Cannot decrypt with 1.4.21 but with 1.2.2

Öberg Fredrik Fredrik.Oberg at regionostergotland.se
Thu Feb 16 12:13:01 CET 2017


I work in an organization where we sometimes receive and send encrypted files. This is far from our core business and we are no experts on this, so please bear with me.
For managing the files, we use scripts calling gpg.exe. This is a Windows environment.
We have been running version 1.2.2 for ages but as we upgraded our server, we decided to upgrade GnuPG to 1.4.21. We use the simple installer for GnuPG Classic.

Yesterday we received an encrypted file which we couldn't decrypt. This is what happens:

C:\>c:\GnuPG_2016\gpg --homedir=C:\Keyring -d -v -v -o output.txt input.gpg
:pubkey enc packet: version 3, algo 16, keyid xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        data: [2048 bits]
        data: [2048 bits]
gpg: public key is xxxxxxxx
gpg: using subkey xxxxxxxx instead of primary key xxxxxxxx

You need a passphrase to unlock the secret key for
user: "My organization"
2048-bit ELG-E key, ID xxxxxxxx, created 2009-09-16 (main key ID xxxxxxxx)

gpg: public key encrypted data: good DEK
:encrypted data packet:
        length: unknown
gpg: encrypted with 2048-bit ELG-E key, ID xxxxxxxx, created 2009-09-16
      "My organization"
gpg: 3DES encrypted data
gpg: [don't know]: invalid packet (ctb=1b)
gpg: decryption okay
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=68)

Just to be sure, this is 1.4.21:

C:\>c:\GnuPG_2016\gpg --version
gpg (GnuPG) 1.4.21

My first guess was that the file was corrupted in some way, as we get if by ftp from one of our partners. After hashing and re-transfering the file we could rule out file corruption during transfer. Then I decided to try to decrypt the file using an older version of GnuPG, 1.2.2. Then decryption works with no problem:

C:\>c:\gnupg\gpg -d -v -v -o output.txt input.gpg
:pubkey enc packet: version 3, algo 16, keyid xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        data: [2048 bits]
        data: [2048 bits]
gpg: public key is xxxxxxxx
gpg: using secondary key xxxxxxxx instead of primary key xxxxxxxx

You need a passphrase to unlock the secret key for
user: "My organization"
gpg: using secondary key xxxxxxxx instead of primary key xxxxxxxx
2048-bit ELG-E key, ID xxxxxxxx, created 2009-09-16 (main key ID xxxxxxxx)

gpg: public key encrypted data: good DEK
:encrypted data packet:
        length: unknown
gpg: encrypted with 2048-bit ELG-E key, ID xxxxxxxx, created 2009-09-16
      "My organization"
gpg: 3DES encrypted data
:literal data packet:
        mode b, created xxxxxxxx, name="",
        raw data: 0 bytes
gpg: original file name=''
gpg: decryption okay
gpg: WARNING: message was not integrity protected

Version is 1.2.2:
C:\temp>c:\gnupg\gpg --version
gpg (GnuPG) 1.2.2

Can anybody explain what is happening? Why can we decrypt the file with an older version, but not with the newest one?

Regards
/Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170216/1b7fbe2a/attachment-0001.html>


More information about the Gnupg-users mailing list