Crypto stick not working w/ gnupg 2.1.x?

Albrecht Dreß albrecht.dress at
Mon May 23 18:37:02 CEST 2016

Am 23.05.16 04:11 schrieb(en) NIIBE Yutaka:
> Since you wrote to the development list, I describe the internal of GnuPG.  You don't need to read it, just go to [SKIP TO HERE].

Thanks a lot for the detailed explanation!

> This file is encrypted to anonymous recipient.  So, GnuPG tries all secret keys available on your system if it can be decrypted by one.

The input was the application/pgp-encrypted (rfc3156) body of a email message, created using gpgme.  Actually, 'gpg2 -vvv' says

:pubkey enc packet: version 3, algo 1, keyid 0000000000000000
         data: [2047 bits]

which is strange as for encrypted messages created by other MUA's as well as for files encrypted on the command line I see the proper key id:

:pubkey enc packet: version 3, algo 1, keyid 633DAD43CB7A8400
         data: [2047 bits]

The latter *can* be decrypted...

> In 2.1, gpg frontend enumerates possible secret keys by enum_secret_keys in g10/getkey.c, and for each secret key, it askes gpg-agent if a secret key can decrypt until it successes.

O.k., I see...

> What's your configuration of default-key and try-secret-key?  It seems that it fails with a key specified by default-key or try-secret-key.

Neither default-key nor try-secret-key were set in gpg.conf.  Adding default-key with the proper key ID, everything works fine...

I must admit that I have no idea why gpg(me) omitted the key id.  Maybe because the offending message was encrypted with gpg 2.0, as I cannot reproduce the effect with 2.1.

Thanks a lot for your help,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: </pipermail/attachments/20160523/30b6fbaa/attachment.sig>

More information about the Gnupg-devel mailing list