False Decrypt Error...

David Shaw dshaw at jabberwocky.com
Tue Jun 13 19:52:08 CEST 2006


On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote:
> Is anyone familiar with the following error?
> 
> Standard Error: gpg: WARNING: unsafe permissions on homedir
> "/opt/fxnet/gpg"gpg: WARNING: using insecure memory!gpg: please see
> http://www.gnupg.org/faq.html for more informationgpg: encrypted with
> 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 "entsys (FedExNet
> GPG Key) "gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING:
> message was not integrity protected  
> 
> My tech guy says it has nothing to do with the 'WARNING: using insecure
> memory!' message, but it is the 'WARNING: message was not integrity
> protected' message....i have checked the FAQ's and found some info on
> the insecure memory that he says isn't the issue...

You've got a bunch of warnings here.  Let's take them one at a time:

> gpg: WARNING: unsafe permissions on homedir "/opt/fxnet/gpg"

Just what it says: the directory /opt/fxnet/gpg is writable by someone
other than you.  It's a good idea for you to fix it, but it isn't the
cause of your problem.

> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information

GPG tries to lock a small amount of memory so you can't accidentally
swap a passphrase out to disk.  Depending on how you are using GPG,
this may not be significant to you.  Either way, it's not the cause of
your problem.

> gpg: WARNING: message was not integrity protected

This means that there is no integrity protection packet on the
message.  There is a very difficult attack against the old PGP message
format that the integrity protected format combats.  This isn't the
cause of your problem either.

> gpg: [don't know]: invalid packet (ctb=2f)

THIS is your problem.  GPG found garbage in the message that could not
be parsed.  Since you say the message was decrypted correctly before
the garbage was found, it's likely the garbage is at the end.

Is this an armored (i.e. "--- BEGIN PGP MESSAGE ---") message or
binary (not printable ASCII)?

David



More information about the Gnupg-users mailing list