Unusual (unintended?) behavor upon decryption of a message

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Nov 19 18:14:31 CET 2013 

On Tuesday, November 19, 2013 at 3:51 AM, fuzzykitties at riseup.net wrote:
>
>Upon decryption of the attached message, the program requests a new
>passphrase. Then after any arbitrary string is entered (or 
>nothing),
>decryption of the message fails. It does not matter if any private 
>keys
>are held in gnupg (including the key of the intended recipient).
>
>Here is the message in question. How is this possible?

===== 

As Peter answered, this is message encrypted both to a Public Key and also symmetrically to a passphrase only.

If, after gnupg asks for the message, any string other than the correct passphrase is entered,
then there will be an error message.
(The interesting part is that the error message changes with the string used as a passphrase.)

Here is my recreation of this type of encrypted message, both to my public key, and conventionally, to only a passphrase, using the following command:

V:\gnupg>gpg -a -c -e -r D35FB186 e:\de1.txt

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.15 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul

hQIMA1BvT6HTX7GGAQ//Wi164/mZry2Iwe87izC/lNKfaKswBHMuon5oBDoAa1lm
RkcA7Ohv4ahAW7DZh6ugsiNOZogmcNx02BTalAeGzt1INwvM1D3dXraC+wRHE/39
tgx7DsLDK8gbwtTja2iFhbWSsh/Bpxyt8+37wy6eS6NYiWRFsbi7unxbKkfNQtRg
WQufOhYcSY2SytW6xPxC0Va/CTSYI8++RHOWeZRLVW89irv48U60vZQOHx1xQ3JB
3Hq5PsJeMAmBXr/W6b7ivYWlExrxMdiF8AeuGsxOzarViAzYUYP/cd7M1HI4gpYK
DtQ4ZIT+x6BWQmibBIh5y2R0ZoGJLEHSsS6vMV5oXiB5w8wTMFUWj0HKFlb8nPgH
fGR7B2E6RPVJ8VFOhOhLkeOf7vJc4FtAQCUvEznViqhgrsJa+is7pcBmF2/ny78f
N9rYKHGQdDXyu4WOOz+gecdDq6H7SwFaqe0hGs0bDx/8FH4/9q4wHIr7K+rYvGOY
hGwetUgNdPTafkTdXCUoaPlGxG3tObfUc4UtP+v+FyHDfkJ9pwHits5PO4Pzr+kE
71ogzObe127cr2Tw2VJiyieAWHhTR59T2pXWIfbzmA1+e+yMHUdaV1XgyzQwBGlG
bbi5MsAcKdprN8SgeSTRB/1Vd9Rrr4iRkYoNuPTIUCEhf1o6xdOXpBJjL6JPX3uM
LgQKAwhNVbIC8B7iZ2CA8sUfrvT1/XNrk63FLcMeB+SENdrto5kqyeMUUj3xLKTS
RwHyCW71fhEfZoi6Qe/t0+OelLVRjsv5OmIrstTovMCFDpm7T8dFLbMgv2sMi48Y
7gEyEa0b3m1oOzXQIVAlU3Cn0TRicSMy
=AwHd
-----END PGP MESSAGE-----

(the passphrase is: sss)

Here is what gnupg  does when I enter the wrong passphrase for my key, but the correct one for the symmetrically encrypted part:

V:\gnupg>gpg --list-packets e:\det1.txt.asc

gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v1.4.15 (MingW32)
gpg: armor header: Comment: Acts of Kindness better the World, and protect the S
oul
:pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186
        data: [4095 bits]
gpg: public key is D35FB186

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

:symkey enc packet: version 4, cipher 10, s2k 3, hash 8, seskey 256 bits
        salt 4d55b202f01ee267, count 65536 (96)
gpg: TWOFISH encrypted session key
:encrypted data packet:
        length: 71
        mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22
      "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
gpg: public key decryption failed: bad passphrase

:symkey enc packet: version 4, cipher 10, s2k 3, hash 8, seskey 256 bits
        salt 4d55b202f01ee267, count 65536 (96)
gpg: TWOFISH encrypted session key
Enter passphrase:


gpg: TWOFISH encrypted data
:compressed packet: algo=1
:literal data packet:
        mode b (62), created 1384876034, name="de1.txt",
        raw data: 11 bytes
gpg: decryption okay
gpg: session key: `10:549F3BBBA12DD79C0019854AED854964931A9C2349870785130B0E863F
C4C3F0'


Now, here is what gnupg does when the 'incorrect' passphrase is given for the symmetric part:

V:\gnupg>gpg e:\de1.txt.asc

gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v1.4.15 (MingW32)
gpg: armor header: Comment: Acts of Kindness better the World, and protect the S
oul
:pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186
        data: [4095 bits]
gpg: public key is D35FB186

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

gpg: Invalid passphrase; please try again ...

You need a passphrase to unlock the secret key for
user: "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"
4096-bit RSA key, ID D35FB186, created 2008-01-22

:symkey enc packet: version 4, cipher 10, s2k 3, hash 8, seskey 256 bits
        salt 4d55b202f01ee267, count 65536 (96)
gpg: TWOFISH encrypted session key
:encrypted data packet:
        length: 71
        mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22
      "vedaal nistar (previous addresses were spam flooded) <vedaal at nym.hush.com
>"

:symkey enc packet: version 4, cipher 10, s2k 3, hash 8, seskey 256 bits
        salt 4d55b202f01ee267, count 65536 (96)
gpg: TWOFISH encrypted session key
Enter passphrase:

gpg: public key decryption failed: bad passphrase
gpg: encrypted with unknown algorithm 163
gpg: decryption failed: unknown cipher algorithm

(the passphrase used was: 12345)


Now here is the last part of the error message when a 'different incorrect' passphrase ( boo)  is used:

gpg: public key decryption failed: bad passphrase
gpg: encrypted with unknown algorithm 231
gpg: decryption failed: unknown cipher algorithm


Why does gnupg give these types of error message, as opposed to simply stating  'decryption failed: bad passphrase' ??

What kind of relationship is there between the number listed for the 'unknown algorithm' and the passphrase string that was given,
and might this be used in any way to try attack gnupg by determining the length of the passphrase or the correctness of any character in the string ?


vedaal

More information about the Gnupg-users mailing list