Crypto stick not working w/ gnupg 2.1.x?

NIIBE Yutaka gniibe at fsij.org
Mon May 23 04:11:26 CEST 2016 

Hello,

Since you wrote to the development list, I describe the internal of
GnuPG.  You don't need to read it, just go to [SKIP TO HERE].

On 05/23/2016 02:46 AM, Albrecht Dreß wrote:
> <snip>
> $ gpg2 -d some-file.asc
> gpg: encrypted with RSA key, ID 00000000
> gpg: encrypted with RSA key, ID 00000000
> gpg: decryption failed: No secret key
> </snip>
> 
> whereas 2.0 says
> 
> <snip>
> gpg: anonymous recipient; trying secret key xxxxxxxx ...
> gpg: anonymous recipient; trying secret key xxxxxxxx ...
> gpg: anonymous recipient; trying secret key xxxxxxxx ...
> gpg: anonymous recipient; trying secret key xxxxxxxx ...
> gpg: okay, we are the anonymous recipient.
> gpg: encrypted with RSA key, ID 00000000
> gpg: encrypted with RSA key, ID 00000000
> </snip>

This file is encrypted to anonymous recipient.  So, GnuPG tries all
secret keys available on your system if it can be decrypted by one.

In 1.4 and 2.0, secret key is under control of gpg frontend.  On the
other hand, it is under control of gpg-agent in 2.1.

In 2.1, gpg frontend enumerates possible secret keys by
enum_secret_keys in g10/getkey.c, and for each secret key, it askes
gpg-agent if a secret key can decrypt until it successes.

When gpg frontend askes gpg-agent, it uses KEYGRIP as an identifier of
key.

[SKIP TO HERE]


> gpg: error computing keygrip

This means that gpg frontend (2.1) failed to compute the KEYGRIP.

So, I think that it is not directly related to your device.

What's your configuration of default-key and try-secret-key?  It seems
that it fails with a key specified by default-key or try-secret-key.

Is it the key specified is the one on your device?  If not, some
operation with default-key work in GnuPG 2.1?

What you can see when you do: gpg2 --list-public-key <YOUR-DEFAULT-KEY> ?


> Any idea ho I can fix this?

Please test if an encrypted file to a specific recipient (not to
anonymous) can be decrypted by your device.
--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160523/f56afd21/attachment.sig>

More information about the Gnupg-devel mailing list