decrypt : primary key or subkey ?
pubmb01 at skynet.be
Thu Jun 7 08:44:51 CEST 2007
On Wednesday 06 June 2007 18:56:20 Charly Avital wrote:
> Bruno Costacurta wrote the following on 6/6/07 5:23 PM:
> > Hello,
> > I'm not able to decrpyt message as I received hereafter message about
> > using subkey instead of primary key.
> This is your public key, as I have just downloaded it from the servers:
> pub 1024D/2E604D51 created: 2006-06-11 expires: never usage: SC
> trust: unknown validity: unknown
> sub 2048g/0CC897B5 created: 2006-06-11 expires: never usage: E
> [ unknown] (1). Bruno Costacurta <bruno at costacurta.org>
> [ revoked] (2) pubmb01 <pubmb01 at skynet.be>
> [ revoked] (3) pubmb02 <pubmb02 at skynet.be>
> [ revoked] (4) Bruno Costacurta <cob1 at biz.tiscali.be>
> [ unknown] (5) Bruno Costacurta <pubmb01 at skynet.be>
> [ unknown] (6) Bruno Costacurta <contract at costacurta.org>
> > Is this correct ? Could it be the problem relies on the usage of this
> > subkey ? If yes, how to manage my keyring regarding this
> > subkey (which is obviously used for en/decrypting not for signing) to be
> > able to decrypt ?
> As you can see, your primary key 1024D/2E604D51 is used for SC (Sign,
> The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for
> For decrypting you use your secret key (copy/paste of your own
> /home/bruno: gpg --list-secret-keys 0x2e604D51
> sec 1024D/2E604D51 2006-06-11
> The message "...using subkey...instead of primary key..." is exactly as
> it should be, as pointed out by dave.smith at st.com in this forum.
> The secret key required for decryption is reported to be where it should
> The problem might be with the encryption process used by the sender of
> that message.
> > gpg -v -v --decrypt msg.asc
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
> > :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5
> > data: [2048 bits]
> > data: [2048 bits]
> > gpg: public key is 0CC897B5
> > :encrypted data packet:
> > length: unknown
> I am not sure this 'length: unknown' is as it should be. I have carried
> out a few tests with encrypted messages, and there is always a value
> after 'length: ..... As I pointed out above, *maybe* there is some
> problem with the encryption process used by the sender of the message
> you have not been able to decrypt.
> > mdc_method: 2
> > gpg: using subkey 0CC897B5 instead of primary key 2E604D51
> > gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
> > "Bruno Costacurta <bruno at costacurta.org>"
> > gpg: decryption failed: secret key not available
> I am sending you, separately, a encrypted test message, please let me
> know if you can decrypt it.
thanks for your attention and help
Unfortunately I cannot decrypt your test message :
gpg --decrypt charly.asc
gpg: encrypted with 2048-bit ELG-E key, ID CE3A0945, created 2002-02-11
"Charly Avital (GnuPG) <shavital at mac.com>"
gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
"Bruno Costacurta <bruno at costacurta.org>"
gpg: decryption failed: secret key not available
Is there a way to modify subkey attributes, eg. adding decryption
capabilities. If not, can I'll create a new subket with correct attributes.
Considering I (probably) already lost (mean: cannot decypt) received encrypted
message but will be able to use future messages encrypted with the new
> MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
PGP key ID: 0x2e604d51
Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html
Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20070607/275fd59e/attachment.pgp
More information about the Gnupg-users