decrypt : primary key or subkey ?
shavital at mac.com
Wed Jun 6 18:56:20 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Bruno Costacurta wrote the following on 6/6/07 5:23 PM:
> I'm not able to decrpyt message as I received hereafter message about using
> subkey instead of primary key.
This is your public key, as I have just downloaded it from the servers:
pub 1024D/2E604D51 created: 2006-06-11 expires: never usage: SC
trust: unknown validity: unknown
sub 2048g/0CC897B5 created: 2006-06-11 expires: never usage: E
[ unknown] (1). Bruno Costacurta <bruno at costacurta.org>
[ revoked] (2) pubmb01 <pubmb01 at skynet.be>
[ revoked] (3) pubmb02 <pubmb02 at skynet.be>
[ revoked] (4) Bruno Costacurta <cob1 at biz.tiscali.be>
[ unknown] (5) Bruno Costacurta <pubmb01 at skynet.be>
[ unknown] (6) Bruno Costacurta <contract at costacurta.org>
> Is this correct ? Could it be the problem relies on the usage of this subkey ?
> If yes, how to manage my keyring regarding this
> subkey (which is obviously used for en/decrypting not for signing) to be able
> to decrypt ?
As you can see, your primary key 1024D/2E604D51 is used for SC (Sign,
The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for
For decrypting you use your secret key (copy/paste of your own
/home/bruno: gpg --list-secret-keys 0x2e604D51
sec 1024D/2E604D51 2006-06-11
The message "...using subkey...instead of primary key..." is exactly as
it should be, as pointed out by dave.smith at st.com in this forum.
The secret key required for decryption is reported to be where it should be.
The problem might be with the encryption process used by the sender of
> gpg -v -v --decrypt msg.asc
> gpg: armor: BEGIN PGP MESSAGE
> gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
> :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5
> data: [2048 bits]
> data: [2048 bits]
> gpg: public key is 0CC897B5
> :encrypted data packet:
> length: unknown
I am not sure this 'length: unknown' is as it should be. I have carried
out a few tests with encrypted messages, and there is always a value
after 'length: ..... As I pointed out above, *maybe* there is some
problem with the encryption process used by the sender of the message
you have not been able to decrypt.
> mdc_method: 2
> gpg: using subkey 0CC897B5 instead of primary key 2E604D51
> gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
> "Bruno Costacurta <bruno at costacurta.org>"
> gpg: decryption failed: secret key not available
I am sending you, separately, a encrypted test message, please let me
know if you can decrypt it.
MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users