All my Passwords are lost

Vincent Pelletier plr.vincent at
Sun Apr 25 10:41:06 CEST 2021

On Sat, 24 Apr 2021 15:19:07 -0700, "C.J. Collier" <cjac at> wrote:
> you could maybe ask a pause admin to decrypt and
> re-encrypt to a key that you own, sending you back the encrypted file.

Two ideas from a gpg-internal *UN*aware point of view:
- I assume gpg file encryption works by generating a random symmetric
  cipher key, encrypting the file with this symmetric cipher, and
  only encrypting the symmetric cipher's key with the asymmetric cipher
  public key.
  If so, then the encrypted symmetric key could in theory (...again, I
  do not know enough of gnupg internals) be extracted and be the only
  thing sent for decryption and sent back deciphered.
  Of course, it means that if the file was leaked encrypted, then this
  deciphered key intercepted, then the file is completely leaked.
- Is the asymmetric algorithm transitive ? If it is, then again
  starting from an extracted encrypted key, it could be encrypted again
  with the good public key, then sent for decryption. The key received
  back would still be encrypted by the good public key. It can then
  finally be deciphered, allowing the symmetric cipher to decipher the data.
  This would solve the plain-text vulnerability of the previous point.

I believe (again, not an expert) decryption and signature use different
parameters in gpg, so from the pause admin point of view they should
not be worried about inadvertently signing a hash, but actually
deciphering a symmetric key (which can otherwise be a concern).
Vincent Pelletier
GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1

More information about the Gnupg-users mailing list