False Decrypt Error...

Eric Robinson ewrobinson at fedex.com
Tue Jun 13 20:40:51 CEST 2006

Hello David,
Thanks so much for responding...

We have switched from PGP to GPG and we have some of our customers are still using PGP, 

¨PGPÁÀNŠˆæ °  is the first part of the message.

What you said below is suspicous, I did notice a null value 00, hex 20 20, at the end of the file, I stripped it out and resubmitted it and it processed fine.

I will go on that assumption for now and edit these files that come in and fail.   If that's the case I'll get our development team towrite a program to strip these out automatically before decryption. 

Thanks for your time in this.

Eric Robinson
Business Application Advisor
FedEx Corporate Services
Internet Engineering & EC Integration

-----Original Message-----
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw
Sent: Tuesday, June 13, 2006 12:52 PM
To: gnupg-users at gnupg.org
Subject: Re: False Decrypt Error...

On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote:
> Is anyone familiar with the following error?
> Standard Error: gpg: WARNING: unsafe permissions on homedir
> "/opt/fxnet/gpg"gpg: WARNING: using insecure memory!gpg: please see 
> http://www.gnupg.org/faq.html for more informationgpg: encrypted with 
> 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 "entsys (FedExNet 
> GPG Key) "gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING:
> message was not integrity protected
> My tech guy says it has nothing to do with the 'WARNING: using 
> insecure memory!' message, but it is the 'WARNING: message was not 
> integrity protected' message....i have checked the FAQ's and found 
> some info on the insecure memory that he says isn't the issue...

You've got a bunch of warnings here.  Let's take them one at a time:

> gpg: WARNING: unsafe permissions on homedir "/opt/fxnet/gpg"

Just what it says: the directory /opt/fxnet/gpg is writable by someone other than you.  It's a good idea for you to fix it, but it isn't the cause of your problem.

> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information

GPG tries to lock a small amount of memory so you can't accidentally swap a passphrase out to disk.  Depending on how you are using GPG, this may not be significant to you.  Either way, it's not the cause of your problem.

> gpg: WARNING: message was not integrity protected

This means that there is no integrity protection packet on the message.  There is a very difficult attack against the old PGP message format that the integrity protected format combats.  This isn't the cause of your problem either.

> gpg: [don't know]: invalid packet (ctb=2f)

THIS is your problem.  GPG found garbage in the message that could not be parsed.  Since you say the message was decrypted correctly before the garbage was found, it's likely the garbage is at the end.

Is this an armored (i.e. "--- BEGIN PGP MESSAGE ---") message or binary (not printable ASCII)?


Gnupg-users mailing list
Gnupg-users at gnupg.org

More information about the Gnupg-users mailing list