gpgsm: decrypting session key failed: Invalid session key

Henning Schild henning.schild at siemens.com
Wed Jul 24 10:46:28 CEST 2019


Should i rather open an issue on https://dev.gnupg.org/. I think i read
somewhere that this list can be/is used for reporting bugs.

regards,
Henning

Am Thu, 18 Jul 2019 16:58:20 +0200
schrieb Henning Schild via Gnupg-devel <gnupg-devel at gnupg.org>:

> Hi,
> 
> this is a bug report email, at least i expect it is a bug.
> 
> An increasing amount of x509 encrypted email i receive can not be
> decrypted with gpgsm anymore. At first i assumed that the senders keys
> would be somehow different and trigger the bug in gpgsm. Later i found
> that it could also be their mail client, but whatever it is on the
> remote end i expect it to be a bug in gpgsm.
> The same files can be decrypted with openssl just fine.
> 
> Affected versions: gpgsm <= latest master (gnupg-2.2.7-609-g4195ce15f)
> Platform Linux: x86_64
> 
> Expected result:
> Mail can be decrypted and read.
> 
> Actual result:
> Decryption fails with "gpgsm: decrypting session key failed: Invalid
> session key"
> 
> Details: (from latest git build)
> $ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
> ...
> gpgsm: DBG: chan_5 -> PKDECRYPT
> gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
> gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
> gpgsm: DBG: chan_5 -> [ 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33 3a
> 72 ...(273 byte(s) skipped) ] gpgsm: DBG: chan_5 -> END
> Vim: Reading from stdin...
> gpgsm: DBG: chan_5 <- S PADDING 0
> gpgsm: DBG: chan_5 <- [ 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5 ff
> cd ...(31 byte(s) skipped) ] gpgsm: DBG: chan_5 <- OK
> gpgsm: DBG: pkcs1 encoded session key:
> e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
> gpgsm: decrypting session key failed: Invalid session key gpgsm:
> message decryption failed: Invalid session key <GpgSM>
> 
> 
> Hope that helps. I would be happy to provide more information. I have
> many of those _bad.p7m files.
> 
> regards,
> Henning
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel




More information about the Gnupg-devel mailing list