bad encrypted session key (bug report?)

[Remi Guyomarch]

On Thu, Apr 15, 1999 at 03:23:43AM -0500, Mike Ashley wrote:
> Hi,
> 
> I have a keypair generated using GPG but am having trouble communicating
> with a PGP 6.0 user.  I'm able to duplicate the problem at will.
> 
> Assuming I am Bob and am communicating with Alice, here is the scenario.
> I encrypt a message to Alice and myself.  While I can decrypt the result,
> Alice cannot.  The error she gets from PGP 6.0 is "encrypted session
> key is bad".

I'm confirming. This behaviour depends on arguments order :

Example :
	user    cipher pref   key generator
        -----------------------------------
	Alice   3DES          PGP 6.x (?)
	Bob     Blowfish      GnuPG

~/src/gnupg/CVS $ gpg -v --encrypt -r Bob -r Alice < TODO > /dev/null
gpg: This key probably belongs to the owner
gpg: This key belongs to us
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: ELG-E/3DES encrypted for: xxxxxxxx Bob
gpg: ELG-E/3DES encrypted for: yyyyyyyy Alice

This one is OK, both PGP and GnuPG will decrypt it.

~/src/gnupg/CVS $ gpg -v --encrypt -r Alice -r Bob < TODO > /dev/null
gpg: This key belongs to us
gpg: This key probably belongs to the owner
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: ELG-E/BLOWFISH encrypted for: yyyyyyyy Alice
gpg: ELG-E/BLOWFISH encrypted for: xxxxxxxx Bob

Arg ! PGP 6.x doesn't know anything about Blowfish :-(

Even stranger : if Alice's key has CAST5 in its preference, the
message will always be encrypted with CAST5, no matter which recipient 
is the last on the command-line.

-- 
Rémi        <rguyom at mail.dotcom.fr> | Don't waste your computer's time :
    PGP-encrypt anything important: | http://www.distributed.net/
   www.gnupg.org - KeyID:0x85BD8B1B | http://www.distributed.net/source/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/19990416/d964d84b/attachment.bin