1024BEF1B6A8EE811A0E8587E31CC993B07AD446A05EA3B03CDA22317835EBC32B8610
C7C9C8D034BA13744219F020379C9FA0FCE782C2BA5E91A52B18ADA21D101A4AF66D58E
840E6CBC7863FD701574FF447368E03421DF428653D9F5E391A539297AAC8DCDA27CCA2
6DBF8DF5942B501C52CE5BD3B161D96E8C79F687559B04055F2FC9E3F9FBABEC3B75AAB
1C62AE714977F44862860BC05B098FD9C7465B3197A27CBC36F23DC64D691E6CA4A9E76
28FE73C78B3022DAA91876CFFC8F2F124D4056AD9A866FADCF98754F94D361510BF352A
EE8929F9118DAB0B830DCB1A3252B14EADB3EBCEF2FB909F73418E4A83CD61A98627D58
E2F53569B20C53D0#)
  )
 )

skey =  (private-key 
 (rsa 
  (q
#F9F2DB0F0246757FDB453A2368F208C23DC8560448B009A3A84A2C25692F881790B1E0
E0CBB2B83F99C5AAA21577FF8675ABFA19BA74F542274695F2C4D096598CA74E4F1F50F
410221FA7D63B57082D2BB4797ECFA5DBB65B032320F02BD192337DD1BE8E3518FCADF2
A859D91DA50E1753AA6E40D538B4E233228DD86AE6D1#)
  (n
#F142B7BFB87F2E4FF33DFCCA59CD644E05B88B322B2BDBBD51DC7B9374D465253DBCE4
1DF53AA023CA2B8ECBE5A4D209329FB34D3E2977F6EA4CB4B5C4948FE406DF76B9F28C4
468D155E14FF71284E55B0996A3851F7B5D56B7298402169CD612A687F291617D1F7D03
5D4D29AA0157B7497B09462DD8B99FB0083C636F734551AA9C1F7B2CCB6A97A93502EA8
5706EE5742B0BC8CD4085E856C14C4F85D228FD42EFC9DC3C523CEAE17EC0FDA2E79CE9
03B86EDB122F07E4A9EAB0FD34CE208DFF54A4C27728690DAEFCA4175F0E8C1244885F8
28A4F26678EF766F09605AD0C281A94DEF01371DEFFA934893A439D375545BB7EF99CA8
7C35011F74BCB1EF#)
  (d
#2DCAA303B1A9FA0954BAC43B47F632FE981961DA20D58F3C8CC81370767145CD5EBD76
72B533EE673C9D2DDA4779142088CA4506F93077C396CEFE51ADC120DA7FEF74227105E
C8A14897F5D6520CFB694A3EA429926D38C70C40D0E3033488B5D38DC7ECED7391F7BE3
E2969DBCD5CA67507C18D3882A257948B917752C172D87AE08D879FF178A501ECE34C72
2459F0F6D99C986B0CEAACFABCC99AB2669394CB6C4C4B9116FD70FBC49BC991A465D41
C4DEE763B9BF5F77A7DCC1E7B7303789C692C9666944483C4732FFEFED2E828B717A165
112615EC880B616DFD5C75269563951DFE9C6580BC3B9B83E138B1C615A17089308C5FA
85C0C4CF07B17AA1#)
  (p
#F71A03D11678F087864D7FDA10E056F4CF16F82D95C203DF6C7840FD2AF359FB91A6B2
ED24945DF2364E4837A0976AE8148167AEFD3BCBBEB8A5D16207E1A8317D12344FCF186
6BD0D920586877C071E02F154B61D5732C5467309C540826C68B58AB8A0C7E5F7306E1E
1DC53A0BD7ABDDCA129D081C8203743C788E4429BCBF#)
  (u
#0F68FEC7E73657FB4456A7CBF4110D845FD6CACD1783F330F149D0BDF877AFA620A9E6
3D322CB482056EA788D3D3135D58C3C120A1FA25B30CF556040DF538D90621889E5065B
1EC8D2621B99A4BC0AEE325E164894FFAEC442E864361418774620BA85D6575AA7E2DAF
4B197BF83F8AE1FA6EA4C9F9FA77FF34CDF30785E3BF#)
  (e #010001#)
  )
 )

I'm attaching the armored message and private_key (passphrase
protected, passphrase is: 'passphrase' wthout quotes).

I suspect there's an issue with my data S-expression, I'm perhap's
missing some parameters here …

Thanks for your patience and help,

Regards
Okhin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: message_ok.asc
Type: application/pgp-encrypted
Size: 608 bytes
Desc: not available
URL: </pipermail/attachments/20160120/7da1f70e/attachment.pgp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: private_key_block_ok.asc
Type: application/pgp-keys
Size: 3569 bytes
Desc: not available
URL: </pipermail/attachments/20160120/7da1f70e/attachment.key>

More information about the Gnupg-users mailing list