Crypto stick not working w/ gnupg 2.1.x?
albrecht.dress at arcor.de
Mon May 23 18:37:02 CEST 2016
Am 23.05.16 04:11 schrieb(en) NIIBE Yutaka:
> Since you wrote to the development list, I describe the internal of GnuPG. You don't need to read it, just go to [SKIP TO HERE].
Thanks a lot for the detailed explanation!
> This file is encrypted to anonymous recipient. So, GnuPG tries all secret keys available on your system if it can be decrypted by one.
The input was the application/pgp-encrypted (rfc3156) body of a email message, created using gpgme. Actually, 'gpg2 -vvv' says
:pubkey enc packet: version 3, algo 1, keyid 0000000000000000
data: [2047 bits]
which is strange as for encrypted messages created by other MUA's as well as for files encrypted on the command line I see the proper key id:
:pubkey enc packet: version 3, algo 1, keyid 633DAD43CB7A8400
data: [2047 bits]
The latter *can* be decrypted...
> In 2.1, gpg frontend enumerates possible secret keys by enum_secret_keys in g10/getkey.c, and for each secret key, it askes gpg-agent if a secret key can decrypt until it successes.
O.k., I see...
> What's your configuration of default-key and try-secret-key? It seems that it fails with a key specified by default-key or try-secret-key.
Neither default-key nor try-secret-key were set in gpg.conf. Adding default-key with the proper key ID, everything works fine...
I must admit that I have no idea why gpg(me) omitted the key id. Maybe because the offending message was encrypted with gpg 2.0, as I cannot reproduce the effect with 2.1.
Thanks a lot for your help,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 473 bytes
Desc: not available
More information about the Gnupg-devel