Non-deterministic behavior using GnuPG and a smart-card

Dr. Basil Becker basil at basilbecker.de
Wed Feb 8 23:06:28 CET 2017



On 08.02.2017 23:03, Adam Sherman wrote:
> Is it always the same files that aren't decrypting, or is it truly random?
> 
Yes, if I'm able to decrypt a mail, I'm always able to it. Unfortunately
this holds also true for those mails, I can't decrypt.

I should also add, that I don't have any problems, when I read the mails
on my smartphone using K9 and Openkeychain.


> On Wed, Feb 8, 2017 at 16:22 Dr. Basil Becker <basil at basilbecker.de
> <mailto:basil at basilbecker.de>> wrote:
> 
>     Hello,
> 
>     Peter, thanks for the clarification. I understand your point ;)
> 
>     On 08.02.2017 20:05, Peter Lebbing wrote:
>     > Hello,
>     >
>     >> I wrote about the problem in more detail at launchpad.net
>     <http://launchpad.net>
>     >> https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490
>     >
>     > I think it is appreciated if you actually describe the problem on the
>     > mailing list itself rather than only linking to a website.
>     >
>     I'm having a setup consisting of a main key, and three sub-keys for
>     encryption, authorization and signature. The three sub-keys are stored
>     on  a Yubikey 4 smart-card.
> 
>     Authentication and signatures work like a charme. I'm only having
>     problems concerning the decryption of mails I received. I'm using
>     thunderbird together with enigmail to read my mails, but as the problem
>     also occurrs at the CLI, I assume that enigmail is not part of the
>     puzzle.
> 
>     Well, some messages could be successfully decrypted:
>     bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message.txt
>     gpg: armor: BEGIN PGP MESSAGE
>     gpg: armor header: Version: GnuPG v2
>     # off=0 ctb=85 tag=1 hlen=3 plen=400
>     :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
>             data: [3103 bits]
>     gpg: public key is 0xDBC1D85BA9D1D189
>     gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
>     0x8501968486DF0281
>     gpg: public key encrypted data: good DEK
>     # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
>     :encrypted data packet:
>             length: unknown
>             mdc_method: 2
>     gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
>     0x8501968486DF0281
>     gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
>     2017-01-10
>           "Dr. Basil Becker <basil at basilbecker.de
>     <mailto:basil at basilbecker.de>>"
>     gpg: AES256 encrypted data
>     # off=424 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
>     :compressed packet: algo=2
>     # off=426 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb
>     :literal data packet:
>             mode b (62), created 1486478293, name="",
>             raw data: unknown length
>     gpg: original file name=''
>     gpg: decryption okay
> 
> 
>     Some messages, however, fail to decrypt:
>     bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message-fail.txt
>     gpg: armor: BEGIN PGP MESSAGE
>     gpg: armor header: Version: GnuPG v2
>     # off=0 ctb=85 tag=1 hlen=3 plen=400
>     :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
>             data: [3104 bits]
>     gpg: public key is 0xDBC1D85BA9D1D189
>     gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
>     0x8501968486DF0281
>     # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
>     :encrypted data packet:
>             length: unknown
>             mdc_method: 2
>     gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
>     0x8501968486DF0281
>     gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
>     2017-01-10
>           "Dr. Basil Becker <basil at basilbecker.de
>     <mailto:basil at basilbecker.de>>"
>     gpg: public key decryption failed: Hardware problem
>     gpg: decryption failed: No secret key
> 
>     The only difference I see, is that the pubkey data is 3103 bits vs 3104
>     bits. Unfortunately, I have no idea, whether this is a meaningful
>     difference and if this
> 
>     If anyone could help me identifying what my problem is or even to solve
>     it, I'd appreciate it :) If you need any additional information or
>     dedicated log-output, I'm happy to provide it.
> 
>     Cheers,
>     Basil
> 
> 
>     _______________________________________________
>     Gnupg-users mailing list
>     Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>
>     http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> -- 
> Adam Sherman
> Directeur des opérations, Sauvetage bénévole Outaouais
> Director of Operations, Ottawa Volunteer SAR
> CTO, Versature Corp.
> +1 613 797 6819

-- 
Dr. Basil Becker        m: basil at basilbecker.de
Haeckelstr. 12          t: 0163 6538837
14471 Potsdam

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 634 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170208/bdd634e6/attachment-0001.sig>


More information about the Gnupg-users mailing list