decrypt : primary key or subkey ?

Bruno Costacurta pubmb01 at skynet.be
Thu Jun 7 08:44:51 CEST 2007 

On Wednesday 06 June 2007 18:56:20 Charly Avital wrote:
> Bruno Costacurta wrote the following on 6/6/07 5:23 PM:
> > Hello,
> > I'm not able to decrpyt message as I received hereafter message about
> > using subkey instead of primary key.
>
> This is your public key, as I have just downloaded it from the servers:
> ----------
> pub  1024D/2E604D51  created: 2006-06-11  expires: never       usage: SC
>                      trust: unknown       validity: unknown
> sub  2048g/0CC897B5  created: 2006-06-11  expires: never       usage: E
> [ unknown] (1). Bruno Costacurta <bruno at costacurta.org>
> [ revoked] (2)  pubmb01 <pubmb01 at skynet.be>
> [ revoked] (3)  pubmb02 <pubmb02 at skynet.be>
> [ revoked] (4)  Bruno Costacurta <cob1 at biz.tiscali.be>
> [ unknown] (5)  Bruno Costacurta <pubmb01 at skynet.be>
> [ unknown] (6)  Bruno Costacurta <contract at costacurta.org>
> ----------
>
> > Is this correct ? Could it be the problem relies on the usage of this
> > subkey ? If yes, how to manage my keyring regarding this
> > subkey (which is obviously used for en/decrypting not for signing) to be
> > able to decrypt ?
>
> As you can see, your primary key 1024D/2E604D51 is used for SC (Sign,
> Certify).
> The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for
> decrypting.
>
> For decrypting you use your secret key (copy/paste of your own
> prompt/output):
> /home/bruno: gpg --list-secret-keys 0x2e604D51
> sec   1024D/2E604D51 2006-06-11
>
> The message "...using subkey...instead of primary key..." is exactly as
> it should be, as pointed out by dave.smith at st.com in this forum.
>
> The secret key required for decryption is reported to be where it should
> be.
>
> The problem might be with the encryption process used by the sender of
> that message.
>
> > gpg -v -v --decrypt msg.asc
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
> >
> > :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5
> >
> >         data: [2048 bits]
> >         data: [2048 bits]
> > gpg: public key is 0CC897B5
> >
> > :encrypted data packet:
> >
> >         length: unknown
>
> I am not sure this 'length: unknown' is as it should be. I have carried
> out a few tests with encrypted messages, and there is always a value
> after 'length: ..... As I pointed out above, *maybe* there is some
> problem with the encryption process used by the sender of the message
> you have not been able to decrypt.
>
> >         mdc_method: 2
> > gpg: using subkey 0CC897B5 instead of primary key 2E604D51
> > gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
> >       "Bruno Costacurta <bruno at costacurta.org>"
> > gpg: decryption failed: secret key not available
>
> I am sending you, separately, a encrypted test message, please let me
> know if you can decrypt it.
Hello Charly,
thanks for your attention and help

Unfortunately I cannot decrypt your test message : 
gpg --decrypt charly.asc
gpg: encrypted with 2048-bit ELG-E key, ID CE3A0945, created 2002-02-11
      "Charly Avital (GnuPG) <shavital at mac.com>"
gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
      "Bruno Costacurta <bruno at costacurta.org>"
gpg: decryption failed: secret key not available

Is there a way to modify subkey attributes, eg.  adding decryption 
capabilities. If not, can I'll create a new subket with correct attributes. 

Considering I (probably) already lost (mean: cannot decypt) received encrypted 
message but will be able to use future messages encrypted with the new 
correct subkey.

Bye,
Bruno

>
> Charly
> MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
PGP key ID: 0x2e604d51
Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html
Key fingerprint = 713F 7956 9441 7DEF 58ED  1951 7E07 569B 2E60 4D51
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20070607/275fd59e/attachment.pgp

More information about the Gnupg-users mailing list