Cannot decrypt file encrypted with enQsig

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Mon Jul 30 17:14:01 CEST 2018


Hi.

Am Montag, den 30.07.2018, 11:26 +0200 schrieb Felix E. Klee:
> On Sun, Jul 29, 2018 at 11:37 PM, Dirk Gottschalk via Gnupg-users
> <gnupg-users at gnupg.org> wrote:
> > > My encryption key is the sub key 04FDF78D1679DD94. The private
> > > key is
> > > on a smart card. […]
> > 
> > Does this key work as expected in other programs, MUAs for example?
> 
> I use it daily for encryption/decryption of documents, though only
> with
> GnuPG.
> 
> > I didn't test it mysqlf, but exporting a only a sub key should be
> > no
> > problem.
> 
> *But how?*
> 
> Your suggestion doesn’t seem to work:
> 
>     >gpg --export 04FDF78D1679DD94 | gpg --keyid-format long
>     gpg: WARNING: no command supplied.  Trying to guess what you mean
> ..

Try "gpg --key-id-long -a --export 04FDF78D1679DD94". But, I just
tested it and it unfortunately seems to export the whole key bundle.
I'll look deeper into this.


> > Have you tried to inspect the packets in the file with
> > "--list-packets"?
> 
> Here you go (again my encryption key is `04FDF78D1679DD94`):
> 
>     >gpg --list-packets encrypted.asc
>     # off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
>     :pubkey enc packet: version 3, algo 1, keyid BEF6EFD38FE8DCA0
>             data: [4096 bits]
>     # off=527 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
>     :pubkey enc packet: version 3, algo 1, keyid 04FDF78D1679DD94
>             data: [4095 bits]
>     # off=1054 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
>     :pubkey enc packet: version 3, algo 1, keyid 92663E7CA68E4EC6
>             data: [4096 bits]
>     # off=1581 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
>     :pubkey enc packet: version 3, algo 1, keyid 9D8C454A43A6D2DE
>             data: [4094 bits]
>     gpg: encrypted with RSA key, ID 9D8C454A43A6D2DE
>     gpg: encrypted with RSA key, ID 92663E7CA68E4EC6
>     gpg: encrypted with 4096-bit RSA key, ID 04FDF78D1679DD94,
> created 2
>     016-12-17
>           "Felix E. Klee <felix.klee at inka.de>"
>     gpg: public key decryption failed: Missing item in object
>     gpg: encrypted with 4096-bit RSA key, ID BEF6EFD38FE8DCA0,
> created 2
>     016-12-17
>           "Felix E. Klee <felix.klee at inka.de>"
>     gpg: public key decryption failed: Invalid ID
>     gpg: decryption failed: No secret key
>     # off=2108 ctb=d2 tag=18 hlen=3 plen=1718 new-ctb
>     :encrypted data packet:
>             length: 1718
>             mdc_method: 2
> 
> I wonder what “Missing item in object” means.

The file seems to be encrypted (also) for the correct subkey. I wonder
about the signature key being mentioned in the first encrypted package
line, but I didn't test if this is normal.

Probably enQsig does not format the OpenPGP packet correctly. Missing
object is an error message that I've never seen before.

Your key bundle ist okay, otherwise you should habe the same problems
with other encrypted files.

The last packet mentions your signature key as used for encryption,
this is an error for sure. Invalid ID means that the key with this ID
does nor have the capabelity to encrypt or decrypt, which is correct.
In this case you really have no secret key to decrypt the file.

EnQsif seems really to mess up the encryption thing for unknown
reasons. I'll check for a way to eyport a public subkey. This schould
work because exporting a secret subkey is also possible.

Regards,
Dirk


-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: 
https://github.com/Dirk1980ac id="-x-evo-selection-start-marker">
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180730/b12fbaf1/attachment.sig>


More information about the Gnupg-users mailing list