Non-deterministic behavior using GnuPG and a smart-card

Dr. Basil Becker basil at basilbecker.de
Wed Feb 8 22:20:56 CET 2017


Hello,

Peter, thanks for the clarification. I understand your point ;)

On 08.02.2017 20:05, Peter Lebbing wrote:
> Hello,
> 
>> I wrote about the problem in more detail at launchpad.net 
>> https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490
> 
> I think it is appreciated if you actually describe the problem on the
> mailing list itself rather than only linking to a website.
> 
I'm having a setup consisting of a main key, and three sub-keys for
encryption, authorization and signature. The three sub-keys are stored
on  a Yubikey 4 smart-card.

Authentication and signatures work like a charme. I'm only having
problems concerning the decryption of mails I received. I'm using
thunderbird together with enigmail to read my mails, but as the problem
also occurrs at the CLI, I assume that enigmail is not part of the puzzle.

Well, some messages could be successfully decrypted:
bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message.txt
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v2
# off=0 ctb=85 tag=1 hlen=3 plen=400
:pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
	data: [3103 bits]
gpg: public key is 0xDBC1D85BA9D1D189
gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
0x8501968486DF0281
gpg: public key encrypted data: good DEK
# off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
	length: unknown
	mdc_method: 2
gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
0x8501968486DF0281
gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
2017-01-10
      "Dr. Basil Becker <basil at basilbecker.de>"
gpg: AES256 encrypted data
# off=424 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=2
# off=426 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb
:literal data packet:
	mode b (62), created 1486478293, name="",
	raw data: unknown length
gpg: original file name=''
gpg: decryption okay


Some messages, however, fail to decrypt:
bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message-fail.txt
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v2
# off=0 ctb=85 tag=1 hlen=3 plen=400
:pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
	data: [3104 bits]
gpg: public key is 0xDBC1D85BA9D1D189
gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
0x8501968486DF0281
# off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
	length: unknown
	mdc_method: 2
gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
0x8501968486DF0281
gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
2017-01-10
      "Dr. Basil Becker <basil at basilbecker.de>"
gpg: public key decryption failed: Hardware problem
gpg: decryption failed: No secret key

The only difference I see, is that the pubkey data is 3103 bits vs 3104
bits. Unfortunately, I have no idea, whether this is a meaningful
difference and if this

If anyone could help me identifying what my problem is or even to solve
it, I'd appreciate it :) If you need any additional information or
dedicated log-output, I'm happy to provide it.

Cheers,
Basil


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 634 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170208/64465ef9/attachment.sig>


More information about the Gnupg-users mailing list