Non-deterministic behavior using GnuPG and a smart-card
Dr. Basil Becker
basil at basilbecker.de
Wed Feb 8 23:29:40 CET 2017
On 08.02.2017 23:25, Adam Sherman wrote:
> Maybe there is an algorithm that the Yubukey can't handle?
>
Eventually, but I'm a) pretty sure that always the same software has
been used to encrypt the mails (it is done by my mail provider). And I'm
using the Yubikey on my smartphone, too.
> Or, maybe Enigmail is calling "gpg" instead of "gpg2"?
>
gpg is set to be an alias for gpg2 and enigmail states in its settings,
that it is running /usr/bin/gpg2 And some of my mails could be decrypted...
> I'm just brainstorming.
>
I appreciate it :)
Cheers,
Basil
> A.
>
> On Wed, Feb 8, 2017 at 17:06 Dr. Basil Becker <basil at basilbecker.de
> <mailto:basil at basilbecker.de>> wrote:
>
>
>
> On 08.02.2017 23:03, Adam Sherman wrote:
> > Is it always the same files that aren't decrypting, or is it truly
> random?
> >
> Yes, if I'm able to decrypt a mail, I'm always able to it. Unfortunately
> this holds also true for those mails, I can't decrypt.
>
> I should also add, that I don't have any problems, when I read the mails
> on my smartphone using K9 and Openkeychain.
>
>
> > On Wed, Feb 8, 2017 at 16:22 Dr. Basil Becker
> <basil at basilbecker.de <mailto:basil at basilbecker.de>
> > <mailto:basil at basilbecker.de <mailto:basil at basilbecker.de>>> wrote:
> >
> > Hello,
> >
> > Peter, thanks for the clarification. I understand your point ;)
> >
> > On 08.02.2017 20:05, Peter Lebbing wrote:
> > > Hello,
> > >
> > >> I wrote about the problem in more detail at launchpad.net
> <http://launchpad.net>
> > <http://launchpad.net>
> > >>
> https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490
> > >
> > > I think it is appreciated if you actually describe the
> problem on the
> > > mailing list itself rather than only linking to a website.
> > >
> > I'm having a setup consisting of a main key, and three
> sub-keys for
> > encryption, authorization and signature. The three sub-keys
> are stored
> > on a Yubikey 4 smart-card.
> >
> > Authentication and signatures work like a charme. I'm only having
> > problems concerning the decryption of mails I received. I'm using
> > thunderbird together with enigmail to read my mails, but as
> the problem
> > also occurrs at the CLI, I assume that enigmail is not part of the
> > puzzle.
> >
> > Well, some messages could be successfully decrypted:
> > bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message.txt
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v2
> > # off=0 ctb=85 tag=1 hlen=3 plen=400
> > :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
> > data: [3103 bits]
> > gpg: public key is 0xDBC1D85BA9D1D189
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: public key encrypted data: good DEK
> > # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
> > :encrypted data packet:
> > length: unknown
> > mdc_method: 2
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189,
> created
> > 2017-01-10
> > "Dr. Basil Becker <basil at basilbecker.de
> <mailto:basil at basilbecker.de>
> > <mailto:basil at basilbecker.de <mailto:basil at basilbecker.de>>>"
> > gpg: AES256 encrypted data
> > # off=424 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
> > :compressed packet: algo=2
> > # off=426 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb
> > :literal data packet:
> > mode b (62), created 1486478293, name="",
> > raw data: unknown length
> > gpg: original file name=''
> > gpg: decryption okay
> >
> >
> > Some messages, however, fail to decrypt:
> > bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message-fail.txt
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v2
> > # off=0 ctb=85 tag=1 hlen=3 plen=400
> > :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
> > data: [3104 bits]
> > gpg: public key is 0xDBC1D85BA9D1D189
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
> > :encrypted data packet:
> > length: unknown
> > mdc_method: 2
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189,
> created
> > 2017-01-10
> > "Dr. Basil Becker <basil at basilbecker.de
> <mailto:basil at basilbecker.de>
> > <mailto:basil at basilbecker.de <mailto:basil at basilbecker.de>>>"
> > gpg: public key decryption failed: Hardware problem
> > gpg: decryption failed: No secret key
> >
> > The only difference I see, is that the pubkey data is 3103
> bits vs 3104
> > bits. Unfortunately, I have no idea, whether this is a meaningful
> > difference and if this
> >
> > If anyone could help me identifying what my problem is or even
> to solve
> > it, I'd appreciate it :) If you need any additional information or
> > dedicated log-output, I'm happy to provide it.
> >
> > Cheers,
> > Basil
> >
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>
> <mailto:Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>>
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >
> > --
> > Adam Sherman
> > Directeur des opérations, Sauvetage bénévole Outaouais
> > Director of Operations, Ottawa Volunteer SAR
> > CTO, Versature Corp.
> > +1 613 797 6819
>
> --
> Dr. Basil Becker m: basil at basilbecker.de
> <mailto:basil at basilbecker.de>
> Haeckelstr. 12 t: 0163 6538837
> 14471 Potsdam
>
> --
> Adam Sherman
> Directeur des opérations, Sauvetage bénévole Outaouais
> Director of Operations, Ottawa Volunteer SAR
> CTO, Versature Corp.
> +1 613 797 6819
--
Dr. Basil Becker m: basil at basilbecker.de
Haeckelstr. 12 t: 0163 6538837
14471 Potsdam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 634 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170208/5f509f9f/attachment.sig>
More information about the Gnupg-users
mailing list