gpg bug decrypting conventionally encrypted messages

L. Sassaman rabbi at quickie.net
Thu Jan 11 17:57:56 CET 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Jan 2001, Ian Goldberg wrote:

> Len (sitting next to me) claims you're not following section 5.7 of
> RFC 2440bis-0.2.

Specifically the last sentence below:

   The symmetric cipher used may be specified in an Public-Key or
   Symmetric-Key Encrypted Session Key packet that precedes the
   Symmetrically Encrypted Data Packet.  In that case, the cipher
   algorithm octet is prefixed to the session key before it is
   encrypted.  If no packets of these types precede the encrypted data,
   the IDEA algorithm is used with the session key calculated as the
   MD5 hash of the passphrase.

PGP is omitting the version 4 packet information, so that it can be
backwards compatable with 2.6, I suspect. GnuPG doesn't know how to handle
this case, and is trying to decrypt with Blowfish since Blowfish is the
default GnuPG cipher.

When you explicitly tell gpg what it is getting, by doing "gpg
- --cipher-algo idea --digest-algo md5 --decrypt filename" it works fine.
(But obviously we can't expect the users to know this.) Correct behavior
would be to assume IDEA and MD5 are implicit if nothing is defined.


- --Len.

__

L. Sassaman

Security Architect             |  "The world's gone crazy,
Technology Consultant          |   and it makes no sense..."
                               |
http://sion.quickie.net        |                   --Sting


-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE6XmSyPYrxsgmsCmoRAlWQAKCTca7C4VxP27ppOdptraY9mJsMdQCeM08t
IwzDZerZ+BJv8iw3hVpLt9s=
=IGz4
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list