Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
bad encrypted session key (bug report?)
jashley at yorktown
Apr 15, 1999, 1:23 AM
Post #1 of 2 (113 views)
Permalink
Hi,

I have a keypair generated using GPG but am having trouble communicating
with a PGP 6.0 user. I'm able to duplicate the problem at will.

Assuming I am Bob and am communicating with Alice, here is the scenario.
I encrypt a message to Alice and myself. While I can decrypt the result,
Alice cannot. The error she gets from PGP 6.0 is "encrypted session
key is bad".

I've tried to narrow down the problem and have discovered that the
problem is my particular GPG key mixed with any PGP (6.0) key.
For example,

1) if I do not encrypt to myself, then Alice can decrypt the message,
2) if I generate a different GPG key and encrypt a message to both
myself and Alice, Alice can decrypt the result,
3) I can encrypt to myself and another GPG user, and the GPG user can
decrypt, and
4) if I change Alice's key, I still cannot communicate with her.

I believe I generated the key using GPG 0.9.4 but it might have been
0.9.3. If it would be helpful, I can send along an encrypted test message
and both mine and Alice's public keys. I could send along my secret
key too if necessary since it looks like this key is broken regardless.

Mike
Re: bad encrypted session key (bug report?) [ In reply to ]
rguyom at mail
Apr 15, 1999, 3:58 PM
Post #2 of 2 (111 views)
Permalink
On Thu, Apr 15, 1999 at 03:23:43AM -0500, Mike Ashley wrote:
> Hi,
>
> I have a keypair generated using GPG but am having trouble communicating
> with a PGP 6.0 user. I'm able to duplicate the problem at will.
>
> Assuming I am Bob and am communicating with Alice, here is the scenario.
> I encrypt a message to Alice and myself. While I can decrypt the result,
> Alice cannot. The error she gets from PGP 6.0 is "encrypted session
> key is bad".

I'm confirming. This behaviour depends on arguments order :

Example :
user cipher pref key generator
-----------------------------------
Alice 3DES PGP 6.x (?)
Bob Blowfish GnuPG

~/src/gnupg/CVS $ gpg -v --encrypt -r Bob -r Alice < TODO > /dev/null
gpg: This key probably belongs to the owner
gpg: This key belongs to us
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: ELG-E/3DES encrypted for: xxxxxxxx Bob
gpg: ELG-E/3DES encrypted for: yyyyyyyy Alice

This one is OK, both PGP and GnuPG will decrypt it.

~/src/gnupg/CVS $ gpg -v --encrypt -r Alice -r Bob < TODO > /dev/null
gpg: This key belongs to us
gpg: This key probably belongs to the owner
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: ELG-E/BLOWFISH encrypted for: yyyyyyyy Alice
gpg: ELG-E/BLOWFISH encrypted for: xxxxxxxx Bob

Arg ! PGP 6.x doesn't know anything about Blowfish :-(

Even stranger : if Alice's key has CAST5 in its preference, the
message will always be encrypted with CAST5, no matter which recipient
is the last on the command-line.

--
RĂ©mi <rguyom@mail.dotcom.fr> | Don't waste your computer's time :
PGP-encrypt anything important: | http://www.distributed.net/
www.gnupg.org - KeyID:0x85BD8B1B | http://www.distributed.net/source/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal