Cannot decrypt file encrypted with enQsig
Felix E. Klee
felix.klee at inka.de
Thu Aug 2 11:07:12 CEST 2018
Hi Dirk,
thanks for all your suggestions!
If I can, I want to avoid creating another key. I prefer getting the
issue resolved and have bugs reported/fixed along the way. I had it once
before that I could not decrypt a document encrypted by a big German
company with my private key. These enterprise “solutions” seem to have
issues.
On Mon, Jul 30, 2018 at 5:14 PM, Dirk Gottschalk via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> The last packet mentions your signature key as used for encryption,
> this is an error for sure.
I now removed my signature key BEF6EFD38FE8DCA0 from the encrypted
message:
$ gpg --dearmor encrypted.asc
$ gpgsplit encrypted.asc.gpg
$ ls -1
000001-001.pk_enc
000002-001.pk_enc
000003-001.pk_enc
000004-001.pk_enc
000005-018.encrypted_mdc
encrypted.asc
encrypted.asc.gpg
$ pgpdump 000001-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0xBEF6EFD38FE8DCA0
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4096 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 000002-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x04FDF78D1679DD94
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4095 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 000003-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x92663E7CA68E4EC6
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4096 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 000004-001.pk_enc
New: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
New version(3)
Key ID - 0x9D8C454A43A6D2DE
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(4094 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1
block type 02
$ pgpdump 000005-018.encrypted_mdc
New: Symmetrically Encrypted and MDC Packet(tag 18)(1718 bytes)
Ver 1
(plain text + MDC SHA1(20 bytes))
$ cat 000002-001.pk_enc 000003-001.pk_enc 000004-001.pk_enc \
000005-018.encrypted_mdc >new.gpg
Decryption still fails:
$ gpg -d new.gpg
gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE
gpg: encrypted with RSA key, ID 92663E7CA68E4EC6
gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created
2016-12-17
"Felix E. Klee <felix.klee at inka.de>"
gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key
$ gpg --list-packets new.gpg
gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE
gpg: encrypted with RSA key, ID 92663E7CA68E4EC6
gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94, created
2016-12-17
"Felix E. Klee <felix.klee at inka.de>"
gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key
# off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94
data: [4095 bits]
# off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6
data: [4096 bits]
# off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE
data: [4094 bits]
# off=1581 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb
:encrypted data packet:
length: 1718
mdc_method: 2
As before, the reason given for “public key decryption failed” depends
on the card reader used:
* SCM SPR332 v2: “Missing item in object”
* Cherry ST-2000: “Invalid value”
* REINER SCT cyberJack: “Missing item in object”
It seems like the card reader cannot decrypt the session key. *Is that correct?*
I also tried removing all keys except for my encryption key
04FDF78D1679DD94. This does not make a difference, i.e. encryption fails
as above.
/ Felix
More information about the Gnupg-users
mailing list