Strange problem with GnuPG 1.0.4 encrypted data

Bjarni R. Einarsson bre at klaki.net
Fri Oct 5 18:50:02 CEST 2001


Hello,

I have a system which GPG encrypts and signs files and mails them
from one machine to another, where they are automatically decrypted
and the signatures verified using a perl program.

Last night a file was transferred which appeared to have a valid
signature, but then couldn't be decrypted.  Gnupg sent the following
message to stderr:

gpg: Warning: using insecure memory!
gpg: encrypted with 1024-bit ELG-E key, ID FAFF94B3, created 2001-09-20 [snip]
gpg: Signature made Thu Oct  4 20:45:46 2001 GMT using DSA key ID 327144DC
gpg: Good signature from "[snip]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: B083 585B 8675 0058 5113  0F98 FA17 F199 3271 44DC
gpg: [don't know]: invalid packet (ctb=14)

The file was encrypted on a dual PIII 800Mhz machine using GnuPG 1.0.4 as
distributed with RedHat Linux 7.1.  I tried decrypting it both with GnuPG
1.0.4 and 1.0.6 (RH 7.1 update package), with the same results.

I haven't been able to reproduce this problem yet, but since I'm
creating and sending dozens of messages like this every day (usually
without any problems) I rather expect it to manifest itself again
sooner or later.

My question is whether any bugs were found in GnuPG 1.0.4 which could
cause this kind of bizarre failure, or whether I should start worrying
about hardware problems.

Also, am I correct in assuming that since the signature was OK, that
I can rule out any transmission errors as the cause of this and
focus on the creation of the encrypted file?

If you developers feel this is a bug and that it would help to examine
the file in question I have no problems sharing it and the necessary
keys with you - I'm currently just testing this setup and
regenerating my keys would be no big deal.

Please CC: any replies directly to me, as I'm not subscribe to this
list - and please forgive me if I overlooked a more appropriate
venue for this message.

Thanks!

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre at klaki.net                -><-              http://bre.klaki.net/

Check out my open-source email sanitizer: http://mailtools.anomy.net/




More information about the Gnupg-devel mailing list