Non-deterministic behavior using GnuPG and a smart-card
Adam Sherman
adam at sherman.ca
Wed Feb 8 23:25:23 CET 2017
Maybe there is an algorithm that the Yubukey can't handle?
Or, maybe Enigmail is calling "gpg" instead of "gpg2"?
I'm just brainstorming.
A.
On Wed, Feb 8, 2017 at 17:06 Dr. Basil Becker <basil at basilbecker.de> wrote:
>
>
> On 08.02.2017 23:03, Adam Sherman wrote:
> > Is it always the same files that aren't decrypting, or is it truly
> random?
> >
> Yes, if I'm able to decrypt a mail, I'm always able to it. Unfortunately
> this holds also true for those mails, I can't decrypt.
>
> I should also add, that I don't have any problems, when I read the mails
> on my smartphone using K9 and Openkeychain.
>
>
> > On Wed, Feb 8, 2017 at 16:22 Dr. Basil Becker <basil at basilbecker.de
> > <mailto:basil at basilbecker.de>> wrote:
> >
> > Hello,
> >
> > Peter, thanks for the clarification. I understand your point ;)
> >
> > On 08.02.2017 20:05, Peter Lebbing wrote:
> > > Hello,
> > >
> > >> I wrote about the problem in more detail at launchpad.net
> > <http://launchpad.net>
> > >>
> https://answers.launchpad.net/ubuntu/+source/gnupg/+question/452490
> > >
> > > I think it is appreciated if you actually describe the problem on
> the
> > > mailing list itself rather than only linking to a website.
> > >
> > I'm having a setup consisting of a main key, and three sub-keys for
> > encryption, authorization and signature. The three sub-keys are
> stored
> > on a Yubikey 4 smart-card.
> >
> > Authentication and signatures work like a charme. I'm only having
> > problems concerning the decryption of mails I received. I'm using
> > thunderbird together with enigmail to read my mails, but as the
> problem
> > also occurrs at the CLI, I assume that enigmail is not part of the
> > puzzle.
> >
> > Well, some messages could be successfully decrypted:
> > bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message.txt
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v2
> > # off=0 ctb=85 tag=1 hlen=3 plen=400
> > :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
> > data: [3103 bits]
> > gpg: public key is 0xDBC1D85BA9D1D189
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: public key encrypted data: good DEK
> > # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
> > :encrypted data packet:
> > length: unknown
> > mdc_method: 2
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
> > 2017-01-10
> > "Dr. Basil Becker <basil at basilbecker.de
> > <mailto:basil at basilbecker.de>>"
> > gpg: AES256 encrypted data
> > # off=424 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
> > :compressed packet: algo=2
> > # off=426 ctb=cb tag=11 hlen=2 plen=0 partial new-ctb
> > :literal data packet:
> > mode b (62), created 1486478293, name="",
> > raw data: unknown length
> > gpg: original file name=''
> > gpg: decryption okay
> >
> >
> > Some messages, however, fail to decrypt:
> > bb at melmac:~$ gpg2 -vv --output /dev/null -d /tmp/message-fail.txt
> > gpg: armor: BEGIN PGP MESSAGE
> > gpg: armor header: Version: GnuPG v2
> > # off=0 ctb=85 tag=1 hlen=3 plen=400
> > :pubkey enc packet: version 3, algo 1, keyid DBC1D85BA9D1D189
> > data: [3104 bits]
> > gpg: public key is 0xDBC1D85BA9D1D189
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > # off=403 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
> > :encrypted data packet:
> > length: unknown
> > mdc_method: 2
> > gpg: using subkey 0xDBC1D85BA9D1D189 instead of primary key
> > 0x8501968486DF0281
> > gpg: encrypted with 3104-bit RSA key, ID 0xDBC1D85BA9D1D189, created
> > 2017-01-10
> > "Dr. Basil Becker <basil at basilbecker.de
> > <mailto:basil at basilbecker.de>>"
> > gpg: public key decryption failed: Hardware problem
> > gpg: decryption failed: No secret key
> >
> > The only difference I see, is that the pubkey data is 3103 bits vs
> 3104
> > bits. Unfortunately, I have no idea, whether this is a meaningful
> > difference and if this
> >
> > If anyone could help me identifying what my problem is or even to
> solve
> > it, I'd appreciate it :) If you need any additional information or
> > dedicated log-output, I'm happy to provide it.
> >
> > Cheers,
> > Basil
> >
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >
> > --
> > Adam Sherman
> > Directeur des opérations, Sauvetage bénévole Outaouais
> > Director of Operations, Ottawa Volunteer SAR
> > CTO, Versature Corp.
> > +1 613 797 6819
>
> --
> Dr. Basil Becker m: basil at basilbecker.de
> Haeckelstr. 12 t: 0163 6538837
> 14471 Potsdam
>
> --
Adam Sherman
Directeur des opérations, Sauvetage bénévole Outaouais
Director of Operations, Ottawa Volunteer SAR
CTO, Versature Corp.
+1 613 797 6819
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170208/80279bac/attachment-0001.html>
More information about the Gnupg-users
mailing list