gpg bug decrypting conventionally encrypted messages
Ian Goldberg
ian at zeroknowledge.com
Thu Jan 11 19:09:48 CET 2001
Here's hi.asc:
-----BEGIN PGP MESSAGE-----
Version: PGP 6.5.8
pCX4NJlVAIgtkN9mv3bi7YfwXJsg8xXxAwk548fO7eZ5VrDnBNgf
=1urB
-----END PGP MESSAGE-----
The passphrase is "foo". I made it with "pgp -ca hi" (the default way
to do things).
Here's what gpg does:
[pgp at janus pgp]$ gpg --version
gpg (GnuPG) 1.0.4
Copyright (C) 2000 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Cipher: IDEA, 3DES, CAST5, BLOWFISH, RIJNDAEL, RIJNDAEL192, RIJNDAEL256,
TWOFISHgpg: skipping pubkey 1: already loaded
gpg: skipping pubkey 2: already loaded
gpg: skipping pubkey 3: already loaded
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
[pgp at janus pgp]$ gpg -vv hi.asc
gpg: Warning: using insecure memory!
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: PGP 6.5.8
:encrypted data packet:
length: 37
gpg: loaded digest 3
gpg: /usr/lib/gnupg/rsa: RSA ($Revision: 1.8 $)
gpg: /usr/lib/gnupg/idea: IDEA ($Revision: 1.8 $)
gpg: BLOWFISH encrypted data
gpg: decryption failed: bad key
Note that it claims the message is encrypted with BLOWFISH (which is
incorrect). If you _tell_ gpg what cipher it is, it works:
[pgp at janus pgp]$ gpg --cipher-algo idea --digest-algo md5 --decrypt hi.asc
gpg: Warning: using insecure memory!
Hello, world
Len (sitting next to me) claims you're not following section 5.7 of
RFC 2440bis-0.2.
Thanks,
- Ian
More information about the Gnupg-devel
mailing list